The Obama administration on Monday ordered all federal agencies that deal with sensitive information to review and enhance their internal security programs in an effort to staunch the flow of unauthorized documents to WikiLeaks and other rogue Web sites.
Among other things, the administration is ordering agency heads to develop stricter criteria for determining which federal employees are given access to secured computer systems and networks that store classified data.
"Our national defense requires that sensitive information be maintained in confidence to protect our citizens, our democratic institutions, and our homeland," said Office of Management and Budget director Jacob Lew, in a letter to agency heads.
Several newspapers, including The New York Times, Der Spiegel, The Guardian, and Le Monde, over the weekend published stories that disclosed the contents of classified, U.S. government documents first obtained by WikiLeaks.
Among other things, the documents revealed serious concerns within the U.S. diplomatic community about the resolve and trustworthiness of several key allies, including Afghanistan and Pakistan, in the war on terror.
They also disclosed Saudi Arabia's wish for a U.S. military strike against Iran, and painted unflattering pictures of Western leaders like German Chancellor Angela Merkel and Italian Prime Minister Silvio Berlusconi. "The recent irresponsible disclosure by WikiLeaks has resulted in significant damage to our national security," wrote Lew.
"Any failure by agencies to safeguard classified information pursuant to relevant laws, including but not limited to Executive Order 13526 … is unacceptable and will not be tolerated," wrote Lew. President Obama signed Executive Order 13526 on Dec. 29, 2009. It mandates that federal agencies undertake a broad series of steps to protect information.
But Lew's directive indicates that, in light of the latest WikiLeaks incident, the White House believes agencies aren't doing enough to keep sensitive material from showing up in the Internet. Going forward, OMB is ordering agencies to establish security assessment teams comprising counterintelligence, security, and information assurance experts to review security procedures.
"Such review should include (without limitation) evaluation of the agency's configuration of classified government systems to ensure that users do not have broader access than is necessary to do their jobs effectively, as well as implementation of restrictions on usage of, and removable media capabilities from, classified government computer networks," Lew wrote in his memo.
Lew said OMB, along with the Information Security Oversight Office and the Office of the Director of National Intelligence, will assist and evaluate agencies' efforts to improve information security.