The Public Eye with Eric Chabrow

The Inevitable IT Security Breach

The Inevitable IT Security Breach

Put politics aside. The leak of 75,000 internal military logs on the Afghanistan war, known as the Afghan War Diaries or the War Logs and posted on Wikileaks.com, is a major IT security breach. But the fact that the breach - or leak - of such magnitude occurred didn't seem to surprise many. And, two recent reports show why.

The Washington Post's investigative series published earlier this month, Top Secret America, revealed that an estimated 854,000 people hold top-secret security clearances.

On Wednesday, Verizon issued its 2010 Data Breach Investigations Report that blamed insiders with nearly half of the breaches last year, up 26 percentage points in one year.

With so many - or should I say too many - people holding top-secret security clearances and insiders being eyed as an increasing IT security threat, the fact that the War Logs become public shouldn't be a shock.

No one has been charged with this breach, though suspicion has fallen on a low ranking Army intelligence analyst who the military is detaining and has charged with transferring classified data onto his PC, adding unauthorized software to a classified computer system and transmitting and delivering national defense information to an unauthorized source in a case not related to the War Logs.

The Verizon reports suggests even low-level individuals with limited security clearances pose a threat:

"While it is clear that pulling off an inside job doesn't require elevated privileges, evidence consistently supports that they do facilitate the bigger ones. ... This finding is not surprising since higher privileges offer greater opportunity for abuse. In general, we find that employees are granted more privileges than they need to perform their job duties and the activities of those that do require higher privileges are usually not monitored in any real way.

Whether you feel the leaker is a whistle-blowing hero shedding light on questionable practices in a growing unpopular war or traitor placing the lives of our troops in peril, the leak lays bare the failure of the government to secure sensitive documents stored in its IT systems. And, that should be a concern to all, irrespective of ones political beliefs.

* * *

Also see:

2010 Verizon Data Breach Report: Insiders are No. 1 Threat, an interview with the report's coauthor.

Most Breaches Caused by Crime Gangs



About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.