Database Security and the Federal Government – Impossible Dream?

Posted on December 1, 2010

Until all computers and servers used throughout the departments of the Federal Government have been updated and databases standardized together with global use of practices and procedures for data entry and extraction, the stakes will be high that operations such as WikiLeaks will continue to have materials stolen from our federal databases available to them.

In the computer age, the only computer that is “safe” is one that is offline and locked.  The bottom, bottom line is, however, that human beings are overseeing these machines doing input, maintenance and data extraction.  Anywhere along that long road from input to extraction something can happen as a result of human error and this will provide an opening for yet another human to take advantage of this situation and rip off data.

The import of our federal databases to our security was amply illustrated when individuals on terrorist watch lists were able to board aircraft.  Databases were not properly “talking” with one another across departments and procedures were not in place to ensure the database was checked prior to takeoff.  This has been resolved.

Our federal data bases will only grow larger and more complex with the addition of new departments legislated into being under the Obama Administration.  We need to spend more time and money than we  have on our hardware, software  and data integration with a view to both use and security.  Specifically think how insecure the average American must feel about having to surrender his/her medical information to a federal data base if they are not secure.

But aside from  purely technical issues, we need to “clarify” what is punishable when data is hacked or downloaded.  In the case of WikiLeaks,

Bradley Manning, a 23-year-old Army Pfc., is suspected in the leaks. He has been charged with eight counts of violating U.S. criminal code, and is being held in Quantico, the Marine Corps. prison in Virginia.

David Coombs, an attorney for Manning, told CNN in September Video that “there’s nothing that I have seen that indicates that there is any evidence tying [Manning] to any of these leaks.” [CNN]

But shouldn’t the publisher of stolen data (in this case WikiLeaks) be responsible in some way for the damage incurred by the release of classified information? CNN’s Senior Legal Analyst, Jeffrey Toobin,  has commented:

The U.S. government will almost certainly pursue Assange separately from WikiLeaks. Prosecutions of corporations are rare; they usually involve attempts to recover heavy fines. Since there is not much money at stake in WikiLeaks — it’s not a very big company — the only real issue is the criminal complicity of the people involved in it. That will be the major focus of the criminal investigation.

Q: Do the government’s options against pursuing Assange personally or WikiLeaks as an organization change if the U.S. can demonstrate that Assange or WikiLeaks provided help in downloading intel?

A: Espionage and unauthorized distribution of classified information are crimes. I can’t speculate about the many ways those crimes can be committed. There is a lot we don’t know about how WikiLeaks obtained and distributed these documents. [CNN]

Lots of questions, few answers but certainly whatever the outcome, the federal government needs to get its cyber house in order.  In these times of fiscal restraint, it is doubtful just how much progress can be made.  Whenever you hear that our debt crisis has made us less secure, this is one of the key areas in which this will be happening.

©On My Watch…the writings of SamHenry.  Registration pending.