Well, we have an admission by the Navy that says some of its contractors were hacked and whoever hacked them got classified information. I would like to believe that was not true because I spent so many years doing Industrial Security in some of those same facilities.
First, for a better understanding of what Industrial Security is see Protecting Classified Information in Industry. Getting classified information from these small contractors (I really doubt that they were small) should never be able to happen. The systems have to be approved by the government and managed by rules that should be sufficient to keep classified information out of the hands of the Chinese.
Years ago, the Chinese were said to be working on air gaps (I think it was Ars Technica that carried the article), and at the time most of the press that covered it had no idea why they were trying to develop ways to get past systems that were not connected to the Internet. My guess is they have perfected those techniques and the Defense Security Service which does this kind of security, has not done much about it. They need to get their act together. Encryption of classified systems is surely required if this has been happening.
No comments:
Post a Comment