

Data has a frequent troublesome habit of residing somewhere it shouldn't. In national security spaces, classified data can end up on unclassified or lower level classification systems. This is known as a data spill. Other terms to describe this type of event include classified spill, contamination, and classified message incident. But they all mean the same thing - classified data existing in a location where it is not authorized.
Several scenarios can lead to a data spill—here are the most common ones:
There are three main categories of data spills:
Whichever the category, the outcome is the same – protected data has become vulnerable by sitting somewhere it should not.
If an organization has respect for information technology and resources dedicated to IT security, there will most likely be a reaction plan in place should a data spill occur. Most frequently, a Facility Security Officer (FSO), Information Assurance Manager and IT security personnel are all dedicated to the protection of data. It is their responsibility to mitigate and investigate data spills.
An appropriate response to a data spill most often takes three phases:
Correcting the data spill can be a minor task or a massive undertaking depending on the sensitivity of the data, the level of clearance of the systems and the personnel involved, and the kind of contaminated storage media.
In the event of a data spill, all involved endpoints should be wiped. The wiping process can target selected files or entire disks. Either way the software used during the clean up phase should meet the following requirements:
Trusted for over 15 years by the U.S. Defense Community, Jetico's BCWipe is the de-facto standard for classified data spill cleanup, wiping selected files beyond forensic recovery.
For whole disk wiping requirements, Jetico’s BCWipe Total WipeOut can overwrite partition tables, user data, operating systems, boot records, DCO hidden sectors on ATA-6 disks and HPA.
Both solutions:
Contact us to request a free trial or learn more about our solutions for data spills.
Center for Development of Security Excellence. "Student Guide Data Spills Short". [Online], Available: http://www.cdse.edu/multimedia/shorts/spills/common/cw/data/CDSE_DS_Student_Guide.pdf [28 June 2017].
Defense Security Service. "DSS ISFO Process Manual for C&A of Classified Systems under NISPOM". August 15, 2010.
Defense Security Service. "Manual for the Certification and Accreditation of Classified Systems under the NISPOM, Version 3.2". November 15, 2013. [Online], Available: http://www.dss.mil/documents/odaa/ODAA%20Process%20Manual%20Version%203.2.pdf [28 June 2017].
Environmental Protection Agency (EPA). "Spillage of Classified Information onto Unclassified Systems". Environmental Protection Agency (EPA) Information Procedure, November 9, 2015. [Online], Available: https://www.epa.gov/sites/production/files/2015-09/documents/cio-2150-p-20-0.pdf [28 June 2017].
NIST. "IR-9 INFORMATION SPILLAGE RESPONSE". NIST Special Publication 800-53 (Rev. 4). [Online], Available: https://nvd.nist.gov/800-53/Rev4/control/IR-9 [28 June 2017].
Michael Waksman has been serving as CEO of Jetico since 2011, more than doubling the size of the company during his tenure. He brings more than 20 years of communications, technology and leadership experience.
At Jetico, Waksman has lead creation of the corporate identity, raising global brand awareness, building a more commercially-driven team and initiating enterprise customer relations. Jetico has maintained a wide user base throughout the U.S. Defense community, in the global compliance market and for personal privacy.
Waksman served as vice-chairman of the Cyber Group for the Association of Finnish Defense and Aerospace Industries. Recognized as a security and privacy advocate, he is a frequent speaker at international events, occasionally on behalf of the Finnish cyber security industry. In 2012, Waksman was honored with The Security Network's Chairman's Award for fostering collaboration between the United States and Finland. As dual citizen, he is a native New Yorker and has been living in the Helsinki region for over 15 years.