Ever Heard of Executive Order 13587?

As the 4 of July weekend winds to close, the Edward Snowden “Freedom Tour” – after being held over in the Moscow Airport’s International holding area for two weeks due travel document irregularities (how Soviet!) related to less than rave reviews for the show’s impact on Russian/American relations – appears to have long-term booking opportunities in Venezuela, Bolivia, and Nicaragua that the “hacker headliner” is considering.  Ed’s 15 minutes of fame has lasted a month now, and as far as I am concerned regular updates on his plight are becoming increasingly tedious.  While extradition doesn’t seem likely, Ed should never stop watching “Argo” or “Zero Dark Thirty” so he doesn’t forget the long reach of the US Intelligence Community (IC) that he has been actively warning about to anybody who will listen.

Beyond where Snowden is and where he might be going, the media also has been full of arguments about whether the scale and scope of the NSA surveillance of American phone and email externals is appropriate, necessary or constitutional.  There has also been considerable public discourse about whether contractors should be granted sensitive (aren’t they all?) security clearances and the broad access that usually goes with them.  NSA and the IC would generate more confidence regarding their surveillance programs with transparency about what they are doing and why instead of telling the American people (and themselves) how these secret programs are necessary for protecting us.  The premise that government employees are more trust worthy than contractors is as dangerous as it is false!  What do Walker, Whitworth, Pendleton, Pollard, Ames, Hansen, Montes and Manning have in common?  Correct, all were government employees with security clearances and broad access to intelligence products and/or capabilities.

Most disturbing to me, however, is what nobody in the media, the Congress, the West Wing, or the greater IC punditry is talking about:  How could Snowden exfiltrate from a secure area enough classified data to fill up four laptops in a post Wiki Leaks environment?  Private 1st Class Bradley Manning is currently being court martialed at Fort Meade for releasing gigabits of classified information he downloaded from the SIPRNET onto thumb drives while he was assigned to the Joint Intelligence Operational Center (JIOC) in Iraq.  He actions resulted in Executive Order 13587 titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.

EO 13587 issued on October 7, 2011 directs:

…structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties.  Agencies bear the primary responsibility for meeting these twin goals. These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and systems security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the Federal Government.  These policies and minimum standards will address all agencies that operate or access classified computer networks, all users of classified computer networks (including contractors and others who operate or access classified computer networks controlled by the Federal Government), and all classified information on those networks. [emphasis added]

Snowden’s success indicates that NSA failed in its own environment in terms of Section 5 of EO 13587, which designates the Secretary of Defense and the Director, National Security Agency, to act jointly as the Executive Agent for Safeguarding Classified Information on Computer Networks.  Section 6 of this EO charges the Attorney General and the Director of National Intelligence with establishing an “Insider Threat Task Force” that is to be administratively supported by the Office of the National Counterintelligence Executive (ONCIX).  I can’t be the only one wondering what the minutes of this Insider Threat Task Force tells us about what could have been done to deter or detect Edward Snowden before he acted.  The Wiki Leaks Task Force also recommended standardized procedures for using removable media in classified areas, increased attention on access controls, and robust employment of enterprise monitoring and auditing software.  Progress in any of these areas surely would have raised Snowden’s threat profile if not actually working to deter or detect his unauthorized downloading of classified information from NSA networks.

With Manning on trial for leaking classified information downloaded from a secure network and EO-13587 being issued over 18 months ago to prevent a reoccurrence, the serious damage the IC says Snowden has done to national security appears to have been enabled by its own negligence.

That’s what I think; what do you think?

9 comments on “Ever Heard of Executive Order 13587?

  1. Keith Herrington says:

    Well, if we use Information Sharing as a template it will be at least one decade or more before meaningful improvements are made to the system. It’s never a technology or even a funding issue, it depends almost entirely on the various parties, agencies and organizations coming to a common accord, being willing to compromise on a solution and collaborating on getting it done. Sounds so very simple, but we’ll expect an update from you in another ten years.

    • mazzajm1 says:

      Keith I replied earlier but it doesn’t look like it posted – – – so my apologies if this is a dup

      There is obviously no arguing with your time line about information sharing! If the IC can’t figure out how to use existing COTS Software on the NSA Approved Products list to keep gigabytes (and soon terabytes) of classified material from leaving its SCIFs there won’t an IC to speak of in ten years. Even a fool understands when he gets robbed twice its time to buy a lock! thanks joemaz

  2. Marty says:

    Amen!

  3. Pete Speer says:

    Joe

    It is inbred in the Military and the IC culture tat knowledge is power in a bureaucracy. That is one reason why stovepipes exist. Compartmented clearances have had the effect of substituting entitled ambition for patriotism. ‘Nice to have’ has succeeded ‘need to know.’

    The very volume of information available has exploded filling ever larger storage computers. Nothing is ever destroyed. It is administratively tedious to supervise access as long as we do not strictly limit it — compartments within compartments, but we must. Among other things we need to segregate – dead file — or destroy used data.

    Thumb drives are a threat to security.

    • mazzajm1 says:

      Pete “need to know” works if you know who needs to know. Seems like we spend a lot money on security investigations that don’t seem to find the really dangerous people. Thumb Drives are a serious threat to security both in terms of introducting maleware and bad data as well as for exfiltrating classified/sensitive information. Because of their size and ubiquity banning thumb drives is a fools errant. Better for the IC to buy and install COTS software off the GSA schedule (there are several choices) that alert when mobile media is installed as well as when information is being down loaded. I thought EO 13587 gently directed this kind of network monitoring post Wiki Leaks and put NSA in charge of monitoring it. joemaz

      • John Bogus says:

        Joe, What I don’t understand is how he got Thumb Drives and laptops into and out of the secure facilities. If strict search procedures were constantly enforced, then it would have been difficult for him to bring in Thumb Drives. As far as laptops, only government agency specific laptops should be permitted to enter or leave a facility with the drives wiped after each use and software reinstalled as required by each agency user. If he laptops were government units then hardware theft charges (minor in comparison) should be added to the intelligence material theft.

      • Pete Speer says:

        Thumb drives are easy. They can be wrapped in a condom and stuck up your anus, just he way that prisoners in places like Devil’s Island used to secrete their small valuables.

        Joe, when I was in ONI I was very willing to be searched. I thought it was necessary.

    • Hieda K says:

      I agree. Need to know is what used to allow us the freedom from worry. I noticed one contractor gave me shhh! about CI. People tell info without regard for the oath they took.

  4. mazzajm1 says:

    John you an I both remember the employee push back at ONI against bag and personal searches. Besides telling the employees the command doesn’t trust them it just creates havoc with people getting into an out of work. As I responded to Pete I believe software that detects the insertion of mobile media and down loading of information is both more efficient and effective. Thanks joemaz

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s