An equally useful solution is to not behave in ways that make people despise or hate you, and therefore motivated to harm or embarrass you.
If you behave in a dishonest, unethical or arrogant manner, you will find that people within your organization, who may have a much higher moral/ethical standard, will take a strong exception to your conduct. It may then not take much to push them into action.
The best ways to avoid this latest Wikileaks type event, is to have as few secrets as possible and also behave in ways that will not be embarrassing if exposed.
Maybe that is just too much to ask of elected officials in a democracy?
Wikileaks fallout: Keeping your secrets safe
Summary
At minimum, the Wikileaks loss should sound an alarm for access control of privileged users such as web and system administrators, says Xceedium's Ken Ammon.
Topics
Commentary - What do Metallica and the U.S. government have in common?
They are both fighting to control information once it has been placed on the Internet. Like Napster,which rocked the music industry by enabling piracy and was eventually sued by the band Metallica,the current Wikileaks crisis concerning the unauthorized access and downloading of 250,000 sensitiveand classified diplomatic cables and other files is simply another example of a controversial yet highlyefficient and hard to stop Internet distribution engine for the global sharing of data.
Both Metallica and the U.S. government have gone after these Internet distribution systems in anattempt to regain control of content they own. But it’s a losing battle. For Metallica, not much hasbeen done to stop the millions of people who illegally access and share music files. Internet usersknow several Napster replacements exist that still amass files and enable the sharing of them. Whensomething people want—music or data—becomes public, you can be sure that people will find a way toshare it.
Clearly, once information is available online—whether government cables or music—the people whoown the information have lost all control over it. They can discuss new laws to accommodate newtechnologies, ethics and so on, but an equally pertinent question is “what could we have done toprevent this in the first place?”
The fundamental issue remains that in most organizations, trust is granted to staff allowing themaccess to mass amounts of an organization’s most sensitive data. And now the adoption of mobileand cloud computing pave the way for trusted staff to transfer and share data on the Internet. How doyou manage trust to so much data and how do you recover your sensitive data once it is posted on theInternet? You can’t put the genie back in the bottle, so the real question should be, “What are we doingto keep it in?”
In the early 1990’s both blackhats and whitehats (cyber-savvy individuals who use their knowhow forbad or good, respectively) played around with ways to extract information from systems and wereamazed at the assets they could access. It didn’t require a high level of sophistication to generate avirus and exploit weaknesses in systems. As the security market continued to expand, most of the earlydemand was for solutions to problems that didn’t threaten to siphon sensitive information or stealintellectual property. Rather, the problems that people paid money to fix were annoyances that took upthe IT or security department’s time or that cut into employee productivity. Still, this was enough to fuelsignificant investment in security products to thwart issues like denial-of-service and destruction of data.Now, for the most part, companies seem to have established at least a reasonable state of availabilityto servers, storage, and communication services. Headlines don’t frequently talk of a virus getting into asystem and shutting the whole network down anymore.
Still, we have yet to get ahead of the problem of a capable, motivated attacker who in some cases issponsored by foreign governments. Today, we’re all talking about what happened with Wikileaks andmany are focusing on the “Wiki” and not the leaks. And, while providers have shown good faith byshunning DNS and hosting services to the Wikileaks site, what will follow is a game of whack-a-mole.Case in point, Napster music sharing was replaced with platforms such as Limewire and BitTorrent.The Wikileaks loss represents yesterday’s clumsy virus. Quite simply, the leak originated from a low-level analyst trusted to follow policy. And while the security community is all-a-buzz around emergingadvance persistent threats capable of sophisticated and coordinated attacks on nuclear plants (Stuxnet)let us not forget that we continue to be at great risk from much less sophisticated threats like trusted
insiders with access control enforced with basic tools such as handbooks and written policy.The sticky area has always been the way organizations grant trust and the amount of power given to auser once that trust has been granted. There has to be a shift in paradigm. Companies should still aim toestablish trust—with background investigations and such—when they engage with partners, employees,etc. But organizations can no longer extend that level of trust to things as powerful as informationsystems and technology, and in particular, those trusted to administer and manage these platforms.
Commonly, a system admin gets a background check, gains clearance and is handed the ultimate accessto government or company information and infrastructure. Not anymore. Companies need to moveto a zero-trust model to enforce written policy with technology. At a minimum, the Wikileaks lossshould sound an alarm for access control of privileged users such as web and system administrators. Thepotential for loss is too great to expect that all people are going to pay attention to a memo or followthe employee handbook. After all, it only took one bad seed for Wikileaks to occur.
