Risk
3/14/2011
07:34 PM
Connect Directly
RSS
E-Mail
50%
50%

DOD Taking Steps To Prevent Another Cablegate

The Department of Defense is implementing new security technology to keep insider data breaches from occurring in the future, said new CIO Teri Takai.

The Department of Defense (DOD) is taking decisive action to secure department networks so a leak like last year's Cablegate scandal doesn't happen again, new DOD CIO Teri Takai said last week.

Speaking to the Senate Homeland Security and Governmental Affairs committee, Takai -- who recently took her position after serving as California CIO -- said the DOD is currently in the midst of deploying new security technology to the DOD classified network, SIPRNet, to prevent future insider breaches.

"The unauthorized release of U.S. information by WikiLeaks has adversely affected our global engagement and national security and endangered the lives of individuals who have sought to cooperate with the United States," she said. "It is of vital importance to DoD and the entire U.S. Government that we keep our sensitive and classified information secure, while at the same time ensuring that the right people have the timely access they need to help keep our country and its citizens safe."

Indeed, the DOD had a rough year last year in its ongoing fight with Wikileaks, which posts classified documents from a number of organizations, including the federal government.

In late July 2010, Wikileaks released thousands of classified DOD documents related to the war in Afghanistan, then followed that up by publishing 400,000 classified Iraq logs in October.

But it was the release of thousands of classified U.S. embassy cables in late November that spurred the international incident that became known as Cablegate, which caused many to seriously question security at the DOD. Army Private First Class Bradley Manning was arrested last June and is suspected of leaking the information after removing it from SIPRNet.

After conducting studies on how it can improve network security, the DOD has begun to implement a Host Based Security System to all of its workstations to prevent people from removing large amounts of data from SIPRNet by rewriting it to a removable storage device, Takai told the committee. Her testimony is available online.

Takai described how the system works. She said it provides "very positive technical control" over the machines and provides reports on workstation configurations that can be monitored centrally.

Although the system will allow the removal of data from some machines, HBSS will report in real time each operation, Takai said. It also will report every unauthorized attempt to move data and rewrite it.

The DoD also has a back-up plan to ensure another Cablegate won't happen while it waits for a full deployment of the new system, she added.

"Where HBSS is not yet fully deployed other means are used to disable write capability, such as removing the software used to write to CDs, removing the drives themselves from the machines, or blocking access to external devices in workstation configuration files," Takai said in her testimony.

The DOD also has started issuing Public Key Infrastructure (PKI)-based identity credentials on smart cards to people who have access to SIPRNet users, with a plan to issue 500,000 cards and equip workstations with accompanying card readers and software by the end of 2012, she said. This will replace the password-controlled system users utilize now to access SIPRNet, which does not provide adequate access control.

The new system "will provide very strong identification of the person accessing the network and requesting data," Takai said. "It will both deter bad behavior and require absolute identification of who is accessing data and managing that access."

Her testimony marked one of Takai's first public appearances since taking her post on November 5. President Obama nominated Takai in March 2010 for the DOD CIO position. However, in September amid an ongoing reorganization within the department's IT operations and organizational structure, her nomination was withdrawn.

Then in a somewhat surprising move on Oct. 25, Takai announced to her California staff that she was leaving her position and taking the DoD CIO position after all.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

CVE-2014-0600
Published: 2014-08-29
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

CVE-2014-0888
Published: 2014-08-29
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.

CVE-2014-0897
Published: 2014-08-29
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection me...

CVE-2014-3024
Published: 2014-08-29
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitr...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.