DOD’s New Anti-Leak Plan: Turn Michael Vickers into a Blogger

DOD just rolled out its new plan to combat national security leaks. (h/t Jason Leopold) At its core is a “top-down” approach: to have the Under Secretary for Defense of Intelligence, Mike Vickers, to review all major reporting to look for leaks.

To ensure greater accountability and tracking of unauthorized disclosures, Secretary Panetta is directing a new “top down” approach as well.  The Undersecretary of Defense for Intelligence, in consultation with the Assistant Secretary for Public Affairs, will monitor all major, national level media reporting for unauthorized disclosures of defense department classified information.

One one level this seems like a good idea. I mean, I’m a blogger, and I usually have a better idea of who’s leaking than the people overseeing Executive Branch agencies. But hey, I don’t want to shortchange journalists; Walter Pincus performs a nice bit of leak debunkery with this piece, for example.

But there does seem to be one problem with the plan to have Mike Vickers watch for any security breaches. Doesn’t he have a day job? Isn’t he supposed to be watching the Taliban and China and cyberattacks? Have we gotten so paranoid that one of our top intelligence people is going to spend his time watching journalists than watching our military enemies?

On another issue, though, DOD is to be congratulated. Today’s release also revealed that, within the last few months, it has put in place the no-brainer security fixes that it promised in response to the WikiLeaks breach.

Lockdown of removable storage device use on the Defense Secure Network (SIPRNET).  The department has deployed a host-based security system (HBSS) tool to virtually monitor every defense department computer.  HBSS prevents the downloading of information onto removable storage like DVDs, CDs, and memory sticks, with very limited exceptions.  The tool also sends an alarm any time someone tries to write classified information to such removable storage.  For authorized exceptions, the tool audits any downloads of information.

Improved monitoring of DoD networks.  The department issued a cyber identity credential (Public Key Infrastructure certificate) to every person operating on the department unclassified network.  That process is underway for the classified network as well. Department personnel are working with other federal departments and agencies to help them issue the same cyber identity credential to all employees who need to access any of the government’s secret networks.

Improving the auditing of information accesses so as to spot anomalous behavior.  Department information officers are assessing the use of HBSS and other tools to collect and centralize data about information accesses to more quickly improve detection of malicious insiders.

Though of course, DOD promised to impose some controls on removable media in 2008, when someone introduced malware into DOD’s networks via a thumb drive. So after 4 years, DOD should be congratulated for finally closing the Lady Gaga security hole.

8 replies
  1. noble_serf says:

    On leaks, I suspect it is high level people most of the time and that won’t stop. Besides, when low level people do it, don’t they get prosecuted?

  2. bmaz says:

    Oh, lookee here, Bandar Bush is back!

    Saudi Arabia’s King Abdullah appointed a veteran former Saudi ambassador to Washington as the head of the country’s intelligence agencies Thursday, restoring an internationally popular Saudi to prominence as the kingdom pushes for stronger action on Syria.

    Prince Bandar bin Sultan, who was popular with Western leaders as Saudi envoy to the U.S. from 1983 to 2005, succeeds Prince Muqrin bin Abdulaziz al Saud.

    Prince Muqrin has been criticized privately by diplomats, and publicly by Saudis on Twitter, for perceived ineffectiveness as the head of Saudi intelligence. Prince Muqrin will serve instead as an adviser to the king, the official …

  3. brian_damage says:

    Improved monitoring of DoD networks?

    Does this include logging of the data queries made by each user so that a compendium of evidence can be used to track inappropriate use? Like say queries against bloggers and suspected whistleblowers and personal vendettas?

  4. Frank33 says:

    The brave info warriors of the Military Industrial Complex already monitor every national security reporter, and every website not controlled by neo-cons. They read every article, they get every bit of personal information they can, and they use it. They follow every reporter closely. The Collateral Murder video, released by Wikileaks, suggests they even assassinate reporters, if convenient for the Assassins of the Pentagon.

    As for Sirpnet, it is a delusion to think it can ever be “secure”. Sirpnet has millions of users, including non-Americans. Any computer network, using Microsoft products, or even open source, cannot guarantee that classified information is protected. The whole point of a computer network is openness and freedom of information.

  5. earlofhuntingdon says:

    By all means. Let’s formalize a practice that any competent War Department and its related agencies would already be engaged in: combing the official press – MSM, bloggers, alternative media – for items that comment on its toing and froing. Not only might such a War Department conclude that news stories contain information that must have leaked from its innards, it might well persuade the media to ask it before publishing “contentious” stories, to report true whistleblowers, to not publish their allegations of crime, corruption and official wrongdoing, and to continue reporting official leakers anonymous claims to be promoting truth, justice and the American way.

Comments are closed.