Wednesday, 21 August 2013
Why Manning had access to vast amounts of Classified Information
A hot topic of discussion amidst security professionals is the Bradley/Chelsea Manning case, the US soldier who was today convicted for 35 years for leaking classified cable documents and media footage to WikiLeaks. The question security professionals are asking, is how come one guy, seemingly at a lower rank level, had access to so much classified information in the first place? Where was the ‘need to know’ access doctrine? And where was the information access controls?
The answer to these questions is simply 911. As a result of the soul searching in the aftermath of terrorist attacks on the World Trade Centre and Pentagon in 2001, US politicians decreed the military and their various security service agencies had a communication disconnect, and had failed to share vital information between each other, which may of prevented the attacks, as concluded in post 911 reports such as The 911 Commission Report.
In the decade since 911, much of the ‘need to know’ basis access was relaxed in the US military and across US secret services, so information could be shared more freely. It would appear this relaxation on information sharing is what Manning exploited, and allowed him (now her) to steal vasts amounts of information from all and sundry.
The Manning case is not just an example of the rogue internal staff threat, but the case shows there is always an imperfect trade off between the elements of risk/security and function, the very same balancing act applies within business settings..