Believe it or not, according to a report from the Washington Post, “the National Archives lost a computer hard drive containing a large amount of sensitive data from the Clinton administration, including Social Security numbers, addresses, and Secret Service and White House operating procedures, congressional officials said yesterday...”
Apparently, the drive was lost between October and March, and it contained one terabyte of data — enough material to fill millions of books… According to California Republican Rep. Darrell Issa, the hard drive was moved from a "secure" storage area to a workspace while it was in use. The inspector general explained that at least 100 badge-holders had access to the area where the drive was left unsecured… Besides those with official access to sensitive material, the inspector general said janitors, visitors, interns and others passed through the area… Further, the workspace is in an area that Archives workers pass through on their way to the bathroom…
Many things trouble me about this report—but the biggest one is that inexpensive, commercially available solutions that would have made the hard drive useless to unauthorized parties have been around for years. These solutions cost less than $100 and there are numerous quality systems available. For example, John Muir and Bill Bosen of Trusted Strategies first built one in 1987, and this solution eventually became Pointsec. There are Federal security standards that should have enforced encryption. What were these people not thinking?
People in the National Archives are charged with organizing, preserving and protecting data, there are Federal requirements to do so, there have been numerous previous incidents from which to learn, and the means to provide adequate security are readily at hand. How can there be any excuse for this?
There is a lot to worry about when we talk about our nation’s cybersecurity vulnerabilites. But we are talking about a fundamental breakdown in process here, and this worries me more than anything. This incident is striking evidence of the truth that security is only partially a technology problem, and is largely an issue of personal and social responsibility. Until people grasp that reality, security will be elusive…
How can we expect to protect our country, even if we do manage to enact reforms that will allow innovative solutions to find their way into the hands of those who need them, when the barn door is being left wide open?
You must be logged in to post a comment.