Just last month, the Executive Office of the President, Office of Management and Budget issued a memofor the heads of departments and agencies regarding Wikileaks and misuse of classified information. Thememo includes the following immediate instruction in support of zero trust:
•Each department or agency that handles classified information shall establish a securityassessment team consisting of counterintelligence, security, and information assurance expertsto review the agency’s implementation of procedures for safeguarding classified informationagainst improper disclosures. Such review should include (without limitation) evaluationof the agency’s configuration of classified government systems to ensure that users do nothave broader access than is necessary to do their jobs effectively, as well as implementationof restrictions on usage of, and removable media capabilities from, classified governmentcomputer networks.
There are a lot of issues that need to be addressed by a solution to the gamut of Internet securitychallenges and the need to share data. At a minimum, though, organizations should tackle high-riskchallenges posed by well understood threats that are easy to solve—like controlling administratorand privileged access to data and systems with today’s existing technologies that are not prohibitivelyexpensive. In fact, a proper privilege management platform designed to control, contain, and auditaccess to assets and systems needed to perform one’s job, could have prevented the Wikileaks leak.
biography
Ken Ammon is the chief strategy officer at Xceedium
Just In
@Economister
Hit the nail on the head. The fact is that government should be allowed to have NO secrets unless an operation is going on at that very moment that needs to be kept secret, and only until that operation is over.
Hit the nail on the head. The fact is that government should be allowed to have NO secrets unless an operation is going on at that very moment that needs to be kept secret, and only until that operation is over.
@Lerianis10 why don't you start with yourself: post all your sensitive information including intimate conversations with your sex partner, your bank and credit card accounts, publicly on the Internet. THEN you can justify theft of sensitive information from your government.
Secrets are an integral part of how governments run. Be it security counter-measures you can deploy, military deployments, lists of informants, or even just covert intel such as sympathizers among the 'enemy' ranks... There is a need for such things to stay secret, beyond just "an operation is underway".
Poker games are not very hard when you can see everyone's hand. It turns into luck and odds at that point. You need to keep secrets in order to be competitive at poker.
Poker games are not very hard when you can see everyone's hand. It turns into luck and odds at that point. You need to keep secrets in order to be competitive at poker.
And that includes making sure that our enemies also don't keep secrets.
So, if Al-Qaeda plans to bomb a stadium full of people or are training people to bring down a few planes loaded with hundreds of people, I'm pretty sure that you'd be asking them to, please disclose everything before they undertake any of those dastardly deeds. And, if they do go ahead and carry out their dastardly deeds without first disclosing their intentions, then you'd be the first to issue a strongly worded letter of condemnation
While you're at it, you might also want to insist that, if China or North Korea or Russia or any other country had wishes to destroy the U.S., that they should publish on the internet every one of their intentions, with full details. We in the U.S., would counter with our full disclosures for every one of our plans.
Now, you need a theme song for your attitude and for all the others who think like you; perhaps "Kumbaya"?, or "We are the world", or "Imagine"?
Good luck with your ideas about how the world should operate.
So, if Al-Qaeda plans to bomb a stadium full of people or are training people to bring down a few planes loaded with hundreds of people, I'm pretty sure that you'd be asking them to, please disclose everything before they undertake any of those dastardly deeds. And, if they do go ahead and carry out their dastardly deeds without first disclosing their intentions, then you'd be the first to issue a strongly worded letter of condemnation
While you're at it, you might also want to insist that, if China or North Korea or Russia or any other country had wishes to destroy the U.S., that they should publish on the internet every one of their intentions, with full details. We in the U.S., would counter with our full disclosures for every one of our plans.
Now, you need a theme song for your attitude and for all the others who think like you; perhaps "Kumbaya"?, or "We are the world", or "Imagine"?
Good luck with your ideas about how the world should operate.
@Economister
Good point, as far as governments are concerned. There are some valid secrets that should be kept secret; but there are secrets that need to be exposed. Secrets that hide incompetence and malfeasance should be exposed. The slippery slope is what secrets are important to national security and what secrets are being cloaked with national security that have nothing to do with national security.
I am waiting for the round of wikileaks about a major financial corporation. This could be interesting to see how the banks behaved during the dirivitive crisis that is still reverberating around the world (Greece and Ireland may be good examples.)
Good point, as far as governments are concerned. There are some valid secrets that should be kept secret; but there are secrets that need to be exposed. Secrets that hide incompetence and malfeasance should be exposed. The slippery slope is what secrets are important to national security and what secrets are being cloaked with national security that have nothing to do with national security.
I am waiting for the round of wikileaks about a major financial corporation. This could be interesting to see how the banks behaved during the dirivitive crisis that is still reverberating around the world (Greece and Ireland may be good examples.)
