Effectiveness of President Obama's cybersecurity order unclear, experts say

President Obama ordered an overhaul of the government's cybersecurity standards Friday, but experts aren’t sure the new measures will be effective in preventing another damaging leak of classified information.

The actions come in response to the release last year of thousands of classified State Department cables by WikiLeaks. Bradley Manning, an Army intelligence analyst, is accused of leaking the documents to the whistleblower website.

ADVERTISEMENT
The president's order establishes a task force for identifying people in the U.S. government who might disclose classified information and a new office to upgrade security protections. Agencies will be required to designate a senior official to oversee data security.

"It strikes me as being the correct steps, if not belatedly taken," said Adam Segal, a senior fellow for counterterrorism and national security studies at the Council on Foreign Relations.

He said the order is focused on preventing another government insider from accessing massive amounts of classified data, but he noted the next major cybersecurity breach might be completely different from the WikiLeaks incident.

"Are they closing the barn door after the animal is out?" he asked. He identified cloud computing as a potential source for future security breaches.

Segal noted part of the reason the WikiLeaks breach was possible was because the government was focused on sharing as much information as possible between agencies. A lack of information sharing is considered a reason for the government's failure to prevent the Sept. 11 attacks.

The White House says that maintaining critical information sharing was a guiding principle in crafting the new security requirements.

Ravi Sandhu, a computer scientist at the University of Texas at San Antonio, said the effectiveness of the order will depend on the specific security measures that the government implements.

While the order does create new agencies, it gives few details on what measures the government will use to prevent breaches.

"I don't think adding bureaucracy can solve the problem," Sandhu said. He noted that many commercial websites use programs to prevent the massive download of information. Some airline websites, for example, prevent people from downloading too much data about different flights, he said.

A similar government program could prevent a person from downloading troves of data they would have no reason to access as part of their job, he said.

Sandhu also noted that Manning was allowed to bring CDs into his job because employees liked being able to listen to music while they worked. Manning is accused of downloading the documents onto his CDs and then providing them to WikiLeaks.

"Maybe they should provide entertainment at the workplace," Sandhu said, arguing it would remove a reason for people bringing in their own CDs to work.

More in Senate

Thursday: Rebuking Obama's immigration order, NDAA, energy nominees

Read more »