- The Washington Times - Thursday, December 2, 2010

The State Department and other U.S. agencies are not fully cooperating with lawmakers’ efforts to probe the WikiLeaks security breach, according to the Republican likely to be the next chairman of the House Permanent Select Committee on Intelligence.

Rep. Mike Rogers, Michigan Republican and a senior member of the intelligence committee, said government officials seem “more concerned about their department’s reputation than the consequences [of the leak], and that is a big problem.”

“They’ve been obstructionist up to this point,” Mr. Rogers told The Washington Times. “They need an attitude adjustment.”

He joins a growing chorus of Democrats and Republicans who are finding fault with the government’s post-Sept. 11 information-sharing system, which aims to push intelligence reporting toward the front lines of the war on terrorism.

“Clearly, the rush to share everything with everyone has gone too far,” Mr. Rogers said. “Clearly, there’ll be changes.”

State Department spokesman P.J. Crowley told The Times in a brief e-mailed statement late Thursday that access arrangements to classified department data were “fully consistent with the 2004 Intelligence Reform Act that Congress passed — and rightly so.”

He added officials “have taken steps and will take more to prevent this from happening again.” But he cautioned, “We have to make sure we avoid actions that move to the information silos and controls that we had on Sept. 11.”

That sentiment was echoed by Rep. C.A. Dutch Ruppersberger, Maryland Democrat, who chaired part of the intelligence committee briefing on the WikiLeaks breach this week that Mr. Rogers attended.

Mr. Ruppersberger noted that a half-million people have access to the network that was reportedly compromised - a classified Pentagon computer system called SIPRNet.

“How did we get to the point where a private with a questionable background has that kind of access?” he said. “We members of Congress … don’t have that kind of access.”

He was referring to a low-level military analyst, Army Pfc. Bradley E. Manning, who has been charged in connection with the breach and is accused of downloading hundreds of thousands of secret documents from SIPRNet.

Pfc. Manning has been in solitary confinement at the Marine Corps base at Quantico, Va., since July. His attorney has said that before the breach, Pfc. Manning’s superiors were so concerned about his mental health that they disabled his weapon. He also was admonished while a trainee for inappropriately referencing classified material in personal videos he posted on the Web.

Neither incident appears to have restricted his top-secret clearance or his access to SIPRNet.

Former users of SIPRNet say the network is set up very much like the Internet, with users employing a Web browser to visit sites maintained by different U.S. agencies on which they display material classified up to the lowest level - secret.

“It is basically a parallel Internet, classified at the secret level,” said Adam Rice, a security specialist who used the network when he was in the Army Special Forces.

For the 500,000-plus cleared users of SIPRNet, there are few barriers to access once they are logged on, said Mr. Rice, now the head of security for a global Internet firm. “Once you’re in … you basically have access to anything in there.”

When Mr. Rice was a user, “I was amazed at the information that was out there,” he said, declining to give any specifics. He was especially surprised, given the size of the user base with access. “It is too big, too uncontrolled,” he said.

Sen. Dianne Feinstein, California Democrat and chairwoman of the Senate Select Committee on Intelligence, agreed that “part of the problem” is the broad distribution of intelligence that has been promoted since Sept. 11, with intelligence agencies urged to replace their traditional reliance on “need to know” with a new focus on “need to share.”

“Both concepts - ‘need to know’ and ‘need to share’ - must be carefully reviewed and changed,” she said in a statement, adding that at present, “hundreds of thousands of individuals receive intelligence” that they do not need.

Mr. Rice noted the fact that Pfc. Manning was caught only after he confessed in an online chat to a former hacker who turned him in to the authorities. “If he wasn’t such a braggart, he’d have gotten clean away,” he said.

This was especially alarming because it indicated that there was no monitoring of downloading by SIPRNet users.

“Who was watching the stable door before the horse was stolen?” Mr. Rice said. “How could that much data leave SIPRNet without anyone knowing about it?”

Simple precautions could easily have prevented the massive security breach Pfc. Manning is charged with, Mr. Rice said. “At bottom this problem is just sloppy management.”

Mr. Rogers agreed: “The way they handled this was negligent. … It is mind-boggling because we know the technology exists to prevent this.”

He added that he is “concerned” about what he described as “almost a cavalier attitude” among officials towards the details of information-sharing policy.

But other lawmakers were pushing back this week against what they saw as an overreaction - presaging possible conflict about the issue across party lines and complicated by the jurisdictional issues involved between the intelligence, armed services and government oversight committees.

“There was no ‘rush’ to increase information-sharing after Sept. 11,” Sen. Christopher S. Bond, Missouri Republican, said in an e-mailed statement.

“It has been a long, painstaking process to increase information to those who need to have it,” Mr. Bond said. “I think the solution is not to share less, but to improve auditing and control of the information so that this kind of mass download cannot happen again.”

But even those critical of SIPRNet access arrangements cautioned against congressional overreaction. “We’ve got to get the information into the right hands,” Mr. Ruppersberger said. “We can’t go back to the stovepipes we had before Sept. 11.”

Mr. Ruppersberger said that establishing accountability for the breach is important.

“Was there a lack of leadership?” he said. “I am sure we will find people who didn’t do their jobs.”

But he observed that many mitigation measures had been taken, including barring downloads to removable media, like the CDs Pfc. Manning boasted of using to steal the data, and improved management oversight.

Mr. Rogers, however, was more skeptical. “I am not convinced that the problems are fixed,” he said. “If they are, they haven’t demonstrated that.”

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2021 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide