Risk
3/14/2011
07:34 PM
Connect Directly
RSS
E-Mail
50%
50%

DOD Taking Steps To Prevent Another Cablegate

The Department of Defense is implementing new security technology to keep insider data breaches from occurring in the future, said new CIO Teri Takai.

The Department of Defense (DOD) is taking decisive action to secure department networks so a leak like last year's Cablegate scandal doesn't happen again, new DOD CIO Teri Takai said last week.

Speaking to the Senate Homeland Security and Governmental Affairs committee, Takai -- who recently took her position after serving as California CIO -- said the DOD is currently in the midst of deploying new security technology to the DOD classified network, SIPRNet, to prevent future insider breaches.

"The unauthorized release of U.S. information by WikiLeaks has adversely affected our global engagement and national security and endangered the lives of individuals who have sought to cooperate with the United States," she said. "It is of vital importance to DoD and the entire U.S. Government that we keep our sensitive and classified information secure, while at the same time ensuring that the right people have the timely access they need to help keep our country and its citizens safe."

Indeed, the DOD had a rough year last year in its ongoing fight with Wikileaks, which posts classified documents from a number of organizations, including the federal government.

In late July 2010, Wikileaks released thousands of classified DOD documents related to the war in Afghanistan, then followed that up by publishing 400,000 classified Iraq logs in October.

But it was the release of thousands of classified U.S. embassy cables in late November that spurred the international incident that became known as Cablegate, which caused many to seriously question security at the DOD. Army Private First Class Bradley Manning was arrested last June and is suspected of leaking the information after removing it from SIPRNet.

After conducting studies on how it can improve network security, the DOD has begun to implement a Host Based Security System to all of its workstations to prevent people from removing large amounts of data from SIPRNet by rewriting it to a removable storage device, Takai told the committee. Her testimony is available online.

Takai described how the system works. She said it provides "very positive technical control" over the machines and provides reports on workstation configurations that can be monitored centrally.

Although the system will allow the removal of data from some machines, HBSS will report in real time each operation, Takai said. It also will report every unauthorized attempt to move data and rewrite it.

The DoD also has a back-up plan to ensure another Cablegate won't happen while it waits for a full deployment of the new system, she added.

"Where HBSS is not yet fully deployed other means are used to disable write capability, such as removing the software used to write to CDs, removing the drives themselves from the machines, or blocking access to external devices in workstation configuration files," Takai said in her testimony.

The DOD also has started issuing Public Key Infrastructure (PKI)-based identity credentials on smart cards to people who have access to SIPRNet users, with a plan to issue 500,000 cards and equip workstations with accompanying card readers and software by the end of 2012, she said. This will replace the password-controlled system users utilize now to access SIPRNet, which does not provide adequate access control.

The new system "will provide very strong identification of the person accessing the network and requesting data," Takai said. "It will both deter bad behavior and require absolute identification of who is accessing data and managing that access."

Her testimony marked one of Takai's first public appearances since taking her post on November 5. President Obama nominated Takai in March 2010 for the DOD CIO position. However, in September amid an ongoing reorganization within the department's IT operations and organizational structure, her nomination was withdrawn.

Then in a somewhat surprising move on Oct. 25, Takai announced to her California staff that she was leaving her position and taking the DoD CIO position after all.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.