White House issues executive order in wake of WikiLeaks reports
Seventeen months after U.S. Army Pfc. Bradley Manning was arrested for allegedly downloading reams of classified information that WikiLeaks would later share with the world, the Obama administration issued a directive Friday that seeks to improve how the government protects secrets on its computer networks.
The executive order, the product of a task force formed in the wake of the WikiLeaks reports, seeks to standardize how agencies protect classified data while also promoting the sharing of intelligence, the White House said in a statement.
Those two values -- protecting secrets and distributing them to people who need them across separate agencies -- can sometimes conflict, particularly if the government is reckless. In the aforementioned incident, the State Department put its entire database of secret cables on a classified military network that was available to tens of thousands of people. The military lacked safeguards preventing users from downloading information from the secure network onto DVDs.
That was allegedly how Manning, an intelligence analyst in Iraq, was able to walk off with a huge cache of material, including military reports from Afghanistan and Iraq, a video of a helicopter attack -- and the diplomatic cables, which laid bare many facets of U.S. diplomacy that American officials never wished to be made public.
Even before Friday, the White House said, the government had toughened restrictions on using “removable media” such as thumb drives or discs when accessing classified information. Agencies also installed software designed to detect unauthorized behavior from “insiders” in their networks.
Friday’s order requires agencies to designate a senior official to oversee classified information sharing and safeguarding; implement an insider-threat detection and prevention program; and perform self-assessments of compliance with policy and standards, the White House says.
The order also establishes a special government committee that must report to the president within 90 days, and then at least once a year after that, examining federal performance in protecting classified information on computer networks.
The directive comes a few days after the Government Accountability Office said in a report that “weaknesses in information security policies and practices at 24 major federal agencies continue to place the confidentiality, integrity, and availability of sensitive information and information systems at risk.”
Information security incidents at federal agencies have risen 650% since fiscal year 2006, said the report, which focused on unclassified networks. Agencies have failed to implement the majority of the “hundreds” of recommendations GAO has made to shore up computer security.
The White House also released a fact sheet on the executive order. It offers these "guiding principles" in the review of the policies and practices surrounding the handling of classified information:
- Reinforce the importance of responsible information sharing and not undo all of the significant and important progress we’ve made in interagency information sharing since 9/11;
- Ensure that policies, processes, technical security solutions, oversight, and organizational cultures evolve to match our information sharing and safeguarding requirements;
- Emphasize that effective and consistent guidance and implementation must be coordinated across the entire Federal government. We are only as strong as our weakest link and this is a shared risk with shared responsibility; and;
- Continue to respect the privacy, civil rights, and civil liberties of the American people.
-- Ken Dilanian in Washington
Photo: The White House, as seen in a file photo. Credit: Ron Edmonds / Associated Press