And on the bright side? More honesty and transparency in that industry would mean we would be less likely to have such a crap-shoot disaster that would sink the world!
Maybe, having read the latest Wiki-lot to be released, the answer is to NOT procure little boys for sex for Afghan war lords? Rather than keep it more secret.
I mean all those bible bashing Republicans that are screaming for death to Wikileaks, do they support this or will them condemn it?
Is Glenn Beck in favor of covering up procuring child prostitutes in Afghanistan for war lords?
What about Sarah Palin, for or against this? Isn't she outraged, or would she rather it was covered up?
Clinton pulled the credit card transactions of a visiting leader, so much for gentlemens agreements. Are you OK with this?
Tell me, what leverage exactly does the US have over EU leadership that causes them to act against EU interests??? What do they know about you that us ordinary citizens don't?
Seems to me, the stuff they're hiding, they hide out of shame.
I mean all those bible bashing Republicans that are screaming for death to Wikileaks, do they support this or will them condemn it?
Is Glenn Beck in favor of covering up procuring child prostitutes in Afghanistan for war lords?
What about Sarah Palin, for or against this? Isn't she outraged, or would she rather it was covered up?
Clinton pulled the credit card transactions of a visiting leader, so much for gentlemens agreements. Are you OK with this?
Tell me, what leverage exactly does the US have over EU leadership that causes them to act against EU interests??? What do they know about you that us ordinary citizens don't?
Seems to me, the stuff they're hiding, they hide out of shame.
@guihombre
Where did you get that from? They actually did that? I'm surprised that people are not calling for the heads of the soldiers/diplomats who did that.
Where did you get that from? They actually did that? I'm surprised that people are not calling for the heads of the soldiers/diplomats who did that.
Actually, if you knew anything about conservatives/republicans, you'd know that they are the biggest advocates of "hang them high" when it comes to any crime against a child, be it child prostitution or child abuse or child porn. The ones that are the most lenient, if they wished to do anything at all about those crimes, are the liberals.
So, it seems that you have things completely ass backwards.
So, it seems that you have things completely ass backwards.
nobody should have secrets to keep! Whatever you think of someone, whatever you know about something you should just come out and tell everyone!!
Just like they do everyday in there own lives!
I'm sure their all for the attacks against amazon, mastercard, paypay for CHOOSING not to deal with ASSange and his minions because how dare they have the freedom of choice to walk away from this guy.
What next will they hack into bank accounts and threaten to release all our CC numbers if we decide we don't support him?
Just like they do everyday in there own lives!
I'm sure their all for the attacks against amazon, mastercard, paypay for CHOOSING not to deal with ASSange and his minions because how dare they have the freedom of choice to walk away from this guy.
What next will they hack into bank accounts and threaten to release all our CC numbers if we decide we don't support him?
@cyberspammer2
That would be different cyberspammer2 than releasing government documents that should NEVER HAVE BEEN CLASSIFIED IN THE FIRST PLACE!
The only reason for secrets in government is to hide that they are doing something that the American people would not agree with and would be calling for their heads.
That you are unable to see that makes me think that you are being willfully blind or have fallen into the "American Exceptionalism" trap.
That would be different cyberspammer2 than releasing government documents that should NEVER HAVE BEEN CLASSIFIED IN THE FIRST PLACE!
The only reason for secrets in government is to hide that they are doing something that the American people would not agree with and would be calling for their heads.
That you are unable to see that makes me think that you are being willfully blind or have fallen into the "American Exceptionalism" trap.
The only reason for secrets in government is to hide that they are doing something that the American people would not agree with and would be calling for their heads.
That would not be a true statement. There are many things classified for the sake of defense: Should we let our enemies know what are defense strategies are?
When governments make an assesment of a situation or person, should that information be avalialbe to all?
Should the US government tell North Korea what it is that the US Government and South Korean government had discussed about them?
Should a US diplomat feel he is being lied to not discuss the matter confidentially with his superiors?
There are a great many benign things disclosed in those documents, for what reason has wikileaks not disclosed those parts?
That would not be a true statement. There are many things classified for the sake of defense: Should we let our enemies know what are defense strategies are?
When governments make an assesment of a situation or person, should that information be avalialbe to all?
Should the US government tell North Korea what it is that the US Government and South Korean government had discussed about them?
Should a US diplomat feel he is being lied to not discuss the matter confidentially with his superiors?
There are a great many benign things disclosed in those documents, for what reason has wikileaks not disclosed those parts?
@cyberspammer2
I said "have as few secrets as possible".
In your world, is that no secrets at all?
I find your (deliberate?) misrepresentation of what I said highly offensive. Do you work for the government by any chance, given your apparent low regard for facts/the truth? Are you ethically challenged?
