White House orders security review in wake of WikiLeaks disclosure
OMB calls on U.S. agency and department heads to evaluate procedures in place for protecting classified data
Computerworld - The release of thousands of pages of classified U.S. government information over the weekend by whistleblower Web site WikiLeaks prompted an order to all federal agencies by the White House Office of Management and Budget (OMB) to immediately review procedures in place for protecting sensitive data.
In a brief directive issued Sunday, OMB director Jacob Lew called on the heads of all federal agencies and departments to establish special security assessment teams to conduct the reviews. Each team should include counterintelligence experts as well as security and information assurance experts, the directive noted.
Lew's memo requires that each agency evaluate their specific security measures for restricting access to classified government systems.
The directive also orders agency heads to ensure that employees can only access data that's required for their jobs. As part of the review, agencies have been asked to implement restrictions on the availability and use of removable media on classified government networks.
The OMB and the Office of the Director of National Intelligence and the Information Security Oversight Office will assist agencies in reviewing security practices, the directive added.
Any failure by agencies to safeguard classified information "is unacceptable and will not be tolerated," the memo stated. "Any unauthorized disclosure of classified information is a violation of our law and compromises our national security."
The OMB directive does not offer specific deadlines for completing the reviews and implementing new procedures.
The directive follows WikiLeaks' release of tens of thousands of leaked U.S. Department of State cables on Sunday.
The cables reveal sensitive and what government officials call potentially damaging information on U.S. diplomatic activities in dozens of countries. The documents also revealed more data on the attacks against Google this year.
WikiLeaks claims that it has a cache of more than 250,000 State Department cables, and plans to release them in batches over the next few months. The release of the initial set of documents yesterday provoked intense criticism from U.S. officials as well as from governments around the world.
Peter King (R-NY), ranking member of the Committee on Homeland Security, yesterday called on Attorney General Eric Holder to label WikiLeaks a terrorist organization and to prosecute its founder, Julian Assange, under the Espionage Act.
This is the second time this year that WikiLeaks has released sensitive documents on such a massive scale.
In July, the site released close to 90,000 sensitive documents relating to the wars in Afghanistan and Iraq. That disclosure led Defense Secretary Robert Gates to order all military agencies to review their information security practices.
Bradley Manning, an Army intelligence analyst who has already been accused of supplying WikiLeaks with a video allegedly showing a deadly U.S Apache helicopter attack in Iraq, is a prime suspect in the latest incident as well.
Bradley, who has been in solitary confinement for the past several months is alleged to have downloaded the documents and copied them onto removable thumb drives and rewritable CDs while stationed at a U.S. Army base in Iraq.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Snowden advocates at SXSW for improved data security
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts