A hot topic of discussion amidst security professionals is
the Bradley/Chelsea Manning case, the US soldier who was today convicted for 35 years for leaking classified cable
documents and media footage to WikiLeaks. The question security professionals
are asking, is how come one guy, seemingly at a lower rank level, had access to so much classified information in the first place? Where was the ‘need to know’ access doctrine?
And where was the information access controls?
The answer to these questions is simply 911. As a result of the soul searching in the
aftermath of terrorist attacks on the World Trade Centre and Pentagon in 2001,
US politicians decreed the military and their various security service agencies had a
communication disconnect, and had failed to share vital information between
each other, which may of prevented the attacks, as concluded in post 911 reports such as The 911 Commission Report.
In the decade since 911, much of the ‘need to know’ basis
access was relaxed in the US military and across US secret services, so information could be shared more freely. It would appear this relaxation on information sharing is what Manning exploited, and allowed him (now her) to steal vasts amounts of information from all and sundry.
The Manning case is not just an example of the rogue
internal staff threat, but the case shows there is always an
imperfect trade off between the elements of risk/security and function, the very same balancing act applies
within business settings..
2 comments:
thanks for this blog..........!!!
http://www.fingerprintexpert.in/
thanks for this blog..........!!!
http://www.fingerprintexpert.in/
Post a Comment