WikiLeaks Documents Place Firms In Classified Jeopardy
Federal moratorium on reading WikiLeaks docs could cause trouble for network analysis and intrusion detection systems; here are the right, and wrong, ways to prevent insiders from putting your business at risk
Following WikiLeaks' massive leak of diplomatic memos from the U.S. State Department, the Office of Management and Budget warned federal agencies earlier this month that access to classified documents, even leaked documents, violates U.S. policy and, likely, federal law.
The warning worried federal contractors, who stand to lose contracts if employees read any classified documents. As a result, security firms that focus on network-event analysis, content inspection, and data analysis saw a spike in requests to block the WikiLeaks documents, says Kurt Bertone, vice president of strategic alliances for Fidelis Security Systems.
"We are getting a lot of calls from our existing customers," Bertone says. "They are really afraid of consuming information made public by WikiLeaks."
In late November, WikiLeaks released nearly 250,000 confidential American diplomatic cables, exposing U.S. thoughts on the eventual collapse of North Korea, corruption in the Afghan government, and cyberattacks from China, among other topics.
The federal government told companies doing business with the United States -- as well as students hoping to one day work in the government -- that they should keep their eyeballs to themselves. Columbia University's School of International and Public Affairs, for example, warned students not to post comments about the documents on social networks.
"Federal agencies collectively, and each federal employee and contractor individually, are obligated to protect classified information pursuant to all applicable laws, as well as to protect the integrity of government information technology systems," reads a memo to federal agencies from the Office of Management and Budget.
The same applies for employees of federal contractors. Firms must have systems in place to limit employees' access to the documents, says Marc Maiffret, CTO for eEye Digital Security.
"It is a good reminder of the need to be able to control content coming in and out of a business," Maiffret says. "There are too many businesses which still manage their security in such an open way there is not much difference in what users can do at work versus on their own time at home. That is not good for business or security."
In many cases, however, network analysis and content inspection equipment can be just as big a danger, Fidelis' Bertone says.
"If you have a forensics system that records all information coming in before analyzing it, you could be polluting the system with classified data," he says. "These agencies are really, really concerned about that -- so much so that some of them are turning off their forensics systems because of it."
Companies need to ensure their forensics systems and network monitoring systems are blocking classified documents before caching them, Bertone says. Only the metadata describing the document should be stored.
"You can store metadata that describes the cable and not capture the content," Bertone says. "We can analyze it and then decide what to store."
Content filtering solutions also can be configured to block out WikiLeaks documents and not be polluted by the content, eEye's Maiffret says.
"There are ways to configure content filtering solutions where they can be blocking based on given keywords and types of data while not logging or storing the content that is being blocked," he says. "This is a very standard option, and usually default setting, of most content filtering type of devices."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2010About the Author
You May Also Like