Risk
3/14/2011
07:34 PM
Connect Directly
RSS
E-Mail
50%
50%

DOD Taking Steps To Prevent Another Cablegate

The Department of Defense is implementing new security technology to keep insider data breaches from occurring in the future, said new CIO Teri Takai.

The Department of Defense (DOD) is taking decisive action to secure department networks so a leak like last year's Cablegate scandal doesn't happen again, new DOD CIO Teri Takai said last week.

Speaking to the Senate Homeland Security and Governmental Affairs committee, Takai -- who recently took her position after serving as California CIO -- said the DOD is currently in the midst of deploying new security technology to the DOD classified network, SIPRNet, to prevent future insider breaches.

"The unauthorized release of U.S. information by WikiLeaks has adversely affected our global engagement and national security and endangered the lives of individuals who have sought to cooperate with the United States," she said. "It is of vital importance to DoD and the entire U.S. Government that we keep our sensitive and classified information secure, while at the same time ensuring that the right people have the timely access they need to help keep our country and its citizens safe."

Indeed, the DOD had a rough year last year in its ongoing fight with Wikileaks, which posts classified documents from a number of organizations, including the federal government.

In late July 2010, Wikileaks released thousands of classified DOD documents related to the war in Afghanistan, then followed that up by publishing 400,000 classified Iraq logs in October.

But it was the release of thousands of classified U.S. embassy cables in late November that spurred the international incident that became known as Cablegate, which caused many to seriously question security at the DOD. Army Private First Class Bradley Manning was arrested last June and is suspected of leaking the information after removing it from SIPRNet.

After conducting studies on how it can improve network security, the DOD has begun to implement a Host Based Security System to all of its workstations to prevent people from removing large amounts of data from SIPRNet by rewriting it to a removable storage device, Takai told the committee. Her testimony is available online.

Takai described how the system works. She said it provides "very positive technical control" over the machines and provides reports on workstation configurations that can be monitored centrally.

Although the system will allow the removal of data from some machines, HBSS will report in real time each operation, Takai said. It also will report every unauthorized attempt to move data and rewrite it.

The DoD also has a back-up plan to ensure another Cablegate won't happen while it waits for a full deployment of the new system, she added.

"Where HBSS is not yet fully deployed other means are used to disable write capability, such as removing the software used to write to CDs, removing the drives themselves from the machines, or blocking access to external devices in workstation configuration files," Takai said in her testimony.

The DOD also has started issuing Public Key Infrastructure (PKI)-based identity credentials on smart cards to people who have access to SIPRNet users, with a plan to issue 500,000 cards and equip workstations with accompanying card readers and software by the end of 2012, she said. This will replace the password-controlled system users utilize now to access SIPRNet, which does not provide adequate access control.

The new system "will provide very strong identification of the person accessing the network and requesting data," Takai said. "It will both deter bad behavior and require absolute identification of who is accessing data and managing that access."

Her testimony marked one of Takai's first public appearances since taking her post on November 5. President Obama nominated Takai in March 2010 for the DOD CIO position. However, in September amid an ongoing reorganization within the department's IT operations and organizational structure, her nomination was withdrawn.

Then in a somewhat surprising move on Oct. 25, Takai announced to her California staff that she was leaving her position and taking the DoD CIO position after all.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.