Diplomatic messages released Sunday (28th November 2010) by WikiLeaks
have been traced to a United States defence department network and all
federal agencies have been ordered to evaluate their configuration of
classified government systems as a result.
This follows the Cablegate leaks of 251,287 confidential American
diplomatic cables, thought to be potentially harmful to international
relations by the White House.
Director of Office Management and Budget, Jacob Lew, has since
ordered all federal agencies to conduct a full scale review of their
information security procedures. Lew wrote in a memo that “any failure by agencies to safeguard classified information…is unacceptable and will not be tolerated”.
All agencies have been instructed to establish a security assessment
team consisting of counterintelligence, security, and information
assurance experts that will review their implementation of “procedures
for safeguarding classified information against improper disclosures”.
Lew also directed agencies to scale back access to classified
material, ensuring that users do not have
broader access than is necessary. Also, his memo states that there
ought to be “implementation of restrictions on usage of, and removable
media capabilities from, classified government computer networks” —
therefore removing the security loop holes that allow information to be
downloaded and distributed.
The orders come after news that the confidential information was
downloaded from SIPRNet (Secret Internet Protocol Router Network) — a
technology similar to the internet and designed for exchange of
information by US military and civilian
personnel including overseas missions — by Bradley Manning, an
intelligence analyst arrested in Iraq in June for an earlier
A former hacker, Adrian Lamo, claimed Manning said in online chats that he removed information by burning it onto a CD. Also, an online security system meant to detect suspicious use of SIPRNet was allegedly switched off on computers used by the US military in Iraq, reported the UK’s Guardian newspaper.
This calls into question security protocols and makes good of US intelligence analyst Catherine Lotrionte’s comment to the BBC
News in July that data sharing was necessary for effective intelligence
work and the risk of SIPRNet making data breaches easier was “the cost
of doing business”.
This “cost of doing business” is now apparent in Manning’s easy access to information classified up to “secret level”.
Speaking at a university in Kazakhstan on Tuesday (30th November 2010), US
Secretary of State, Hiliary Clinton, commented on WikiLeaks: “In the
Internet age, it was (sic) difficult to balance freedom
“It appears that access to certain information may have been too broadly defined,” Stephen Fletcher, State of Utah’s CIO, told FutureGov Asia Pacific. “In this case, a junior person was probably given more trust than warranted.”
Marked SIPDIS, embassy dispatches can be accessed not only by anyone in the state department, but also by anyone in the US
military who has security clearance up to the ‘Secret’ level, a
password, and a computer connected to SIPRNet — covering over three
SIPRNet was set up in the 1990s and expanded post 9/11 so that
classified information can be shared easily. The network’s goal was to
have information silos broken down and failures of communication between
intelligence agencies prevented.