The Obama Administration is putting the finishing touches on a new executive order that is intended to improve the security of classified information in government computer networks as part of the government’s response to WikiLeaks.
The order is supposed to reduce the feasibility and the likelihood of the sort of unauthorized releases of classified U.S. government information that have been published by WikiLeaks in the past year.
According to an official who has reviewed recent drafts, the order addresses gaps in policy for information systems security, including characterization and detection of the insider threat to information security. It does not define new security standards, nor does it impose the security practices of intelligence agencies on other agencies. (“It doesn’t say, ‘go polygraph everybody’,” the official said.)
Rather, the order establishes new mechanisms for “governance” and continuing development of security policies for information systems. Among other things, it builds upon the framework established — but not fully implemented — by the 1990 National Security Directive 42 (pdf), the official said.
The order, developed on a relatively fast track over the past nine months, has already gone through two rounds of interagency coordination and is expected to be issued within a matter of weeks.