The Department of Defense (DoD) is reevaluating data classification and access protocols in the wake of the WikiLeaks classified data releases.
Currently more than two million people have access to confidential materials, with nearly one million having access to documents with a "Top Secret" classification.
The material released in the WikiLeaks data breach are largely suspected to have come from one source, US Army Private Bradley Manning, and underscores the grave menace to security posed by insider threats.
At issue is how best to classify material in an effort to prevent further breaches, while also maintaining post-9/11 efforts to increase information sharing efforts between multiple government agencies charged with defending the nation from future terrorist attacks.
Lt. General Ronald L. Burgess Jr., director of the Defense Intelligence Agency (DIA), spoke on the subject at the U.S. Geospatial Intelligence Symposium (GEOINT) in November, stating:
“We have to build safeguards into our intelligence systems to prevent this from happening again,” Burgess said. “But how do we do that without rolling back the progress in information sharing? How do we properly react without overreacting? Where do we draw the line? How do we keep pushing the incredible power of [geospatial intelligence] and other intelligence to our customers, especially to the lowest levels where it makes a real difference, without opening ourselves up to WikiLeaks 2, 3 and 4?”
Just hours before WikiLeaks released a deluge of diplomatic communications, Pentagon spokesman Bryan Whitman sent out an email exclaiming that sixty percent of the Department of Defense's networks were now being monitored by software to detect any inappropriate accessing of classified data.
Defense Secretary Robert Gates also issued statements that additional security measures would be implemented, including preventing the use of removable storage devices.
Security experts have criticized the DoD for the lack of proactive security policies that are considered common place in private industry that could have prevented the WikiLeaks data breach by monitoring and restricting authorization access to sensitive data.