It will take several more years for the government to fully install high-tech systems to block computer intrusions. This prolonged timeline enables criminals to become more adept at stealing sensitive data, experts say.
As the Department of Homeland Security (DHS) methodically works to secure the approximately 2,400 network connections used daily by millions of federal workers, experts suggest that technology may already be outpacing them.
The DHS, responsible for securing non-military government systems, is gradually moving all government Internet and e-mail traffic into secure networks. These networks will eventually be protected by intrusion detection and prevention programs. However, progress has been slow. Officials are trying to finalize complex contracts with network vendors, resolve technology issues, and address privacy concerns related to monitoring employees and public citizens.
The recent WikiLeaks release of over a quarter-million sensitive diplomatic documents highlights the massive challenge ahead. Homeland Security is working to build protections for all potentially more vulnerable U.S. agencies.
"This is a continuing arms race, and we're still way behind," said Stewart Baker, former Homeland Security undersecretary for policy.
The WikiLeaks breach affected the government's classified military network and was as much a personnel gap as a technological failure. Officials believe the sensitive documents were stolen from secure Pentagon computer networks by an Army intelligence analyst.
The changes sought by Homeland Security for non-military government computers would be broader and more systemic than the immediate improvements recently ordered by the Departments of Defense and State in response to the WikiLeaks releases. These changes included better monitoring of computer usage and making it harder to transfer material onto portable computer flash drives or CDs.
"There are very few private sector actors who depend on information security who think that installing intrusion prevention systems is sufficient protection against the kinds of attacks that we're seeing," Baker said.
