This is still a story unfolding, but there are two immediate conclusions that can be drawn. My thought process on how I reached them is below:
All of us have some opinions that are best not shared
All of us say things that we don’t want repeated in public (this is why late night Facebook entries are so much fun).
All of us have written correspondence that we later regret
Even our best friends sometimes think we are behaving like an idiot
Systems are only as secure as the weakest link
There is a difference between classification and impact. 1 x SECRET document leaked = bad. 250,000 x SECRET document leaked = catastrophe*
The US Government uses a private network (Cloud! Cloud!!!! There I go again…) which is supposed to ensure that information is shared, rather than siloed as used to happen. This is a laudable. But is it workable? Can information really be shared by 3.5 million people without there being a leak? (Clearly the answer is a resounding ‘No’). It strikes me that the key thing here is procedures, and that is the piece that failed. Also, apparently the chap pulled down all the information onto a CD. How ON EARTH did he get away with that?
Ignoring the moral and political impact of the Wikileaks saga for a moment, this incident demonstrates two things
1. You have to assume that if you put something in writing, someone else will be interested in it and will want to read it
2. The 3 P’s still apply: Process, Procedure, Product. All of these appear to have been ignored here. Hardly surprising the leak happened is it?
Personally, I’m waiting for the really saucy stuff to come out. World War Three is all very well, but you need to have a laugh don’t you?
*Although this is still disputed in this case, but as a general yardstick, this constitutes a catastrophe