Every time that you see a story about a hacked computer system – customer records, databases, whatever – you have to wonder about the intelligence in the organizations that allowed it to happen.
Now an even bigger threat – the potential security of the US – has apparently been revealed. I have to say "apparently" because the source of the story was The
Wall Street Journal, and that immediately raises red flags from the fast-declining publication, now that the Murdoch name is on the masthead and any story that is able to knock China about seems to easily slip into print.
This particular
computer breach was alleged to have been into the Pentagon’s computer system and was reported to be cyber spies, Chinese no less, digging into the most costly weapons program in US history: the F-35 Lightning II Joint Strike Fighter project.
(It is arguable that the $300 billion, so far, radar-evading flight program is a total waste of money, being designed for an enemy that no longer exists: that was an argument that Defense Secretary Gates himself used when
announcing an end to the F-22 Raptor program just a couple of weeks ago. In the case of the F-35, however, he proposed that the program should be expanded to a total of 2443 aircraft at an expected cost exceeding $1 trillion.)
The fact that there should be any information on the F-35 accessible by the outside world is quite obscene, and the breach is being played down with statements about the material available only describing things like engine maintenance cycles.
In this case it is probably not directly the Pentagon’s fault; the real meat about the F-35 is undoubtedly held on computers with no access to the outside world at both the Pentagon and the three contractors sharing the work. No, the problem is almost certainly the fault of the contractors misusing communications channels with the Pentagon.
As IT experts and security specialists know full well the onus for security must rely on the systems themselves. You can teach users good practices and how to behave with the data that they have, but you cannot make them behave well all the time. From the idiot who autopilots his e-mail to the point that he unconsciously broadcasts a complaint about his boss to the whole company, to all the idiots who leave their laptops on trains, buses, and airplanes: there is a physical barrier that has to be crossed in order to protect your data.
Sun Microsystems, who it was recently
announced will be put out of its misery by being acquired by Oracle, used to have a very simple policy about outside access from their offices. If any employee, at any level, was seen to have an outside connection to their computer – with a modem connected, for example – they would be terminated on the spot. That was one of the few cases, it seems, where the 25-year old company’s management understood the dangers of the outside big world.
Until a lot more organizations wake up you won’t find me using on-line banking, for example, and paying your bills with debit cards has got to be one of the only times in the financial world where you are presumed guilty of all debits, with no recourse to common sense. And are we
always told, do you think, when a large merchant has had our names and credit card data hacked from their system? No, that wouldn’t be good for business…
