A House committee is poised to advance legislation to protect classified information — and avoid gross losses, such as those suffered during the WikiLeaks breach — by requiring the installation of a centralized instrument for detecting unauthorized behavior on all military networks.
The deadline for activating the system of software and machinery is 2013, under the measure expected to pass Wednesday night, but computer security experts caution that even if enacted, such mandates would not stop malevolent insiders.
Lawmakers envision equipment to monitor the use of external ports, ensure restrictions are in place for reading and writing on files, audit unusual user activities, permit access based on job functions and mediate traffic between networks to prevent the exchange of restricted data. The apparatus also would track software bug fixes and security updates.
The measure, part of the Armed Services Committee’s annual defense authorization bill (H.R. 1540), was prompted by disclosures of sensitive diplomatic cables and war materials on the whistleblower website WikiLeaks, after a soldier allegedly downloaded the digital files to a music CD.
“The committee is concerned with the acute damage to national security of recent unauthorized releases of classified information from the Department of Defense and other government information systems,” bill sponsor Rep. Howard P. “Buck” McKeon, R-Calif., chairman of the Armed Services Committee, wrote in a summary of the legislation. “The impact of these releases will continue for many years, to the detriment of existing operations in the Islamic Republic of Afghanistan, as well as the reputation and credibility of the United States in international affairs now and in the future.”