DoD Announces Steps to Tighten Information ControlsPublished: Thursday, July 26, 2012
DoD has announced a new "top down" approach to improve reporting leaks of classified information, one of several recent actions to counter unauthorized disclosures.
It said the department will monitor all major, national media reporting for unauthorized disclosures of defense classified information and attempt to ensure that the appropriate component of the department has been tasked with investigating leaks and that the required legal referrals to the Department of Justice and Congressional notifications are made.
DoD said it recently took a number of additional actions to help safeguard classified information, including updating its information assurance and information security training courses, which all personnel are required to take each year. The department has also developed training designed to help individuals know what to do if they suspect a threat from an insider or observe security incidents such as leaks of classified information.
Other information management actions include:
Publication of clearer instructions as to what constitutes an unauthorized disclosure, reporting requirements, the conduct of preliminary inquiries and other investigations, as well as roles and responsibilities across the department;
Implementation of an online "automated security incident reporting system" in December, which is fully operational and under evaluation for improvements in data management and tracking of investigations and other associated actions.
Deployment of a host-based security system tool to virtually monitor every defense department computer, and prevent in most cases downloading information to external media such as a thumb drive;
Issuing cyber identity credentials to every person operating on the department unclassified network;
Planning for a executive level governance structure aimed at creating strategic management of department investments in security resources; and,
Initiating a comprehensive DoD insider threat program which includes elements from physical security, cyber security, counterintelligence, antiterrorism, and force protection.