In the wake of the WikiLeaks publishing of classified information in 2010 and other cybersecurity breaches, President Barack Obama today outlined a variety of new information security steps intended to prevent such disclosures in the future.
More on the federal cyber threat: Malicious cybersecurity assaults increased 650% in past five years, Feds say
While there were, at least in theory, a multitude of security protections in place, Obama's executive order now adds a number of new layers. The Executive Order states:
- Agencies bear the primary responsibility for sharing and safeguarding classified information, consistent with appropriate protections for privacy and civil liberties.
- A Senior Information Sharing and Safeguarding Steering Committee will now have overall responsibility for fully coordinating interagency efforts and ensuring that Departments and Agencies are held accountable for implementation of information sharing and safeguarding policy and standards.
- A Classified Information Sharing and Safeguarding Office will be created within the office of the Program Manager for the Information Sharing Environment to provide sustained, full-time focus on sharing and safeguarding of classified national security information. The office will also consult partners to ensure the consistency of policies and standards and seek to identify the next potential problem.
- Senior representatives of the Department of Defense and the National Security Agency will jointly act as the Executive Agent for Safeguarding Classified Information on Computer Networks to develop technical safeguarding policies and standards and conduct assessments of compliance.
- An Insider Threat Task Force will develop a government-wide program for insider threat detection and prevention to improve protection and reduce potential vulnerabilities of classified information from exploitation, compromise or other unauthorized disclosure. This will be led by Attorney General Eric Holder and Director of National Intelligence James Clapper.
MORE ON SECURITY: IRS: Top 10 things every taxpayer should know about identity theft
"High priority is being placed on enhancing the auditing capabilities across US government classified networks. Planning is now under way to define policy and develop standards for collecting and sharing of audit and insider threat data, officials said in a statement.
While the statement today noted that there has been an ongoing effort to reduce cybersecurity problems such as clarifying and standardizing removable media policies and owners of classified systems are accelerating efforts to strengthen online verification and tracking of individuals logging on to classified systems, many problems remain. Just this week the congressional watchdogs at the Government Accountability Office said many federal agencies continue to struggle with IT security.
"Weaknesses in information security policies and practices at 24 major federal agencies continue to place the confidentiality, integrity and availability of sensitive information and information systems at risk. Consistent with this risk, reports of security incidents from federal agencies are on the rise, increasing more than 650% over the past five years," the GAO stated.
Layer 8 Extra
Check out these other hot stories: