“What do think about that WikiLeaks situation?”
I’ve been getting that question a lot lately - not only from the typical techies or security pros, but from just about everyone else. From government leaders to self-confessed Luddites to elderly acquaintances at church, lots of people are talking about WikiLeaks – still.
For example, last month I ran in to a former government executive who moved on to a leadership role in the private sector several years back. The conversation went something like:
Former Gov Exec: “Dan – you won’t believe this, but I was just thinking about you and your state security organization. I was shocked by those WikiLeaks disclosures! I can’t get that topic off my mind."
Dan: “Really? You’re the second person who mentioned that today.”
Former Gov Exec: “You know, they don’t understand computer security or these risks the same way in the private sector as in government. Many of my current colleagues just don’t get it. (Laughing) Everyone was blown away by that WikiLeaks thing….”
(After a long, serious pause) “So what should we be doing now?”
I sent my old friend a few resources. But no doubt, this is tough (and difficult) question to answer. I’d like to share some of the same advice I gave my colleague.
Over the past several months, there have been numerous articles offering “lessons learned” from WikiLeaks. