White House orders new computer security rules
WASHINGTON — The White House plans to issue an executive order Friday to replace a flawed patchwork of computer security safeguards exposed by the disclosure of hundreds of thousands of classified government documents to WikiLeaks last year.
The order by President Barack Obama culminates a seven-month governmentwide review of policies and procedures involving the handling of classified information.
The directive enshrines many stopgap fixes that the Pentagon, the State Department and the Central Intelligence Agency made immediately after the initial WikiLeaks disclosures last November. Since then, for instance, the military has disabled 87 percent of its computers to prevent people from downloading classified data onto memory sticks, CDs or DVDs.
The Pentagon has also developed procedures to monitor and detect suspicious behavior on classified computer systems. And the State Department stopped distributing its diplomatic cables over a classified email system used by many in the military, including Pfc. Bradley E. Manning, who is accused of leaking the classified documents to WikiLeaks.
Computer security analysts say these safeguards, as well as others in the executive order aimed at bringing greater consistency and accountability to information sharing and protection policies, are long overdue and lag behind what is routine in the private sector.
“The real surprise continues to be that relatively elementary procedures should have been in place and were not,” said Ravi Sandhu, executive director of the Institute for Cyber Security at the University of Texas at San Antonio.
In addition to these immediate measures, Obama’s order creates a task force led by the attorney general and the director of national intelligence to combat leaks from government workers, or what the White House calls an “insider threat.”
The directive also establishes a special government committee that must submit a report to the president within 90 days, and then at least once a year after that, assessing federal successes and failures in protecting classified information on government computer networks.
According to government prosecutors, the three big WikiLeaks document dumps were disguised as a Lady Gaga CD and smuggled out of a military intelligence office in Iraq by Manning. Computer security analysts say the case revealed major lapses in securing classified data in war zones.