Ever Heard of Executive Order 13587?

As the 4 of July weekend winds to close, the Edward Snowden “Freedom Tour” – after being held over in the Moscow Airport’s International holding area for two weeks due travel document irregularities (how Soviet!) related to less than rave reviews for the show’s impact on Russian/American relations – appears to have long-term booking opportunities in Venezuela, Bolivia, and Nicaragua that the “hacker headliner” is considering.  Ed’s 15 minutes of fame has lasted a month now, and as far as I am concerned regular updates on his plight are becoming increasingly tedious.  While extradition doesn’t seem likely, Ed should never stop watching “Argo” or “Zero Dark Thirty” so he doesn’t forget the long reach of the US Intelligence Community (IC) that he has been actively warning about to anybody who will listen.

Beyond where Snowden is and where he might be going, the media also has been full of arguments about whether the scale and scope of the NSA surveillance of American phone and email externals is appropriate, necessary or constitutional.  There has also been considerable public discourse about whether contractors should be granted sensitive (aren’t they all?) security clearances and the broad access that usually goes with them.  NSA and the IC would generate more confidence regarding their surveillance programs with transparency about what they are doing and why instead of telling the American people (and themselves) how these secret programs are necessary for protecting us.  The premise that government employees are more trust worthy than contractors is as dangerous as it is false!  What do Walker, Whitworth, Pendleton, Pollard, Ames, Hansen, Montes and Manning have in common?  Correct, all were government employees with security clearances and broad access to intelligence products and/or capabilities.

Most disturbing to me, however, is what nobody in the media, the Congress, the West Wing, or the greater IC punditry is talking about:  How could Snowden exfiltrate from a secure area enough classified data to fill up four laptops in a post Wiki Leaks environment?  Private 1st Class Bradley Manning is currently being court martialed at Fort Meade for releasing gigabits of classified information he downloaded from the SIPRNET onto thumb drives while he was assigned to the Joint Intelligence Operational Center (JIOC) in Iraq.  He actions resulted in Executive Order 13587 titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.

EO 13587 issued on October 7, 2011 directs:

…structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties.  Agencies bear the primary responsibility for meeting these twin goals. These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and systems security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the Federal Government.  These policies and minimum standards will address all agencies that operate or access classified computer networks, all users of classified computer networks (including contractors and others who operate or access classified computer networks controlled by the Federal Government), and all classified information on those networks. [emphasis added]

Snowden’s success indicates that NSA failed in its own environment in terms of Section 5 of EO 13587, which designates the Secretary of Defense and the Director, National Security Agency, to act jointly as the Executive Agent for Safeguarding Classified Information on Computer Networks.  Section 6 of this EO charges the Attorney General and the Director of National Intelligence with establishing an “Insider Threat Task Force” that is to be administratively supported by the Office of the National Counterintelligence Executive (ONCIX).  I can’t be the only one wondering what the minutes of this Insider Threat Task Force tells us about what could have been done to deter or detect Edward Snowden before he acted.  The Wiki Leaks Task Force also recommended standardized procedures for using removable media in classified areas, increased attention on access controls, and robust employment of enterprise monitoring and auditing software.  Progress in any of these areas surely would have raised Snowden’s threat profile if not actually working to deter or detect his unauthorized downloading of classified information from NSA networks.

With Manning on trial for leaking classified information downloaded from a secure network and EO-13587 being issued over 18 months ago to prevent a reoccurrence, the serious damage the IC says Snowden has done to national security appears to have been enabled by its own negligence.

That’s what I think; what do you think?

Advertisements