And then we have the small matter of personal vs the government's business. I have absolutely no interest in your personal business. You can keep as many secrets as you like. The governments business however is MY business. I have a right to know what my government is doing and how they behave representing me. I do not wish to be represented by lying scumbags and deviants. Maybe you do not mind.
I said "have as few secrets as possible".
In your world, is that no secrets at all?
I find your (deliberate?) misrepresentation of what I said highly offensive. Do you work for the government by any chance, given your apparent low regard for facts/the truth? Are you ethically challenged?
And then we have the small matter of personal vs the government's business. I have absolutely no interest in your personal business. You can keep as many secrets as you like. The governments business however is MY business. I have a right to know what my government is doing and how they behave representing me. I do not wish to be represented by lying scumbags and deviants. Maybe you do not mind.
As much as free music, videos, etc. are enticing and good, we can't deny the fact that this will depreciate legal music sales and the reason for artists to record songs and put them in an album.
http://myinternettvsoftware.com
http://myinternettvsoftware.com
Mastercard, Visa, PayPal, Amazon, even an ISP here in New Hampshire have ARBITRARILY dumped WikiLeaks for the mere allegation that they committed a crime.
THAT IS THE ABSOLUTE WORST BUSINESS PRACTICE ANY SERVICE PROVIDER COULD COMMIT!
It shows that those businesses have zero faith guarrantees for supporting your business. It shows the CLOUD SERVICES RELIABLITY TO BE ZERO.
"Oh, we heard a rumor that one of your employees downloaded a peice of child porn at home. We have a zero tolerance policy for those crimes and have immediately removed your site from our services. All information has been deleted. Have a nice day."
The U.S. government, particularly Peter King from New York, and Joseph Lieberman from Conneticutt, have broken the 1st amendment in the WikiLeaks case. King and Lieberman both deserve lengthy prison sentences for it; and the U.S. government owes WikiLeaks massive restitution; as do all the service providers that have dumped WikiLeaks over this issue.
THAT IS THE ABSOLUTE WORST BUSINESS PRACTICE ANY SERVICE PROVIDER COULD COMMIT!
It shows that those businesses have zero faith guarrantees for supporting your business. It shows the CLOUD SERVICES RELIABLITY TO BE ZERO.
"Oh, we heard a rumor that one of your employees downloaded a peice of child porn at home. We have a zero tolerance policy for those crimes and have immediately removed your site from our services. All information has been deleted. Have a nice day."
The U.S. government, particularly Peter King from New York, and Joseph Lieberman from Conneticutt, have broken the 1st amendment in the WikiLeaks case. King and Lieberman both deserve lengthy prison sentences for it; and the U.S. government owes WikiLeaks massive restitution; as do all the service providers that have dumped WikiLeaks over this issue.
Less trust, in some cases, would be better. But zero trust is impossible. Ken Thompson (one of the fathers of the original Unix) proved it years ago -- see http://cm.bell-labs.com/who/ken/trust.html
I support shining a bright light on all the government cockroaches and their dirty deals. If this means revealing 'sensitive' material, so be it. This isn't any different than a cheating husband getting caught with a strange set of ******* in his suitcase...
On the flip side, I do not support release of ANY documents that puts soldiers or civilians in danger. There is nothing to be gained by releasing mission information that allows the enemy to kill our people.
On the flip side, I do not support release of ANY documents that puts soldiers or civilians in danger. There is nothing to be gained by releasing mission information that allows the enemy to kill our people.
Wikileaks has revealed bank dodgy dealings - see Barclays memos booking almost ficititious deals through off-shore to avoid billions in tax to the UK. Does that get the coverage it deserves?
No. And does the lack of media publicity have anything to do with the amount of advertising Barclays Banking Group has worldwide? Or it is justified beacuse it is borderline illegal so not really a story?
No. And does the lack of media publicity have anything to do with the amount of advertising Barclays Banking Group has worldwide? Or it is justified beacuse it is borderline illegal so not really a story?
Wikileaks as a service for good.!
1.It is a reminder to all that having everything stored electronically poses great risks.
2. The attacks on various major sites shows that economically the world is becoming more and more vulnerable to a collapse if electronic payment systems are taken down or interrupted.
3. That alternative systems of payment transfer need to be maintained or invented so that commercial life can continue regardless of cyber-warfare.
1.It is a reminder to all that having everything stored electronically poses great risks.
2. The attacks on various major sites shows that economically the world is becoming more and more vulnerable to a collapse if electronic payment systems are taken down or interrupted.
3. That alternative systems of payment transfer need to be maintained or invented so that commercial life can continue regardless of cyber-warfare.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
