Risk
3/14/2011
07:34 PM
50%
50%

DOD Taking Steps To Prevent Another Cablegate

The Department of Defense is implementing new security technology to keep insider data breaches from occurring in the future, said new CIO Teri Takai.

The Department of Defense (DOD) is taking decisive action to secure department networks so a leak like last year's Cablegate scandal doesn't happen again, new DOD CIO Teri Takai said last week.

Speaking to the Senate Homeland Security and Governmental Affairs committee, Takai -- who recently took her position after serving as California CIO -- said the DOD is currently in the midst of deploying new security technology to the DOD classified network, SIPRNet, to prevent future insider breaches.

"The unauthorized release of U.S. information by WikiLeaks has adversely affected our global engagement and national security and endangered the lives of individuals who have sought to cooperate with the United States," she said. "It is of vital importance to DoD and the entire U.S. Government that we keep our sensitive and classified information secure, while at the same time ensuring that the right people have the timely access they need to help keep our country and its citizens safe."

Indeed, the DOD had a rough year last year in its ongoing fight with Wikileaks, which posts classified documents from a number of organizations, including the federal government.

In late July 2010, Wikileaks released thousands of classified DOD documents related to the war in Afghanistan, then followed that up by publishing 400,000 classified Iraq logs in October.

But it was the release of thousands of classified U.S. embassy cables in late November that spurred the international incident that became known as Cablegate, which caused many to seriously question security at the DOD. Army Private First Class Bradley Manning was arrested last June and is suspected of leaking the information after removing it from SIPRNet.

After conducting studies on how it can improve network security, the DOD has begun to implement a Host Based Security System to all of its workstations to prevent people from removing large amounts of data from SIPRNet by rewriting it to a removable storage device, Takai told the committee. Her testimony is available online.

Takai described how the system works. She said it provides "very positive technical control" over the machines and provides reports on workstation configurations that can be monitored centrally.

Although the system will allow the removal of data from some machines, HBSS will report in real time each operation, Takai said. It also will report every unauthorized attempt to move data and rewrite it.

The DoD also has a back-up plan to ensure another Cablegate won't happen while it waits for a full deployment of the new system, she added.

"Where HBSS is not yet fully deployed other means are used to disable write capability, such as removing the software used to write to CDs, removing the drives themselves from the machines, or blocking access to external devices in workstation configuration files," Takai said in her testimony.

The DOD also has started issuing Public Key Infrastructure (PKI)-based identity credentials on smart cards to people who have access to SIPRNet users, with a plan to issue 500,000 cards and equip workstations with accompanying card readers and software by the end of 2012, she said. This will replace the password-controlled system users utilize now to access SIPRNet, which does not provide adequate access control.

The new system "will provide very strong identification of the person accessing the network and requesting data," Takai said. "It will both deter bad behavior and require absolute identification of who is accessing data and managing that access."

Her testimony marked one of Takai's first public appearances since taking her post on November 5. President Obama nominated Takai in March 2010 for the DOD CIO position. However, in September amid an ongoing reorganization within the department's IT operations and organizational structure, her nomination was withdrawn.

Then in a somewhat surprising move on Oct. 25, Takai announced to her California staff that she was leaving her position and taking the DoD CIO position after all.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
To Be Ready for the Security Future, Pay Attention to the Security Past
Liz Maida, Co-founder, CEO & CTO, Uplevel Security,  9/18/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.