The U.S. Department of Labor (DOL) gathers and disseminates some of the nation's most politically and economically significant data each month in the reports released by its Bureau of Labor Statistics (BLS) and Employment and Training Administration (ETA). As a result, the agency has imposed several procedural changes in recent months to account for concerns that sensitive, potentially market-changing information is being leaked by members of the press ahead of schedule.
FBI, SEC warnings trigger investigation
When the DOL is ready to publicly release its latest economic data, such as the findings contained in the BLS' monthly Employment Situation Summary, members of the press are typically invited to an advanced viewing of the figures so they can review the information, ask questions and prepare their coverage for timely release. These proceedings take place in a secure location, known as a "lock-up" facility, which prevents communication to anyone outside the room.
According to DOL officials, this arrangement allows news organizations to deliver their reports with greater speed and accuracy to help promote a more informed public. But over the past several years, both government and industry regulators have approached DOL officials to voice concern over the data security standards surrounding the agency's press engagements. In an era defined by real-time intelligence, any vulnerabilities allowing for the premature release of data to market actors can have significant consequences.
"Given the market-moving impact of these numbers and the largely automated process of today's market institutions, even a minor flaw in the timing or accuracy of this data could result in a destructive impact on global markets," Missouri Senator Roy Blunt wrote in a letter to Secretary of Labor Hilda Solis, according to Bloomberg.
As a result, researchers from the Sandia National Laboratories were recruited for a project, codenamed CleanSweep, intended to root out any vulnerabilities in the secure data distribution process. The newly declassified August 2011 report pointed to non-DOL IT and communications equipment as the potential weak link in the lock-up facility's data protection perimeter.
"The presence of equipment owned by press organizations necessitates that access to areas housing DOL communications and data infrastructure is made available to employees and contractors working for these press organizations to conduct maintenance," Sandia experts wrote. "This access, though controlled by DOL personnel escorting such outsiders, creates opportunities for adversaries to compromise critical DOL communications and data infrastructure."
Locking down the lock-up
This April, DOL officials decided to heed the advice of their colleagues at Sandia and make several fundamental changes to the lock-up environment. According to the Associated Press, it began with a comprehensive review of the credentialing process that ultimately led to the expulsion of several news agencies from the privileged room. There were also proposals that suggested, come July, members of the press would no longer be able to bring their own hardware into the lockup environment.
This week, the DOL has clarified its intention with a new set of procedures that will go into effect this September. In an amendment to its official Policy Statement and News Organization agreement, the agency has decided that members of the press can now use privately owned computers, government-provided equipment or a combination of the two.
However, reporters seeking to use their own hardware must ensure those machines meet a certain set up data security specifications. Additionally, DOL officials will require the privately owned equipment to be shipped directly from the commercial manufacturer to the lock-up location. Upon arrival, the systems will then be subject to detailed inspections.
Data Security News from SimplySecurity.com by Trend Micro