I feel bad for the US Government and Military. They are in a horrible position.
Prior to 9/11, many systems were separate and did not communicate with each other. Where systems did communicate with each other, security measures in place did not allow many people to see anything beyond their immediate need to know.
After 9/11, someone reached the conclusion that if more information was available to more people, perhaps someone might have been able to put all the dots together and prevented the attacks on the World Trade Center and the Pentagon.
So systems were opened up and more people had more access. I have no insider information, but I’m willing to assume that’s how a lowly PFC had access to sensitive diplomatic information.
You have to remember two things:
- The US military serves the Congress. This is significant. They do what the Congress tells them to do. It puts control of the military into the hands of The People (instead of control of The People by the military). It is a core strength of the US system of government.
- The Congress is filled with self-serving, short-sighted reactionaries who often do not look beyond the next election. The US was attacked and a root cause MAY have been information compartmentalization? Remove compartmentalization! Oh, removing the compartments results in CableGate? Put the compartmentalization back in place!
I think the right person to look at this problem is the Chief Technology Officer of the United States (currently Aneesh Chopra) and the Chief Information Officer of the United States (administrator of the Office of Electronic Government, part of the Office of Management and Budget. I believe the current holder of that office is Vivek Kundra).
I do not believe that information security is on either office holder’s agenda.
Mr. Chopra is currently waist deep in electronic medical records.
Mr. Chopra’s agenda (as outlined by President Obama during Mr. Chopra’s nomination) is:
…promote technological innovation to help the country meet its goals such as:
1. job creation
2. reducing healthcare costs
3. protecting the homeland
As you can see, information security is not listed, although can be implied by #3.
Mr. Kundra is currently waist deep in projects like data.gov and the Federal IT Dashboard… projects aimed at making government more “open and accessible”, diametrically opposed to keeping secrets.
Mr. Kundra’s current agenda is:
1. ensuring openness and transparency
2. lowering the cost of government
4. participatory democracy
Cyber security is #3 on the list. I’m betting his priorities are going to be shuffled a bit.
Both appointees serve at the pleasure of the President (although Mr. Chopra had to be approved by Congress, Mr. Kundra did not). As such, they are there to support President Obama’s political goals (job creation, transparency, healthcare).
The solution to this is for the President or the Congress to empanel a commission to make a policy recommendation going forward that would reconcile the contradictory needs of “openness” and “security”. That panel should include Chopra and Kundra, but should also include representation appointed by the Joint Chiefs of Staff and the State Department.
Given the workings of the US Government and the speed at which these organizations work, it would be at least a year (likely more) before something workable can be recommended and at least 5 before the policy recommendations can be implemented.
Dusting off the trusty Magic Eight Ball, I see some serious research into DRM (which will quickly be hacked). I’ll bet you companies like IBM and Microsoft are busily drafting DRM proposals which will have the goal of No More WikiLeaks. A massive DRM effort/rollout at the Federal Government would satisfy the press and the electorate. It would be “something done”.