The Inevitable IT Security Breach
Put politics aside. The leak of 75,000 internal military logs on the Afghanistan war, known as the Afghan War Diaries or the War Logs and posted on Wikileaks.com, is a major IT security breach. But the fact that the breach - or leak - of such magnitude occurred didn't seem to surprise many. And, two recent reports show why.
The Washington Post's investigative series published earlier this month, Top Secret America, revealed that an estimated 854,000 people hold top-secret security clearances.
On Wednesday, Verizon issued its 2010 Data Breach Investigations Report that blamed insiders with nearly half of the breaches last year, up 26 percentage points in one year.
With so many - or should I say too many - people holding top-secret security clearances and insiders being eyed as an increasing IT security threat, the fact that the War Logs become public shouldn't be a shock.
No one has been charged with this breach, though suspicion has fallen on a low ranking Army intelligence analyst who the military is detaining and has charged with transferring classified data onto his PC, adding unauthorized software to a classified computer system and transmitting and delivering national defense information to an unauthorized source in a case not related to the War Logs.
The Verizon reports suggests even low-level individuals with limited security clearances pose a threat:
"While it is clear that pulling off an inside job doesn't require elevated privileges, evidence consistently supports that they do facilitate the bigger ones. ... This finding is not surprising since higher privileges offer greater opportunity for abuse. In general, we find that employees are granted more privileges than they need to perform their job duties and the activities of those that do require higher privileges are usually not monitored in any real way.
Whether you feel the leaker is a whistle-blowing hero shedding light on questionable practices in a growing unpopular war or traitor placing the lives of our troops in peril, the leak lays bare the failure of the government to secure sensitive documents stored in its IT systems. And, that should be a concern to all, irrespective of ones political beliefs.
2010 Verizon Data Breach Report: Insiders are No. 1 Threat, an interview with the report's coauthor.