DOD need for info-sharing speed backfired with WikiLeaks

Senior official tells Senate committee that Pentagon's lax information security was a risk that cost too much

A senior Defense Department official has told a Senate committee the department sought speed and agility in its information-sharing systems, and that ended up biting DOD in the case of WikiLeaks.

“We took a risk that by putting the information out there to provide agility and flexibility, so the military forces could reach into any database,” and make it mobile, Tom Ferguson, principle deputy undersecretary for intelligence at DOD, said March 10 during a  hearing on how the government shares and protects its information. The Senate Homeland Security and Governmental Affairs Committee held the hearing to look at how the leak has affected sharing of information among agencies.

The military wanted to give military officials easy access to DOD’s Secret Internet Protocol Router Network, a database of classified information. Officers could download the data and move it across different secret domains and between coalition domains, too. The point was to let officials do it quickly, Ferguson said.

Taking that risk failed when Army Pvt. Bradley Manning allegedly stole millions of classified government documents and WikiLeaks released the information, officials said at the hearing.


Related stories:

Report: WikiLeaks source exploited security flaw

Info sharing: Compartmentalization vs. common sense


In 2008, DOD began protecting networks workstations with the Host Based Security System. It provides technical controls over the workstations, and it reports on machine configurations to allow monitoring. For example, HBSS could disable the use of removable media, experts testified. However, not all the systems, particularly the networks on the battlefield, are protected because there is no central, uniform system but rather numerous systems cobbled together, Ferguson said.

“The key is a failure on the part of not monitoring and following security regulations,” Ferguson said.

Senators were concerned that DOD and other agencies may tighten their hold on their own classified documents. But they also talked about the fears of returning to the days of stovepiped cultures when agencies shared no information.

Sen. Joe Lieberman (I-Conn.), the committee's chairman, warned officials about reverting to the time before the terrorist attacks of 2001 when agencies hoarded information, and also said they need to find a way to balance security concerns with the needs of a connected government, particularly in contingency operations.

“The bottom line is we cannot walk away from the progress we have made that has saved lives,” he said.

Terri Takai, CIO and acting assistant secretary for networks and information integration at DOD, said officials still are working to protect data while sharing it. DOD is moving toward a technology that looks for odd and unusual behavior around information networks, similar to credit card companies that watch for strange purchases.

Officials have wrestled with the issue of sharing and protecting data long before the WikiLeaks disclosure, said Corin Stone, intelligence community information sharing executive in the Office of the Director of National Intelligence. They have narrowed issues down to allowing the right people access to the networks, setting up technical protections against removing mass amounts of data, and auditing and monitoring users' activities.

Overall, she said officials must never use lose sight of the cenral point of sharing and protecting sensitive, classified information.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.

Reader Comments

Mon, Mar 14, 2011

“The key is a failure on the part of not monitoring and following security regulations,” Ferguson said.

D-u-u-h-h-h!! You don't say! Allowing just anyone to willy, nilly have unrestricted download rights is insane. That completely eleminates network security as overwatch for aberant behavior. So, it wasn't even questionable that Pvt Manning would download gigabytes of data from external classified sources and then burn the data to a CD/DVD. Apparantly, that is the precise behavior being promoted to "share" data efficiently. N-O-O-0! Yes, permit an efficient accountable procedure for downloading and removing information but, do not allow just anyone to download and remove unmontored information. Accoutability does not equal "stovepiping." There wasn't even a countersigned log let alone audits of CD/DVD (or USB memory sticks) burning events. Give me a break! Why even have 'classified' information if there is basicly unfettered open access to it?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above