Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government Security IT Your Rights Online

State Department CIO Interviewed About Post-Wikileaks Changes 24

CowboyRobot writes, quoting Information Week: "Eighteen months after its diplomatic cables were exposed in the WikiLeaks breach, the State Department continues to lock down its confidential information, while increasing its use of using social media. The agency is deploying new security technology, including auditing and monitoring tools that detect anomalous activity on the State Department's classified networks and systems. State has also begun tagging information with metadata to enable role-based access to those who need it, and is planning to implement public key infrastructure on its classified systems by the summer of 2014. This is all taking place despite the recent announcement that the IT budget will be cut by nearly 5%."
This discussion has been archived. No new comments can be posted.

State Department CIO Interviewed About Post-Wikileaks Changes

Comments Filter:
  • So, this means that they had almost no security measures aside from the basics when the leaks took place.

    I suppose its not that surprising that it takes a breach of some magnitude in order to bring in change.

    • That's because the post 9/11 "let's share everything" mentality that was mandated by SECDEF.
    • Remember it wasn't a hack. After 9/11, the federal community was told to "share data" and remove the old stovepipes and State did just that - they State shared their cable data with DOD. DOD's controls regarding access were the issue and enabled Manning to do what he did. The focus now is creating a more roles based access policy without inhibiting sharing. It's not as easy as one might think.
    • There was a person claiming that he worked as a contractor. He said the security was a joke there and even people like him had access to cables.
  • Really?
    Been working at the department of redundancy department long?

  • by duffbeer703 ( 177751 ) on Friday April 06, 2012 @08:04AM (#39596425)

    At the end of the day, Bradley Manning was a mental trainwreck in a myriad of ways. This wasn't a secret -- he was in the process of being drummed out of the military before his arrest. Seems to me that the human half of the system failed -- someone in Manning's state of crisis should have been cutoff from access to weapons or critical information at some point.

    • by pizzap ( 1253052 )

      I guess Bradleys state was kind of normal for the army: SNAFU.

    • by Hentes ( 2461350 )

      You assume that information was critical. From what I've heard it was on a central repository that a few hundred thousand government employees had access to. It wasn't a place for really secret stuff, and it's likely that most major powers already had those files. The only damage done was that the public got to know about them.

      • Re: (Score:3, Insightful)

        The only damage done was that the public got to know about them.

        This is the angle that so few people in our country seem to get... Nothing that Manning released was really all that "critical" to fighting a war. It was critical, however, in exposing the government's bottomless bucket of lies on the subject. So, obviously, Manning must die.

        • yep. the people who attacked manning were whom exactly? the folks who generate the propaganda.

          Of course they are and were pissed, not for a good reason though.

    • by dakohli ( 1442929 ) on Friday April 06, 2012 @08:22AM (#39596553)

      You have hit the nail on the head

      Many security breaches can be prevented if we just follow the guidelines that are in place. If you look at the case of Sub-Lieutenant Jeffrey Delisle [www.cbc.ca] there were some indicators [nationalpost.com] such as his divorce and bankruptcy which are red flags.

      In Delisle's case he was caught, but it is not clear how much info he sold.

      Yet a third case of Security Officials dropping the ball is John Walker [wikipedia.org] who I believe was turned in by his wife. This guy at one point didn't even try to keep his clearance updated!

      So, in the end it falls to the procedures we have in place. If we don't consistently follow them, we pay the consequences.

  • they added a few anomaly detection IDSs and decided to implement proper access control. Shouldn't they be doing that from the get go?

    I could be oversimplifying this though...
    • As was stated above, the cables were secret, but not the most secret - this wasn't nuclear-launch-code stuff, hundreds of thousands of people had access.
  • by dbIII ( 701233 ) on Friday April 06, 2012 @09:27AM (#39597147)
    Their entire problem was too many secrets which meant too many people had to have access to a system containing both information that didn't really need to be secret (but a lot of people need to do their jobs) and actual sensitive information (which only a few need access to). When you have close to one million people with access the information is going to get out to anyone that cares and has the resources to convince people to give them the information. I very much doubt Manning was the first to pass a lot of that information to a third party in even the year it happened, especially since he was free for so long after the incident and did very little to hide what he was doing. His actions were lost in the noise of nearly a million people accessing that system. Perhaps some sort of central agency in charge of intelligence should be formed to replace the one that is supposed to be distributing the information but has failed spectacularly yet again.
    What Manning did is not really a huge crime, he just distributed some stuff that he had very easy access to. The only reason it is a big deal is the negligence that meant he had access to enough to cause embarrassment and so we get the disproportionate response of "might makes right" that belongs more in China than in a State that respects the rule of law. He's leaked information that the Secretary of State is unfit for the position due to little respect for the rule of law (directing agents to get credit card numbers of diplomats), so it's probably to be expected if disappointing.

The reward for working hard is more hard work.

Working...