WikiLeaks- The Technical Problem

I know more than your average knuckle dragger about cybersecurity and the technical issues around the WikiLeaks debacle. Full disclosure, I work with a software company that has engineered and is currently building a secure collaboration product that could significantly impact the ability to control information.

The biggest difficulty the government faces in this realm is how to share information among people who need it to do their jobs without surrendering control of it once they start using it. The fact that Bradley Manning got access to and removed so many documents has many asking just what type of security was employed. The fact is that the security measures were extensive and the failure was not in a lack of attention to detail. There simply is no solution that adequately addresses control of information while allowing those who need it to use it.

Manning took the information from the (Secret Internet Protocol Router) SIPRnet, which handles traffic up to Secret classification. This is an internal network with access to the internet only through a small number of gateways that are very tightly monitored. Inside this fortress the information is safe and those who need it can get access by secure authentication, like a Common Access card (CAC) and a username and password. The downside is that you have only protected the information from outsiders. You have perimeter and access control, but you do not have information control as the users inside can do what they want with the information. So Manning downloaded piles of files onto a Lady GaGa disk and waltzed out the door.

The initial solution to this has been to ban the use of external devices (disks, thumb drives etc.). But that ignores the larger problem of how to segregate information inside the SIPRnet so only those who actually need a particular document or class of information, can get it. Currently the only way to do that is to create smaller, discrete networks with the larger one. This has led to the proliferation of tens of thousands of networks the military uses to try and manage this. That will likely increase and all terminals will basically become dumb with just a keyboard, monitor and a mouse and no other input/output capabilities. This is a step backwards, albeit a necessary one now, and ignores the tremendous computing capabilities of computers at the network edge. It also has no solution for smart phones, tablets and the fact that people work on multiple devices these days. But you have to stop the bleeding first and this a start.

COMMENTS

Please let us know if you're having issues with commenting.