Pfc Manning & Wikileaker Assange Aren’t The National Security Risk: Poor Information System Design Of Data Access Policies Is To Blame

Lady Gaga performing "Paparazzi" on ...

Image via Wikipedia

Who is losing their job in information systems security design at the firm that decided on a “one-level” data access policy? While there was clearly too little sharing of data before 9/11, it’s difficult to fathom that a decision was made to make the most-sensitive government documents easily available to an army with the lowest rank possible. If it wasn’t Pfc Manning, it would have been someone else.

Many people view what Pfc Manning did as “treason,” and I wouldn’t have done it. But the real treason was implementing a data access system that made everything available to everyone. Any information technology expert worth their salt knows that it is possible to set up levels of data access. And that levels of data access need not necessarily reduce information sharing and the ability to discern trends to “connect the dots.”

Why isn’t their more media focus on the Kindergarten level information systems design that created this National Security Risk? It’s almost as bad as the media’s failure the shame the Senate into passing the Zadroga (9/11 First Responders Illness) bill. Well hopefully Jon Stewart managed to focus the appropriate shame on Mitch McConnell, Jon Kyl and Co.

Maybe the Pentagon could use some advice from the Department of Health and Human Services information technology people. They have held sensitive patient information in computer form since Medicare was enacted, and, to my knowledge, have never had a security breach like the “Lady Gaga CD” caper.

BTW, Everything about the private who downloaded the diplomatic cables says that it was stolen using a CD labeled Lady Gaga. Can all of that data have fit on a single CD? Perhaps it was a DVD…Little technical detail, but all that in under a gigabyte?

So…Let’s try and keep our National information systems data security used by the military to a level at least as good as that in place at the Department of Health and Human Services. With levels of access. Not “you’re cleared, you now have access to everything.”

Advertisements

About Benjamin D. Zelman

www.zelmanandcompany.com
This entry was posted in Data Security/WikiLeaks. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s