Obama orders plugs for IT system leaks

The Obama Administration has ordered drastic measures for agencies that handle classified information in the hope of preventing disgruntled employees misbehaving in a "post-WikiLeaks" world.

By the end of this month, agencies will be expected to answer to high level intelligence offices whether they psychologically assess employees, use lie detector systems and conduct IT security audits to close "vulnerabilities, weaknesses, or gaps on automated systems in the post-WikiLeaks environment".

Jacob Lew, director of the White House Office of Management and Budget issued the memo on Monday [pdf], bringing what some believe is a paranoid CIA mentality to the broader public service.

Under the header, "Deter, Detect, Defend Against Employee Unauthorized Disclosures", the memo asks agency heads: "Do you have an insider threat program or the foundation for such a program?"

"Are there efforts to fuse together disparate data sources such as personnel security and evaluation, polygraph, where applicable, IT auditing or user activities, and foreign contact/foreign travel information to provide analysts early warning indicators of insider threats?"

Steven Aftergood, a senior research analyst at the Federation of American Scientists and campaigner against government secrecy reckons the orders amount to paranoia rather than security.

"So, for example, agencies are asked "Do you capture evidence of pre-employment and/or post-employment activities or participation in on-line media data mining sites like WikiLeaks or Open Leaks?" wrote Aftergood on the FAS's Secrecy News blog.

"It is unclear how agencies might be expected to gather evidence of "post-employment" activities," he said.

Aftergood said the orders reflected the government's predictable response to the "evolutionary pressure" placed on it by WikiLeaks -- a response that would see agencies, such as the Army, State Department and Department of Justice employ CIA security protocols that were already considered "absurd".

"It's triply absurd at most other agencies," Aftergood told NBC News.

The security audit comes as agencies such as the US Airforce implement interim data handling policies for classified systems that are expected to hamper mission execution, while the research arm of the US Department of Defense, DARPA, works towards longer-term technologies to weed out insider cyber threats before they can do damage.