What does the wikileak saga teach us? (Part One of many)

This is still a story unfolding, but there are two immediate conclusions that can be drawn. My thought process on how I reached them is below:

Some facts.

All of us have some opinions that are best not shared
All of us say things that we don’t want repeated in public (this is why late night Facebook entries are so much fun).
All of us have written correspondence that we later regret

Some truisms

Even our best friends sometimes think we are behaving like an idiot
Systems are only as secure as the weakest link
There is a difference between classification and impact. 1 x SECRET document leaked = bad. 250,000 x SECRET document leaked = catastrophe*

The US Government uses a private network (Cloud! Cloud!!!! There I go again…) which is supposed to ensure that information is shared, rather than siloed as used to happen. This is a laudable. But is it workable? Can information really be shared by 3.5 million people without there being a leak? (Clearly the answer is a resounding ‘No’). It strikes me that the key thing here is procedures, and that is the piece that failed. Also, apparently the chap pulled down all the information onto a CD. How ON EARTH did he get away with that?

Ignoring the moral and political impact of the Wikileaks saga for a moment, this incident demonstrates two things

1. You have to assume that if you put something in writing, someone else will be interested in it and will want to read it
2. The 3 P’s still apply: Process, Procedure, Product. All of these appear to have been ignored here. Hardly surprising the leak happened is it?

Personally, I’m waiting for the really saucy stuff to come out. World War Three is all very well, but you need to have a laugh don’t you?

*Although this is still disputed in this case, but as a general yardstick, this constitutes a catastrophe

Advertisements

About Graeme Stewart, McAfee

I work for McAfee as Director of Public Sector Strategy and Relations, UK&I
This entry was posted in Legal, Security, Sophos. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s