Expert Analysis

01:09 PM
50%
50%
Repost This

Schwartz On Security: WikiLeaks Highlights Cost Of Security

The lack of advanced safeguards on the State Department cables represents an astute non-investment, given their stale content.

"Freedom of expression is priceless. For everything else, there's MasterCard." So said one of innumerable tweets last Wednesday with the news that "Operation Payback" had taken down the MasterCard Web site after flooding it with packets.

The revenge attacks by the "hacktivist" group Anonymous have also targeted Amazon.com, EveryDNS.net, and PayPal for their decisions not to do business with WikiLeaks. "The reason is amazingly simple," Anonymous member Gregg Housh told The New York Times in an interview published on Monday. "We all believe information should be free, and the Internet should be free."

However, the attacks raise this broader question: Is it even worth -- in terms of time, money, or government resources -- trying to force WikiLeaks offline or attempting to secure the majority of government systems against leaks?

Answering the question requires identifying who's really to blame for the security leaks. Australia's Foreign Minister, Kevin Rudd told Reuters on Monday that the culprit isn't WikiLeaks founder Julian Assange. "Mr. Assange is not himself responsible for the unauthorized release of 250,000 documents from the U.S. diplomatic communications network," he said. "The Americans are responsible for that."

Indeed, if WikiLeaks didn't exist, and you were an insider -- perhaps a low-level Army intelligence analyst -- who wanted to leak information, what would you do? Burn some CDs and mail them to the world's major newspapers. E-mail photographs of computer screens. Read text out over the phone. End result: the same.

If government officials didn't want the State Department cables to escape, they did a poor job of securing them. In an e-mail to reporters on the eve of the first December WikiLeaks disclosures, Pentagon spokesman Bryan Whitman said 60% of Department of Defense computer systems now have software for "monitoring unusual data access or usage."

Of course, if the DoD were serious, such mechanisms should have been in place for 100% of the agency’s computer systems. "Logically, you should be able to say that a 22-year-old Private First Class shouldn't be accessing 250,000 documents and sensitive cables sent by Hillary Clinton," says Rob Rachwald, a security strategist at Imperva.

In fact, not monitoring practically invites disaster. "Absolutely, it should have been monitored, by the very fact that you call it a classified network," Rachwald says. "By its nature, it becomes more interesting and more valuable." Furthermore, the 40% of Defense Department systems that aren't being monitored -- as well as the public knowledge of that very fact -- suggests more leaks are in store.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
More Blogs from Commentary
Infrastructure Challenge: Build Your Community
Network Computing provides the platform; help us make it your community.
Edge Devices Are The Brains Of The Network
In any type of network, the edge is where all the action takes place. Think of the edge as the brains of the network, while the core is just the dumb muscle.
Fight Software Piracy With SaaS
SaaS makes application deployment easy and effective. It could eliminate software piracy once and for all.
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ≠extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed