WikiLeaks' Information-Sharing Fallout
THE LEGISLATORS who passed a law requiring the intelligence community to create the type of global information sharing environment (ISE) recommended by the 9/11 Commission envisioned a world in which a junior military intelligence analyst in Iraq would have access to all the information relevant to his mission: historical background, human and signals intelligence, even diplomats’ perspectives on the country’s political circumstances. Synthesized, the data could help detect emerging threats before they materialized.
What they did not envision was how that world of shared information would facilitate one of the largest insider information thefts in U.S. government history, but that may be exactly what happened if in fact, as alleged, Army Private First Class Bradley Manning stole documents including roughly 260,000 classified State Department cables.
Manning is alleged to have then provided the stolen documents to the activist organization WikiLeaks, which has subsequently released several thousand of them, not only causing embarrassment but also endangering lives, according to leaders of the U.S. intelligence community.
In response, agencies have taken reactionary measures, such as the State Department’s removal of its diplomatic database from the Secret Internet Protocol Network (SIPN), which is the governmentwide nonpublic network to which Manning enjoyed full access. The ISE—never fully embraced, in particular by the intelligence community—is now viewed with renewed skepticism by member agencies throughout the government.
Director of National Intelligence (DNI) James Clapper, whose responsibilities include overseeing the ISE, told a conference hosted by the Bipartisan Policy Center that “the WikiLeaks episode represents what I would call a big yellow flag, and I think it’s going to have a chilling effect on the need to share.”
To address the problem, the White House announced a series of action items, focused primarily on technology, aimed at boosting the security of government information and increasing the confidence individuals and agencies must have before they will share data under the ISE.
Among the action items were directives for the U.S. Department of Defense to assess network vulnerability, institute more robust network monitoring capable of detecting large or unauthorized data transfers, and develop better staff training to increase awareness and help in detection of insider threats.
Major General Dale Meyerrose (USAF ret.), former associate director of national intelligence/chief information officer and information sharing executive for the Office of the DNI, favors placing the emphasis on human, rather than technological, security.
Meyerrose, currently vice president and general manager of cyber integrated solutions for Harris Corporation, warns against blaming the “techies” for the Manning leak and against relying solely on them for solutions. Policy and technical controls—combined with awareness training and vigilance—will help going forward, Meyerrose says, but even they have their limits.
James Carafano, a defense and homeland security scholar at The Heritage Foundation in Washington, D.C., agrees that technology is not a panacea. “The security at the end of the day is only as good as the people, not the technology. Technology is so dynamic,” he says.
It is too early to implement solutions, Carafano argues, because the government first has to complete its investigation into exactly how the documents were stolen.
It may be that nothing can really prevent this type of leak, however. “A complicit insider is probably the most troublesome of all situations,” says Meyerrose. “It’s akin to a pilot deciding he’s going to fly a plane into the ground. There’s little or nothing you can do to prevent it.”
Even so, the risk can be mitigated, and that’s likely to mean less sharing, observers acknowledge. Adequate data security going forward will require stepping back from total openness, according to Clapper. As he told the Bipartisan Policy Center conference, the solution probably lies with some compartmentalization, but of the sort that stops well short of the type of stovepiping the 9/11 Commission hoped to eliminate.
“There’s always this delicate balance between compartmentalization, sharing, collaboration, all this sort of thing. I’ll tell you: In this day and age of this hemorrhage of leaks in [Washington], I think compartmentalization—appropriate, reasonable compartmentalization—is the right thing to do,” Clapper said.
Meyerrose agrees, adding that Clapper “understands that balance and is striving to achieve it.”