Data Spill – An Everyday Threat to National Security
28 Jun 2017 | Michael WaksmanData Spill: What Is It?
Data has a frequent troublesome habit of residing somewhere it shouldn't. In national security spaces, classified data can end up on unclassified or lower level classification systems. This is known as a data spill. Other terms to describe this type of event include classified spill, contamination, and classified message incident. But they all mean the same thing - classified data existing in a location where it is not authorized.
How Do Data Spills Happen?
Several scenarios can lead to a data spill—here are the most common ones:
- File Moved to Wrong Location
In this situation, either a person with clearance or an automated process with clearance moves a file from a classified system to a system with a lower classification or no classification. - Accidental Email Distribution
Perhaps the wrong file was mistakenly attached to an email, or someone accidentally clicked ‘Reply all’ rather than ‘Reply’ in a thread. - Mismarks & Classification Changes
Other reasons that can lead to data spills include mismarked files on servers, improperly marked hard copies or media, and Department of Defense (DoD) classification changes.
What Kind of Data Spills Happen?
There are three main categories of data spills:
- Inadvertent
If someone had no reason to believe their actions would lead to a data spill, it can be called inadvertent. Relying on improperly marked data for decision making is a typical cause for an inadvertent spill. - Willful
When an individual purposefully disregards procedures or policies and causes a data spill, this is considered willful. Intentionally bypassing security controls is an example of this. - Negligent
Somewhere between the previous categories is the negligent data spill that occurs when a person acts unreasonably and causes an unauthorized disclosure. This can happen through careless attention to detail or a reckless disregard for procedures.
Whichever the category, the outcome is the same – protected data has become vulnerable by sitting somewhere it should not.
Responding to a Data Spill
If an organization has respect for information technology and resources dedicated to IT security, there will most likely be a reaction plan in place should a data spill occur. Most frequently, a Facility Security Officer (FSO), Information Assurance Manager and IT security personnel are all dedicated to the protection of data. It is their responsibility to mitigate and investigate data spills.
An appropriate response to a data spill most often takes three phases:
- Detection & Reporting
If you discover a data spill, you must report it immediately and take no action yourself on the data, including deletion or forwarding. DoD contractors can report to the Original Classification Authority (OCA), Information owner/originator, Information System Security Manager (ISSM), Activity Security Manager, or Responsible Computer Incident Response Center. For other industry reporting, contact the Facility Security Officer (FSO), the Information Systems Security Manager (ISSM), or the Information Systems Security Officer (ISSO). - Risk Assessment & Containment
Repair can begin now that the spill has been noticed and the appropriate authorities have been contacted. The authorities will tally the risks associated with the breach and will seek guidance from the data owner. Deletion or further spreading of the classified data is still prohibited during this phase, and the systems involved in the spill are usually isolated for that purpose. - Clean Up
Specific clean-up procedures vary between the DoD and cleared defense contractors, but most include software overwriting of affected data sectors.
Correcting the data spill can be a minor task or a massive undertaking depending on the sensitivity of the data, the level of clearance of the systems and the personnel involved, and the kind of contaminated storage media.
Wiping Files or Entire Hard Drives Involved in a Data Spill
In the event of a data spill, all involved endpoints should be wiped. The wiping process can target selected files or entire disks. Either way the software used during the clean up phase should meet the following requirements:
- A minimum of three-cycle overwriting data sanitization is required to be a complete wipe (different specifications can be required by different organizations). The first cycle writes a pattern, the second follows with the complement pattern, and the third and final cycle is a different, unclassified pattern.
- Random data reading for overwrite verification should be included in the software, although a separate utility can be used for verification.
- Printed results of wipe including disk integrity reporting needs to be included in the wipe software. Bad sectors or blocks on a disk require that the disk be destroyed or degaussed.
- Whole disk wipes must be complete, including partition tables, user data, operating systems, and any boot records. They must also wipe Device Configuration Overlay (DCO) sectors if the disks are ATA-6. A whole disk wipe must also be able to clear a Host Protected Area (HPA).
Clean Up a Data Spill with BCWipe
Trusted for over 15 years by the U.S. Defense Community, Jetico's BCWipe is the de-facto standard for classified data spill cleanup, wiping selected files beyond forensic recovery.
For whole disk wiping requirements, Jetico’s BCWipe Total WipeOut can overwrite partition tables, user data, operating systems, boot records, DCO hidden sectors on ATA-6 disks and HPA.
Both solutions:
- Feature DoD, DoE and creation of proprietary wiping schemes
- Include reporting functions
- Work on Windows, Mac and Linux (BCWipe Total WipeOut is OS independent)
- Don’t require an internet connection
Contact us to request a free trial or learn more about our solutions for data spills.
Center for Development of Security Excellence. "Student Guide Data Spills Short". [Online], Available: http://www.cdse.edu/multimedia/shorts/spills/common/cw/data/CDSE_DS_Student_Guide.pdf [28 June 2017].
Defense Security Service. "DSS ISFO Process Manual for C&A of Classified Systems under NISPOM". August 15, 2010.
Defense Security Service. "Manual for the Certification and Accreditation of Classified Systems under the NISPOM, Version 3.2". November 15, 2013. [Online], Available: http://www.dss.mil/documents/odaa/ODAA%20Process%20Manual%20Version%203.2.pdf [28 June 2017].
Environmental Protection Agency (EPA). "Spillage of Classified Information onto Unclassified Systems". Environmental Protection Agency (EPA) Information Procedure, November 9, 2015. [Online], Available: https://www.epa.gov/sites/production/files/2015-09/documents/cio-2150-p-20-0.pdf [28 June 2017].
NIST. "IR-9 INFORMATION SPILLAGE RESPONSE". NIST Special Publication 800-53 (Rev. 4). [Online], Available: https://nvd.nist.gov/800-53/Rev4/control/IR-9 [28 June 2017].
Michael Waksman has been serving as CEO of Jetico since 2011, more than doubling the size of the company during his tenure. He brings more than 20 years of communications, technology and leadership experience.
At Jetico, Waksman has lead creation of the corporate identity, raising global brand awareness, building a more commercially-driven team and initiating enterprise customer relations. Jetico has maintained a wide user base throughout the U.S. Defense community, in the global compliance market and for personal privacy.
Waksman served as vice-chairman of the Cyber Group for the Association of Finnish Defense and Aerospace Industries. Recognized as a security and privacy advocate, he is a frequent speaker at international events, occasionally on behalf of the Finnish cyber security industry. In 2012, Waksman was honored with The Security Network's Chairman's Award for fostering collaboration between the United States and Finland. As dual citizen, he is a native New Yorker and has been living in the Helsinki region for over 15 years.