FAS

Tightening Security in the “Post-WikiLeaks” Era

01.04.11 | 3 min read | Text by Steven Aftergood

The Obama Administration is moving to increase the security of classified information in response to the massive leaks of classified documents to Wikileaks in recent months.  The White House Office of Management and Budget yesterday issued a detailed memorandum (pdf) elaborating on the requirement to conduct an initial assessment of agency information policies and to initiate remedial steps to tighten security.  Agency assessments are to be completed by January 28.

The Wikileaks model for receiving and publishing classified documents exploits gaps in information security and takes advantage of weaknesses in security discipline.  It therefore produces greater disclosure in open societies, where security is often lax and penalties for violations are relatively mild, than in closed societies.  Within the U.S., the Wikileaks approach yields greater disclosure from those agencies where security is comparatively poor, such as the Army, than from agencies with more rigorous security practices, such as the CIA.

What this means is that Wikileaks is exercising a kind of evolutionary pressure on government agencies, and on the government as a whole, to ratchet up security in order to prevent wholesale compromises of classified information.  If the Army becomes more like the CIA in its information security policies, or so the thinking goes, and if the U.S. becomes more like some foreign countries, then it should become less vulnerable to selective security breaches.

The government’s response to this pressure from Wikileaks, which was entirely predictable, is evident in the new memorandum circulated by OMB, which calls on agencies to address “any perceived vulnerabilities, weaknesses, or gaps in automated systems in the post-WikiLeaks environment.”  See “Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems,” Office of Management and Budget, January 3, 2011.

In an attachment to the OMB memo, the National Counterintelligence Executive and the Information Security Oversight Office provided an 11-page list of questions and requirements that agencies are supposed to use in preparing their security self-assessment.  “If your agency does not have any of the required programs/processes listed, you should establish them.”

Agencies are asked to “deter, detect, and defend against employee unauthorized disclosures” by gathering “early warning indicators of insider threats” and also by considering “behavioral changes in cleared employees.”

So, for example, agencies are asked “Do you capture evidence of pre-employment and/or post-employment activities or participation in on-line media data mining sites like WikiLeaks or Open Leaks?”  It is unclear how agencies might be expected to gather evidence of “post-employment” activities.

Among other troubling questions, agencies are asked:  “Are all employees required to report their contacts with the media?”  This question seems out of place since there is no existing government-wide security requirement to report “contacts with the media.”  Rather, this is a security policy that is unique to some intelligence agencies, and is not to be found in any other military or civilian agencies. Its presence here seems to reflect the new “evolutionary pressure” on the government to adopt the stricter security policies of intelligence.

“I am not aware of any such requirement” to report on media contacts, a senior government security official told Secrecy News.  But he noted that the DNI was designated as Security Executive Agent for personnel security matters in the 2008 executive order 13467.  As a result, “I suspect that an IC requirement crept in” to the OMB memo.

publications
See all publications
Nuclear Weapons
Blog
New Voices on Nuclear Weapons Fellowship: Creative Perspectives on Rethinking Nuclear Deterrence 

To empower new voices to start their career in nuclear weapons studies, the Federation of American Scientists launched the New Voices on Nuclear Weapons Fellowship. Here’s what our inaugural cohort accomplished.

11.28.23 | 3 min read
read more
Science Policy
Article
Expected Utility Forecasting for Science Funding

Common frameworks for evaluating proposals leave this utility function implicit, often evaluating aspects of risk, uncertainty, and potential value independently and qualitatively.

11.20.23 | 11 min read
read more
Nuclear Weapons
Report
Nuclear Notebook: Nuclear Weapons Sharing, 2023

The FAS Nuclear Notebook is one of the most widely sourced reference materials worldwide for reliable information about the status of nuclear weapons and has been published in the Bulletin of the Atomic Scientists since 1987. The Nuclear Notebook is researched and written by the staff of the Federation of American Scientists’ Nuclear Information Project: Director Hans […]

11.17.23 | 1 min read
read more
Social Innovation
Blog
Community School Approach Reaches High of 60%, Reports Latest Pulse Panel

According to the National Center for Education Statistics’ August 2023 pulse panel, 60% of public schools were utilizing a “community school” or “wraparound services model” at the start of this school year—up from 45% last year.

11.17.23 | 4 min read
read more