SIPRNET, along with the Non-Classified Internet Protocol Router Network, or NIPRNet, now made famous by Wikileaks, is simply the way the Defense Department moves information around on computer systems. SIPRNet can handle classified information, up to the secret level, while NIPRNet is reserved for less sensitive unclassified information.
After the terrorist attacks of 9/11, access to SIPRNet was expanded along with the push to share information between government agencies. The Pentagon estimates there are now about 400,000 to 500,000 SIPRNet users (the number changes, since people gain and lose SIPRNet access depending on their jobs). While only a fraction of the approximately 3 million people with secret clearances have access to SIPRNet, that number includes account holders from the Pentagon, as well as other agencies like the Office of the Director of National Intelligence, the Department of Homeland Security and the Federal Bureau of Investigation (the State Department also had access until it cut itself off after the release of over 250,000 leaked diplomatic cables).
While it’s hard to say whether that expansion is what may have allowed an Army intelligence analyst to leak—at least allegedly—hundreds of thousands of sensitive government documents, it certainly helped provide more opportunities for such leaks. “It stands to reason that the likelihood of some kind of security breach will increase with the number of cleared personnel and the volume of protected information,” says Steve Aftergood of the Federation of American Scientists, who cites the increasing potential for “errors, accidental disclosures or deliberate violations.”
Whatever the source of the leaks, the Pentagon has already moved to tighten restrictions around SIPRNet and other controlled military computers. One of the steps recently taken was to expand the use of software “to detect suspicious, unusual or anomalous user behavior,” says Maj. Chris Perrine, a Pentagon spokesman. The Pentagon is using Host-Based Security System, a software designed to spot unusual data access and storage, similar to what credit card companies use to spot fraudulent charges. This software is already used on over half of SIPRNet, and the Pentagon is rushing to cover to the rest, according to Maj. Perrine.
Other steps, like disabling removable storage media that can be used to transfer data, have also been taken, and more measures are under consideration. The ultimate question, however, is whether the recent leaks will roll back access to SIPRNet and other classified systems.
That debate, according to retired Maj. Gen. Dale Meyerrose, predates WikiLeaks. “There’s this natural friction between needing to share the information with the broadest range of people possible in order to make effective use of it,” says Meyerrose, a Harris Corp. executive who was previously the chief information officer for the Office of the Director of National Intelligence, “There’s always the chance somebody will abuse it.”