The Defense Department has taken steps to prevent another massive leak of its classified information, a senior official told a Senate committee yesterday.
Thousands of classified military documents were leaked and distributed into the Internet’s public forum last summer, prompting an immediate investigation from the top down.
Officials since have singled out the weakest link in the department’s security chain, and began a checks-and-balances system to stem the flood of the critical defense data, Teresa M. Takai, chief information officer and acting assistant secretary of defense for networks and information integration, told the Senate Homeland Security and Government Affairs Committee yesterday.
“The department immediately began working to address the findings and improve its overall security posture to mitigate the possibility of another similar type of disclosure,” she said.
Takai told Senate members that Defense Secretary Robert M. Gates immediately called for two internal studies to review the department’s information security policy and to unveil how classified information is handled in forward-deployed areas. The results showed that forward-deployed units had an “over-reliance” on using removable electronic storage media, Takai said.
Responsibilities needed to be better defined to detect and handle insider threats, she said, and methods to monitor user behavior on classified computer networks were limited.
To get control of the vulnerabilities, the department has disabled the ability to copy data from nearly 90 percent of its classified computers, Takai said. The rest of the classified computers were left intact to write removable media for operational reasons, she explained, but only under strict controls.
Takai told the committee that more work is coming to prevent stolen data, and a project is under way with the Office of the National Counterintelligence Executive to add an information technology insider detection capability and insider threat program.
The Defense Department is working on a Web-enabled information security training to accompany the department’s mandatory annual information assurance training, she said, and plans also exist for an oversight program for inspections in forward-deployed areas.
“We will strive to implement the mechanisms necessary to protect the intelligence information without reverting back to pre-9/11 stovepipes,” Takai said.
“The department continues to work toward a resilient information-sharing environment,” she added, “that is secured through both technological solutions and comprehensive policies.”