WikiLeaks: An Insider's Perspective

Thursday, September 08, 2011

John Linkous

39728eff8ac87a48cfb050f0df29ceaa

Wikileaks was expensive.  But, it may also have been a bargain!  

It was the ultimate "Chicken Little" event for Federal agencies. The only difference between WikiLeaks and Chicken Little's experience was that some of the sky had fallen in!  

Having been aware there was always an insider threat the focus, in recent years, had been protecting against external threats. WikiLeaks was a wake up call.

How did Federal agencies respond? To be blunt, initially not well. Everybody from the lowest to the highest-level Government executives ran from their offices announcing that the sky was falling in!

It was like a scene from a Lewis Carol novel - meetings about meetings about meetings. Each meeting participant waving a willing digit to plug the leak - if only they knew where the hole was; by that point, however, it was too late - the dam had been breached.

Frustration mounted because there was no single person to be beheaded! Not for the commission of the incident but for the lack of prevention thereof. There was no single place to be fortified and defended to the hilt!

WikiLeaks forced a fundamental rethink of information security systems, processes and technologies

WikiLeaks provided a real challenge to traditional military tactics, much like those faced by our troops in the war against terror - there is no obvious focus for either offensive or defensive actions.  

When the WikiLeaks breach was first discovered fleets of vendors and contractors hungrily descended on any executive location that would give them audience. Each proclaiming that their technology was the miracle elixir for our cyber security breaches past, present and future.

It's nothing new - it's easy to say you could have prevented something that has already happened... nobody can ever prove it one way or another.

I remember years ago, the Goodyear Tire Company touted the slogan "Goodyear Rubber could have prevented this accident." Cyber vendors assumed a similar position. But WikiLeaks was not an accident! As we would later learn it was a failure in the process.

As the vendors converged on federal agencies the cry went up... ‘Shut all the doors! Close all of the windows! Monitor all phone calls! Deny access to all wearing plaid shirts! Full body search at every entry and egress point!'.

An effective strategy for dealing with the Vendor issue, perhaps, it was a knee-jerk reaction and failed to address the fundamental problem.  The only defense against another WikiLeaks attack was going to be a fundamental review of systems, processes and technologies.

Many asked why, given that Agencies had the latest incident and event management technologies, the breach had not, at least, been spotted sooner - even if they were unable to prevent it completely. What followed is a response unlike any I've seen to date in the commercial sector.

On balance, WikiLeaks was a positive thing

With the benefit of hindsight, it could be argued that WikiLeaks has been a positive thing for Government security.  It didn't feel that way while it was still in full swing, but the response from the Federal information security community has been first class.

Before I explain why and how, let us not forget the acquisition community and through no fault of its' own, the archaic processes levied on it by lawmakers! "Cyber Security can be a program of record! We can have this on the street as an RFI in six months. If all goes well we can begin fielding this in less than two years unless there are protests!"

The threat landscape, however, is evolving much more quickly than that - as, to their credit, have Federal security professionals. A fundamental review of information security systems, processes and technologies has taken place since WikiLeaks. 

General Keith Alexander, Commander U.S. Cyber Command summed up the shortcomings when he said, "We need real-time situational awareness in our networks to see where something bad is happening and to take action there at that time."  You can't always stop bad things from happening, but with the right information you can see them happening and take action to repel them and limit the damage done.  

Federal systems, technologies and processes are currently undergoing a massive rethink to give information security professionals the situational awareness they need to limit the damage of the next WikiLeaks - because everybody is aware there WILL be another one!

The Takeaways

So what are the takeaways from the WikiLeaks breach? I believe they are the following:

• Federal agencies saw WikiLeaks for what it was - a wake up call - and has fundamentally rethought every element of how its delivers information security for Government data.

• Our new Secretary of Defense has stated that it is highly probable that our next war will be fought in Cyber Space. We can't afford to lose that war! There is, however, a realization that the insider threat may play a part in any cyber war.

• Flexibility will be critical if agencies are to continue to provide effective cyber and insider threat protection. Often [and sometimes unfairly] criticized for being behind the curve in innovating new solutions to an array of problems Federal information security professionals are now thinking outside of the ‘box'.

• Don't assume you have sufficient expertise in your organization to solve this problem internally. One of our country's newest combat motto's is "Never send our soldiers into a fair fight." Arm them with all of the tools to make this fight unfair to our enemies. This is as true on the battlefield as it is in cyberspace.

• Fund new research.

• Listen to your operators. If they tell you something isn't right, it probably isn't.

As a result of WikiLeaks, commercial Enterprises can learn much from the Federal information security community. It's motivated us to design and implement a solid, flexible, information-based cybersecurity posture that will help us to detect, protect and resolve future threats - whether they come from within the agency or from an army of cyber attackers on foreign shores.

For that reason alone Wikileaks will have been a bargain for the United States.

Cross-posted from The Situational Room 

Possibly Related Articles:
29356
Network->General
Federal
Data Loss breaches Insider Threats Government DoD Vendor Management WikiLeaks National Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.