Army Private First Class Bradley Manning, who is now in custody in Quantico, Virginia, has already admitted to collecting over a quarter million messages (which the U.S .Department of State calls 'cables,' but are really e-mails) using nothing but rewritable media and a USB drive. He was arrested in June for his release of a helicopter attack in Iraq to WikiLeaks.
Manning remains in federal custody for the release of the video, but will likely be charged for the State Department leaks in the near future. In the meantime, the military and the rest of the government have some thinking to do. Clearly the most important is how a 22-year-old (at the time) junior enlisted man was able to gain access to some of the most tightly-held government secrets. The second is how was he able to use removable media on a military computer with access to such sensitive data.
The Departments of Defense and State share computer networks that provide access to critical data that allow either of the two agencies to take action much more quickly than if they had to depend on the other to sift through data, decide what's important and then forward it along. It's an important step in eliminating the government's long-standing problem with silos of information, and it's proven very effective. However, when such critical information is broadly available, it means that extraordinary care must be taken to protect it.
For Manning, this apparently wasn't done. Manning allegedly accessed the highly secret Defense and State department systems with ease, and used something as simple as USB ports and a CD drive to accomplish a vast intelligence breach. Manning, if he's found guilty of doing this, should pay the price, and since he's already bragged to others about this, it seems likely that a military court will agree with him.
But that doesn't answer the question of why he was given access in the first place, and it doesn't answer the question as to why the removable media could be used on a machine with such critical access. This is where you, the reader, come in.
There's every likelihood that your company has information that is as important to you as the State Department messages are to the government. But the questions is, what do you do to protect it? While it's true that you might not expect your private documents to appear on WikiLeaks-unless you're working for a bank-it would still hurt to see them appear on the computers of your competition.
So ask yourself, what people and which computers have access to your company's most critical information? Do any of those computers have a CD or DVD drive, or a USB port that's not protected against unauthorized use? Are any of them able to be used without that use being logged by your security software? And what about the people you allow to access your most sensitive data? Have you even run a background check on them? A credit check?
Without the most basic level of security, it's hard to see how you can expect your sensitive data, including your business plans, your customer information or your own accounting data, to not eventually leak out. The difference between the government and you is that such a leak can shut down your business, and perhaps put you in jail if you violate federal compliance laws. With the government, only Manning is likely to see prison time. The people who designed the security system, it appears, aren't being held accountable.