The Obama administration issued an executive order Friday aimed at preventing the leak of classified data from government computer networks.
But while some experts said the directive calls for important cybersecurity improvements, others said the mandate was long overdue and the government needed to do more to prevent another disclosure of sensitive information like the classified documents released to the whistleblower site WikiLeaks.
"This is not transformative," said Stewart Baker, a former assistant secretary for policy at the Department of Homeland Security. "We're not going to get security on our networks if we wait for disaster and then fix the things that caused the disaster."
The order, which concludes a seven-month review of how the government protects classified data, establishes a task force led by the attorney general and the director of national intelligence to deter "insider threats," or the disclosure of government secrets by its own employees. It also creates a special committee that reports to the president on the progress being made to protect classified information and requires officials from each agency to oversee the protection of sensitive data.
The White House directive was issued in response to the disclosure of hundreds of thousands of sensitive government documents last year by WikiLeaks. In May 2010, Army Pfc. Bradley Manning was arrested on suspicion of leaking the documents, which included more than 250,000 confidential State Department cables, video of a deadly U.S. helicopter attack and logs pertaining to the Iraq and Afghanistan wars. In April, he was transferred to a medium-security prison unit at Fort Leavenworth in Kansas, where he is awaiting trial.
After the Wikileaks disclosure, national security staff created a committee to recommend policies for reducing the risk of another breach of classified information, the White House said. Since then, the government has made "significant progress" in securing government computer systems, such as limiting the number of people allowed to use removable media like flash drives and limiting access to classified networks, the White House said.
The goal of the effort was, "to ensure that we provide adequate protections to our classified information while at the same time sharing the information with all who reasonably need it to do their jobs," the White House said in a statement.
The order comes just days after a government audit found that lax cybersecurity practices at federal agencies continue to place sensitive government information at risk. According to the report by the Government Accountability Office, "hundreds" of cybersecurity recommendations have not been implemented by the government.
Baker said the order was, "a bunch of small things that frankly should have been done years ago." The government needed to take further security measures by creating a system to identify and stop network threats in real time, not after the fact, he said.
Other experts, however, said the executive order brings necessary accountability by making agency directors responsible for cybersecurity.
"That’s a tremendous shift to put the onus on leaders who have always said, 'That's an IT problem,'" said Tom Kellermann, chief technology officer at AirPatrol Corp.
Mischel Kwon is former director of the U.S. Computer Emergency Readiness Team, which is tasked with analyzing and preventing cyber attacks against government networks.
"I look at this as good guidance and good practice," Kwon said.
Kellermann said the order would help prevent not just government employees from leaking classified data, but also foreign spies from stealing information remotely, which he said is more responsible for the loss of classified intelligence. In March, foreign hackers infiltrated the network of a defense contractor, stealing 24,000 military files in one of the most devastating data breaches suffered by the Pentagon to date.
Kellermann said the directive may not prevent another Wikileaks disclosure, but it closes several loopholes that left classified government data vulnerable to theft.
"It’s a significant step forward to stop the bleeding," Kellermann said.