Following the unlawful disclosure of classified information by WikiLeaks in the summer of 2010, the National Security Staff formed an interagency committee to review the policies and practices surrounding the handling of classified information, and to recommend government-wide actions to reduce the risk of a future breach. Since then, this effort has been a top priority of the Administration and senior agency officials have been actively engaged in developing policies and oversight mechanisms to enhance our national security through responsible sharing and safeguarding of classified information.
The strategic imperative of our efforts has been to ensure that we provide adequate protections to our classified information while at the same time sharing the information with all who reasonably need it to do their jobs. The guiding principles during the Administration’s review were to:
The committee that was established in the wake of WikiLeaks proposed a new oversight structure to orchestrate the development and implementation of policies and standards for the sharing and safeguarding of classified information on computer networks. These structural reforms are reflected in the Executive Order signed today by President Obama.
In accordance with today’s Executive Order:
We did not, however, wait for today’s Executive Order to begin taking steps. The Senior Information Sharing and Safeguarding Steering Committee formally established today began meeting informally in June to track steps taken across the Federal Government. In addition to those measures identified in today’s Executive Order, significant progress has been made by U.S. Departments and Agencies in five priority areas:
Departments and Agencies have made significant progress in clarifying and standardizing removable media policies, processes, and technical controls. We have limited the numbers of users with removable media permissions and strengthened accountability for violations.
2.Online Identity Management
The owners and operators of classified systems are accelerating efforts to strengthen the online verification of individuals logging on to classified systems, and to be able to track what information is being accessed by these individuals.
3.Insider Threat Program
As directed in the Executive Order, the Attorney General and the Director of National Intelligence are actively establishing an interagency Insider Threat Task Force.This Task Force will integrate specialized abilities, tools, and techniques to more effectively deter, detect, and disrupt the insider threat.
Departments and Agencies are implementing more robust access control systems to enforce role-based access privileges that serve to ensure that an individual user’s information access is commensurate with his/her assigned role.
Enhancing auditing capabilities across U.S. Government classified networks is a priority effort, and planning has been initiated to define the policy and develop standards for the collection and sharing of audit and insider threat data.