E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


WHITE HOUSE ORDERS NEW COMPUTER SECURITY RULES

Source: The New York Times

Posted on October 17, 2011

The White House plans to issue an executive order early this month to replace a flawed patchwork of computer security safeguards exposed by the disclosure of hundreds of thousands of classified government documents to WikiLeaks last year.

The order by President Obama culminates a seven-month government-wide review of policies and procedures involving the handling of classified information, and recommendations on how to reduce the risk of breaches.

The directive enshrines many stopgap fixes that the Pentagon, the State Department and the Central Intelligence Agency made immediately after the initial WikiLeaks disclosures last November. Since then, for instance, the military has disabled 87 percent of its computers to prevent people from downloading classified data onto memory sticks, CDs or DVDs.

The Pentagon has also developed procedures to monitor and detect suspicious behavior on classified computer systems. And the State Department stopped distributing its diplomatic cables over a classified e-mail system used by many in the military, including Pfc. Bradley E. Manning, who is accused of leaking the classified documents to WikiLeaks.

Computer security analysts say these safeguards, as well as others in the executive order aimed at bringing greater consistency and accountability to information sharing and protection policies, are long overdue, and lag behind what is routine in the private sector.

"The real surprise continues to be that relatively elementary procedures should have been in place and were not," said Ravi Sandhu, executive director of the Institute for Cyber Security at the University of Texas at San Antonio.

In addition to these immediate measures, Mr. Obama's order creates a task force led by the attorney general and the director of national intelligence to combat leaks from government workers, or what the White House calls an "insider threat."

The directive also establishes a special government committee that must submit a report to the president within 90 days, and then at least once a year after that, assessing federal successes and failures in protecting classified information on government computer networks.

According to government prosecutors, the three big WikiLeaks document dumps were disguised as a Lady Gaga CD and smuggled out of a military intelligence office in Iraq by Private Manning. Computer security analysts say the case revealed major lapses in securing classified data in war zones.

Now, virtually every Defense Department computer is blocked from downloading classified information onto memory sticks or CDs, except for explicitly authorized "mission essential" exceptions.

The Pentagon has issued a cyber identity credential to anyone using unclassified networks and has started a similar program for personnel using classified networks. These credentials allow supervisors to track what users are working on.

And the military is accelerating the analysis of logs from computers on the classified networks to detect large transfers of data or the use of data that is unrelated to an individual's job duties.

"It's an additional tool to provide indicators that flag anomalous behavior, much as credit card companies monitor credit card use and a user's profile," said Teri Takai, the Defense Department's chief information officer.

The WikiLeaks disclosure also revealed disparities in the use of security safeguards by various federal agencies and even within agencies. Under the new order, each federal agency will designate a senior official to oversee procedures for safeguarding classified data that also protect user privacy and civil liberties.

"As technology changes, we hope to be ahead of the curve, seeing where technology is going and being able to respond before it's necessary," said Patrick F. Kennedy, the under secretary for management at the State Department.

Despite the changes and continuing review, administration officials say the new policies and procedures are relatively untested.

"I don't think we'll ever be able to guarantee this won't happen again, but this greatly enhances our chances of preventing it or catching it in the process," said Monte Hawkins, the director for identity management and biometrics policy at the National Security Council.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.