Wikileaks and the Insider Threat
A young U.S. Army private was arrested in May 2010 for allegedly collecting several classified videos and 150,000 classified U.S. diplomatic cables and releasing them to unauthorized parties. The unauthorized parties were the principal actors in an Internet-based organization known as Wikileaks. Wikileaks and its volunteers collect documents and imagery that governments and other institutions regard as confidential and publish them on the Web. When Wikileaks began publishing the classified U.S. material on the Internet, the organization became a household term all over the world.
In the wake of this leak, the U.S. government was forced to address the public exposure of masses of classified material. The presence of such a quantity of classified information in the public domain also created the possibility of a cascade of security breaches affecting cleared personnel, who are obligated not to view or discuss classified material in an unclassified context. To prevent that from happening, cleared personnel were directed not to visit the Wikileaks site and not to discuss the leaked material.
The Wikileaks disclosure focused attention on the fact that the systems designed to protect mission-critical information have an Achilles heel—the people who have authority to use and access that information. Despite all the policies, technologies, and procedures establishing barriers to keep classified information from adversaries, the insiders who have the authority to use that information are often able to surmount those barriers if they become so motivated, thereby creating an insider threat.
It is possible that the barriers established by the U.S. government to protect classified information had been weakened in the aftermath of the terrorist attacks of 9/11. In the months following 9/11, the U.S. government recognized that national security would be best served by improving the ability of the agencies responsible for protecting the U.S. homeland to share certain critical information. In this vein, U.S. policies and procedures were changed to make it easier for these agencies to share intelligence information that often was classified. Still, many security-related questions went unanswered. What could be done to balance the needs to both protect and share classified information within the extraordinary complexity of U.S. government organizations? Could the insider threat be better addressed, and if so, how?
President Obama signed an executive order in October 2011 to address such questions. “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Material” reasserts the need to share classified information “immediately with authorized users around the world,” while calling for “sophisticated and vigilant means to ensure it is shared securely.” This executive order directs reforms in the organization and operation of government entities responsible for the security of classified computer networks, as well as for those responsible for sharing and safeguarding classified information. It augments the responsibilities of government agencies that use or operate classified networks, and establishes collaborative initiatives like the newly formed Insider Threat Task Force, which is charged with developing a government-wide program for deterring, detecting, and mitigating insider threats.