Information Security News mailing list archives
[Weekly Defense Monitor] - Volume 4, Issue #24
From: William Knowles <wk () C4I ORG>
Date: Thu, 15 Jun 2000 19:26:23 -0500
---------------------------------------------------------------------------- The Center for Defense Information The Weekly Defense Monitor 1779 Massachusetts Ave., NW * Washington, DC 20036 (202)332-0600 * Fax (202)462-4559 * www.cdi.org ---------------------------------------------------------------------------- VOLUME 4, ISSUE #24 June 16, 2000 ---------------------------------------------------------------------------- TABLE OF CONTENTS 1. Keeping Secrets -- Or Not Lost, stolen, or temporarily mislaid, secrets are out and about. [...] ********* 1. Keeping Secrets -- Or Not Colonel Dan Smith, USA (Ret.), Chief of Research, dsmith () cdi org On June 8, Senators Bennett (R-VT) and Schumer (D-NY) introduced S.2702, a bill that would require the Department of Defense to report its progress on implementing Presidential Decision Directive 63 (PDD-63). PDD-63, which addresses "cyber threats," charges DoD with a defensive role in countering these threats but doesn't say what it is to do or how its efforts are to be tied to those of other government agencies and the public sector. S.2702 directs DoD to work with the intelligence community to develop means to identify and counter cyber threats. Furthermore, DoD is to integrate the countermeasures developed into a national "indications and warning architecture" that encompasses both governmental and public aspects of the National Communications System. All well and good, considering the dependence of critical elements of the nation's military and civilian infrastructure on computers and automated systems. But security of high-tech electronic systems and critical information nodes against intrusion or other attempts by foreign nations to obtain U.S. secrets does not address what seems to be a growing problem -- the lapse of basic security procedures by those who work with classified material. The record of the last few months is so dismal it would be funny if not so serious. First there was Wen Ho Lee, an employee at the Los Alamos National Lab who is under arrest for mishandling classified information. Mr. Lee is accused of downloading critical nuclear weapons design information onto an unclassified computer and making seven tapes, none of which can be found. In January, the General Accounting Office started an enquiry into the Defense Department's procedures for issuing security clearances. Approximately 2.4 million military, DoD civilian, and government contractors have clearances issued by the Pentagon and another 800,000 reportedly hold clearances issued by the Department of Energy and the CIA. But the Pentagon cannot keep up with investigations and investigation updates -- it has about 600,000 pending -- and many that are conducted do not meet government guidelines for granting clearances, according to the GAO. Also in January the State Department discovered that a laptop computer with highly sensitive information was missing. More recently, they have admitted that another 15 laptops had been reported stolen or misplaced, although these are said not to have contained secrets and were all eventually located. Nor has the CIA escaped. In May the Justice Department reopened an investigation of former CIA Director John Deutch. When Mr. Deutch left his position at the Agency, it was discovered that he had transferred highly classified material onto his home computer, including information on covert activities of the CIA and copies of memos prepared for the President. The fact that an internal Agency review of this security breach is now deemed flawed throws into comic relief a new Washington Post report that the CIA is insisting it see questions and answers that are part of a History Channel report on the Agency's support for U.S. troops in Somalia in the early 1990s. If the producers refuse, the Agency says it will not allow two of its past employees to participate. The latest public gaffe takes us full circle to Los Alamos, where two hard discs containing instructions on procedures for disarming and disabling U.S. and foreign nuclear weapons have turned up missing. Presumably, such discs would also contain details about how the weapons are put together or have enough information that sufficient study would reveal such data. Obviously, if another nation obtained one of these discs it would be able to learn U.S. bomb construction secrets. It would also learn how much the U.S. knows about other nations' nuclear weapons. Finally, another Washington Post article this month notes that Senate confirmation of seven foreign service officers for ambassadorial posts has been held up because the nominees have from 10 to 22 security lapses on their records. In fairness, most of the incidents described -- leaving embassy safes unlocked or walking out of offices and leaving classified papers unattended -- happened a number of years ago. Nonetheless, a military person with that many violations would probably have lost his or her security clearance a long time ago. There are two quick ways out of this morass. Since people seem to be the weak link, separate them from the secrets. Cancel all security clearances and lock up all the documents and hard drives and computer discs that have secrets. Alternatively, do away with all the secrets or everything that needs to be kept secret -- such as nuclear weapons. Then there would be no worries about secrets being stolen, mislaid, or otherwise endangered from discovery. And we might also discover that many of the "secrets" weren't secret at all or that we can get along quite easily without them. A side benefit of either course is that government could then concentrate on S.2702 -- protecting the nation's infrastructure from cyber attack. (For the text of S.2702, see the Congressional Record, Vol. 146, No. 70, June 8, 2000 (pp. S4843-4844)). ************ [...] +---------------------------------------------------------------+ Weekly Defense Monitor ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- [Weekly Defense Monitor] - Volume 4, Issue #24 William Knowles (Jun 16)