U.S. military launches review of IT security after Wikileaks breach
Defense chief Gates said changes already underway in war zones, where security is loosened to get data to soldiers more quickly
Computerworld - WASHINGTON - Defense Secretary Robert Gates Thursday announced that U.S. information security practices will be reviewed following the leak of tens of thousands of classified war documents that were published by WikiLeaks earlier this week.
Gates told a press conference that some security changes are already happening "in theater" -- the war zones in Afghanistan and Iraq -- to prevent a repeat of such a breach. The changes include tightening established procedures for accessing and transporting classified information, Gates said.
As a practical matter, Gates said there are fewer restrictions on the use of and the distribution of classified material on the front lines.
If the breach had "occurred at a read headquarters somewhere in the U.S.," Gates said, there's "a very high likelihood we would have detected it."
Gates also said that FBI has been asked to investigate the leak. The number of documents released is now being put at around 77,000.
During the first Iraq war, it became clear "how little useful intelligence was being received by battalion and company commanders in the field," said Gates. Thus the military changed its approach so it could "push as much information as far forward as possible, which means putting it in a secret channel that almost everybody has access to in uniform, and obviously many civilians as well," he said.
"We want those soldiers in a forward operating base to have all the information they possibly can," said Gates.
Because of the leak, Gates said that the Department of Defense will review whether the approach should be changed. "Or do we continue to take the risk," said Gates.
Gates said there are "technological solutions" to the dilemma, but they aren't immediately available.
Wikileaks publishes classified and restricted government and private materials leaked to it by individuals whose identies it doesn't know. The Sweden-based group says it focuses on authenticating documents and not the leaker who remains undisclosed to the organization.
Military officials, which have been widely critical of Wikileaks, are reviewing the leaked documents to assess the damage.
Adm. Mike Mullen, chairman of the U.S. Joint Chiefs of Staff, was blunt in his criticism of Wikileaks during the press conference. "The truth is they might already have on their hands the blood of some young solider or that of an Afgan family," Mullen said.
"Disagree with the war all you want, take issue with the policy, challenge me or our ground commanders on the decisions we make to accomplish the mission we've been given," said Mullen. "But don't put those who willingly go into harm's way, even further in harm's way, just to satisfy your need to make a point."
WikiLeaks founder Julian Assange has indicated that thousands of military documents thaat it acquired have not been released. Robert Gibbs, White House press secretary, urged him not to release any additional documents.
In an interview on ABC, Assange continued his defense of the document release and said they show "negligence that's on a massive scale."
It remains unclear whether Wikileaks will release the other documents, and all Assange would say about it is they are getting further review.
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts