recommended reading

Pentagon Spent Millions to Counter Insider Threats After WikiLeaks Fiasco

Pfc. Bradley Manning allegedly downloaded classified files from military networks and leaked them to the anti-secrecy website WikiLeaks.

Pfc. Bradley Manning allegedly downloaded classified files from military networks and leaked them to the anti-secrecy website WikiLeaks. // Patrick Semansky/AP

Since 2010, when Pfc. Bradley Manning allegedly downloaded classified files from military networks and leaked them to the anti-secrecy website WikiLeaks, the Pentagon has paid millions of dollars for technology designed to protect networks against insiders intent on leaking sensitive data -- the kind of activities former National Security Agency contractor Edward Snowden claims to have done in releasing classified files on the agency's spying operations.

NSA, which is part of the Defense Department, doesn't appear to have enabled those protections, despite earlier Pentagon assertions the technology was rolled out departmentwide.

The Host-Based Security System, launched in 2010, prevents the use of removable storage devices such as CDs and thumb drives on Defense Department networks. An NSA information technology official, who left the agency in the summer of 2012, said that at that time, HBSS was not installed

Between 2010 and early 2013, the military had spent at least $12 million on core implementation contracts, according to budget analysts. Going forward, the Defense Information Systems Agency, which provides IT support throughout the department, is expected to pay about $1.3 million annually for software licenses, said Ray Bjorklund, founder of BirchGrove Consulting.

Snowden, an NSA system administrator working for Booz Allen Hamilton until he was fired last month, allegedly transferred to a thumb drive classified information about how the agency tracks domestic call data and foreigners' Internet activities. 

"There's usually a collaboration between DISA and NSA on net security technologies," Bjorklund said, but "NSA may have been responsible for funding its own implementation under the DoD directive."

In fall 2010, Defense officials directed military components to ban downloading information onto removable devices from the military's secret network, using technologies such as HBSS. 

The move came after Manning, who as a low-level intelligence analyst based in Iraq in early 2010, allegedly downloaded to a CD classified files about the wars in Iraq and Afghanistan to release publicly on the anti-secrets website WikiLeaks.

A December 2010 memorandum from the Committee on National Security Systems, an interagency group that sets national policy, advised Defense organizations to “begin using physical configuration, software settings, a capability such as a Host-Based Security System (HBSS) (a DoD capability designed to address exploit traffic on network hosts)" or any combination of those approaches "to disable all 'write' privileges," meaning downloads, "for all forms of removable media devices" on national security systems. 

By early spring 2012, most Defense organizations had activated the technology.

Federal spending databases indicate a slew of contractors, including General Dynamics, Northrop Grumman, and now BAE Systems were hired to deploy the McAfee-developed HBSS. Booz Allen does not appear to be on military's payroll for this particular project. 

HP, NCI Information Systems and SAIC are among the vendors that individual military departments have commissioned for HBSS services, according to the databases.

NSA declined to say whether the agency had installed or activated HBSS. 

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.