Monday, November 29, 2010

The downside to better information-sharing: the human factor aka rotten apple with a security clearance

Via WaPo by Ellen Nakashima: With better sharing of data comes danger: Excerpt

The American intelligence community came under heavy criticism after Sept. 11, 2001, for having failed to share information that could have prevented the attacks that day. In response, officials from across the government sought to make it easier for various agencies to share sensitive information - effectively giving more analysts wider access to government secrets.
[...]
"One of the consequences [of 9/11] is you gave a lot of people access to the dots," said Jeffrey H. Smith, a former CIA general counsel. "At least one of the dots, apparently, was a bad apple."

While WikiLeaks has not identified the source of the more than 250,000 cables, suspicions have centered on a 23-year-old Army private, Bradley Manning, who was also the suspected source of the military intelligence documents from Iraq and Afghanistan.

In a series of chats with an online companion, Manning said this spring that "*someone* i know" - apparently a coy self-reference - had gained access to 260,000 State Department cables from embassies and consulates around the world "explaining how the first world exploits the third, in detail."

"Hilary Clinton [sic], and several thousand diplomats around the world are going to have a heart attack when they wake up one morning, and finds an entire repository of classified foreign policy is available, in searchable format to the public," he said.
[...]
To prevent further breaches, the Pentagon announced Sunday it had ordered the disabling of a feature on its classified computer systems that allows material to be copied onto thumb drives or other removable devices. (Manning reportedly told an associate that he once copied data onto a CD labeled as Lady Gaga music.)

The Defense Department will limit the number of classified systems from which material can be transferred to unclassified systems. It will also require that two people be involved in moving data from classified to unclassified systems.

Such efforts "should have been done long ago before any of this happened," said Steven Aftergood of the Federation of American Scientists. The rush to knock down so-called "stove-piping" without hardening operational security "was asking for trouble," he said.
[...]
A former senior intelligence official said that over the past decade access to Siprnet has ballooned to about 500,000 or 600,000 people, including embassy personnel, military officials from other countries, state National Guard officials and Department of Homeland Security personnel.
[...]
He said that the answer to network breaches is not to restrict access but to improve the vetting of personnel by strengthening the clearance process.

"The fact that you've got someone exfiltrating information doesn't mean you've got a technical problem," he said. "You've got a human problem."

Read the whole thing here.

The FS blog, Dead Men Working has an item here on the the leaks and security clearance.

We must confess that we fell off our horse when we read this item above: "Pentagon announced Sunday it had ordered the disabling of a feature on its classified computer systems that allows material to be copied onto thumb drives or other removable devices."

Even after the previously war log leaks, the Pentagon only ordered the disabling of this function yesterday?

Holy mother of goat and all her wingnut nephews!
    
Elsewhere in the interwebs, it has been reported that Hillary Clinton has "ordered" FSOs to spy on diplomats in the UN, because see there's a cable out there with her name at the bottom.

Ughh! Are they saying that she wrote all those cables that have her name on it?  Really? But ALL cables coming out of the State Department when the Secretary of State is not traveling will have "CLINTON" as sign-off signature, approved through multiple layers of the alphabet soup, functional and regional bureaus, etc. She does not actually write them, dudes. And when she is traveling, the sign-off signature changes to whoever is in charge of the building, like "STEINBERG" or "BURNS" (since new D/MR "NIDES" has not been confirmed yet).Yes, that building has a life of its own.

The same is true with the embassy cables. The leaked cables were the transmitted ones; they usually do not include the names of the writers.  And like the State Department cables, they all have the embassies' chiefs of missions in the sign-off lines. Does it mean the ambassador is XYZ country wrote all those cables? Goodness, no! Would they be able to go anywhere else or do anything else if they were all tied to their desks?

We suspect that this leak will have several repercussions on process, access and and more, and most probably for the short term, make the embassy reporting jobs more difficult than they already are (Already, OMB under newly confirmed director, Jack Lew has issued a Nov 28 memorandum on WikiLeaks and the Mishandling of  Classified Information).  But after reading some of the published cables, we feel that this is middle bad, not top bad. That could quickly change if anyone, including sources named in these cables end up in a pickle, i.e. gets whacked.  Richard Haass, the president of the Council on Foreign Relations did call the leak "somewhere in the middle" when asked to rate this "diplomatic disaster" whether "bad, not so bad, or somewhere in the middle." 

Benedict Brogan, the Daily Telegraph's Deputy Editor writes about the embarrassment of the leak which we thought makes some sense: 
[H]owever much the Guardian, the New York Times and Julian Assange assure us that this represents a shattering blow to every assumption we hold about foreign relations, the fact remains that it’s a collection of little substance that will do nothing to reshape geo-politics. The Saudis would like someone to whack Iran? No kidding. Afghanistan is run by crooks? Really? Hillary Clinton would like to know a lot more about the diplomats she is negotiating against? You surprise me. The Russian government may have links to organised crime? Pass the smelling salts, Petunia. The Americans are secretly whacking al-Qaeda operatives in Yemen? What, you thought the Yemenis were doing it? Muammar Qaddafi has a full time, pneumatic Ukrainian ‘nurse’? Nice one. Diplomats are terrified of Pakistan’s nukes? Me too. And so on, ad infinite boredom. Perhaps something better will pop up, but nothing I’ve read since last night’s surprises.
[...]
Effective diplomacy involves all the transgressions Wikileaks is exposing. Embarrassment is just the consequence of exposure. Perhaps the more sophisticated response is to stand firm, to assume a degree of worldiness from those involved in the world of diplomacy (who will for example enjoy seeing the US Secretary of State squirming about her UN spying operation, but only because theirs hasn’t been exposed as well), and to accept that occasional embarrassment is an occupational hazard in a 21st century marked by vast quantities of information circulating in all too accessible digital form.

True. Dat.  It's not totally technology or system error, but also user error, the human factor aka: the rotten apple with a security clearance syndrome. Should information sharing now take a back seat for fear of rotten apples with thumb drives?  

Former diplomat and Wilson Center scholar Aaron Miller writes that "The republic will survive the WikiLeaks brouhaha; but there's a lesson here for all of us: whether you're in Washington or Kabul, think and think hard before you draft." We agree about the survival of the republic but -- do we really want our diplomats to be more politically correct than be brutally candid when reporting to our policy makers? What used would that be to our decision makers? 


And here the cables are called "insulting [to] world leaders." You should read what foreign diplomats wrote about George W. and our congressional leaders.  Oh, right, you can't -- those are all in secret diplomatic channels going overseas, too.  Secret for now until WL gets there.

We do think that in the future, it would be nice if there's a well tested fire extinguisher right over there before somebody shouts the order to bring the "stove-pipe" walls down.      

In any case, to those who are shocked, shocked at reading these leaked cables -- a simple perspective on the diplomatic tradecraft:  The foreign diplomats in WashDC, the UN in NYC and elsewhere around the United States are there for the view. Really.



Update @ 8:31 pm.

The Secretary of State has just completed her 1pm EST press appearance addressing the leaks. We will post video/text here as soon as they are available.






1 comment:

Consul-At-Arms said...

I've quoted you and linked to you here: http://consul-at-arms2.blogspot.com/2010/11/re-downside-to-better-information.html'