Improved DoD Data Security Measures Slated for 2013

Friday, March 11, 2011



The Department of Defense is expecting to be better protected from future WikiLeaks-style data loss events by the year 2013.

The material released in the WikiLeaks data breach was suspected to have come from one source, US Army Private Bradley Manning, and underscores the grave menace to security posed by insider threats.

A few hours before WikiLeaks released the deluge of diplomatic communications in late November, Pentagon spokesman Bryan Whitman sent out an email exclaiming that only sixty percent of the Department of Defense's networks were being monitored by software to detect the inappropriate accessing of classified data.

At issue is how best to control access to sensitive data in an effort to prevent further breaches while also maintaining post-9/11 efforts to increase information sharing between multiple government agencies responsible for defending the nation.

Patrick Kennedy, State Department undersecretary for management, offered testimony regarding the need for interagency information sharing this week.

"To be blunt, we believe in the interest of information sharing, that it would be a grave mistake and danger to the national security for the State Department to try to define each of every one of the 65 agencies that we share our diplomatic reporting analysis to say that, 'Pvt. Smith should get this cable, Lt. Jones should get that cable, Cmdr. X should get that cable.' The policies put in place between the State Department and other agencies for many years is that we provide this information to the other agency, the other agency takes on the responsibility of controlling access by their people to the material we provide to them," Kennedy testified.

The DoD proposes implementing the use of smart card authentication for network access control by 2013. One problem with the plan is that smart card systems may not provide the level of security needed.

In January, security consultants from Mandiant identified techniques that could be employed to breach smart card authentication systems using a method termed "smart card proxy".

"Everything is circumventable in the end," says Mandiant's Rob Lee.

Possibly Related Articles:
Network Access Control
Authentication Network Access Control DoD Data Loss Prevention Headlines WikiLeaks Pentagon Smart Cards
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.