A story just published a few minutes ago, says the Russians stole data from an intelligence community contractor of the NSA that gave them inside information on some of the techniques used by NSA to penetrate other computer systems, the tools they used, and how the US defends its networks.
The IC has been getting away with some preposterous things lately because their security is not what it used to be, and I put that as mildly as I can because that is not what I would like to say. How are contractors, including one who put documents in her pantyhose before leaving the building, managing to take secrets home to use on their own computers or send to newspapers? This is the kind of stuff that does not happen when there is a disciplined security program that tracks downloads, printing, and inventory of documents. What has happened to that kind of security? Why are you doing all that insider threat stuff, if you aren’t paying attention to the indicators of what insiders do?
Somebody has lost sight of why we do security to begin with and some of those are management people at the very top of these organizations. A few are security organizations who have forgot why they exist and have filled out checklists blindly while people walked out the door with secrets. We should know by now that rote security will not do much for an organization, even if they are paying attention. Contractors are not exempt from these programs, but in too many places contractors are both the workforce and the guardians of secrets. That does not work very well. The interests of the contractors are not the same as the best interests of the government agency. They get lax, as do their Government oversight folks, and they don’t have a penalty for that. Who is going to report their laxness?
We need to reexamine any contracts for security of organizations and get back to what is inherently a government function, start training our people to recognize the events that software is showing them, and do a little internal security. We have said for decades that the insider is our biggest threat, but have never acted accordingly. These examples in the news are just indicators of how bad things have gotten. Snowden was the prime example and you would have thought organizations would have responded accordingly. The fact that they haven’t tells us something about the leadership they are getting.
No comments:
Post a Comment