I was reminded of an editorial that I had done for InfraGard iGTV. The following excerpt seems both responsive and instructive.
.....government systematically over
classifies, partly out of bureaucratic habit, sometimes for political reasons,
partly because the cost of protection is born by the users and custodians, not
the classifier, of the data. At least partly as a consequence, it under
protects. Leaks are the inevitable consequence.
Note that while these leaked
documents are embarrassing and while the leaks will inevitably make recruiting
more difficult, few of them required or deserved exceptional protection
As much as some national
security types resist the idea, classification is an economic
decision. It may not be a decision about the value of the
data, or even about the value of preserving its secrecy, but it is a
decision about the cost that one is willing (for others) to incur to protect
the data. It is a decision about how to allocate scarce, in some
cases limited security resources. We protect data at the expense of
data that we do not protect.
Finally, we are relying on the
integrity of people because they are cleared instead of because they are
monitored and supervised. According to the Times, only half of the
computers in the SIPRNET are even equipped to monitor users for unusual access
and far fewer than that are actually supervised.
The Bush administration abused
intelligence sources and distorted the security culture. WikiLeaks
is the inevitable result.
The pendulum must swing back but
we have to both do the right thing and do things right. Since the alleged
leaker is alleged to have copied the data to a CD that he pretended to be
listening to, DoD has ordered the removal of CD drives and USB ports.
This will prove to be about as effective forbidding the use of
earphones.
The right direction is
fundamental, if not obvious. We must classify fewer documents and limit
access to those we do. We must limit the access that insiders have, hold
them accountable for the access they use, and use them to protect us from the
outsiders. We must clear fewer people and investigate, monitor, and
supervise them better. We must do all this while reforming the culture
that rewards, rather than punishes, over classification
There are no
surprises in this list, no silver bullets, no magical expectations. Just
hard work. Please do not whine about how hard this is. Do not complain
because it is difficult. Do not even mention that there will still be
leaks and that we will still be blamed. That is why we are called
professionals and are paid the big bucks."
You may also want to check out my
entry in this blog on the subject of Classification and Labeling
No comments:
Post a Comment