Friday, December 10, 2010

Wiki Leaks and Cyber Operations

The casualty of Wiki Leak document dump will be the Defense Department’s latest concept of pushing vital information down to the front lines. For instance, in the Navy’s concept of Information Dominance operations it will be the lower ranking officers and enlisted men who are expected to sort out relevant battlefield views from the masses of information that had heretofore been laboriously sifted through layers of intelligence staffs.

Wiki Leaks have now jeopardized the doctrine of making data broadly available at the fighting level. The current shocking reception, at highest DoD levels from Wiki Leaks, should not come as a surprise. War fighting units were granted greater access to information without a corresponding reorganization how DoD networks and applications would operate for increased transparency.
 
DoD must deal now with the conflicting objectives. On one hand soldiers in a forward operating bases should have all of the information that could affect their operations.

On the other hand, making information indiscriminately available is very risky, particularly if intelligence from other agencies (such as the Department of State) or Allies is also involved.

DARPA has just launched the Cyber Insider Threat (CINDER) project to make it difficult for troops to funnel classified material to hostile sources through increased surveillance. Unfortunately, increased surveillance does not offer an answer on account of the enormous number of transactions as well as huge numbers of people involved.

 The answer to the data leak problem lies, as it has always been, in compartmentalization. There is a scope as well as a “boundary of relevancy” that surrounds all military and civilian personnel. What are the “need to know” conditions changes rapidly, depending on the location, mission and functions performed.

The present personnel systems are not designed to track, without delay, how an individual’s “boundary of relevancy” changes. Even simple personnel events, such as revocation of a CAC card, take too much time and is administratively ponderous. Short-term re-assignments of a person’s scope of security access are very difficult to do as conditions change. Intelligent surveillance of any anomalous transactions that do not match a security profile is beyond the scope of current technological capabilities in data processing and in data mining.

SUMMARY
    There are good and workable technology solutions available for overcoming unauthorized exfiltration of information from DoD operations.  The cyber insider problem can be solved through re-engineering of the speed how access authorizations files are granted.

The monitoring of transactions and files must be also changed from reliance on the security of millions of desktops and over 700 data centers to only a few pools of servers that can be monitored and archived.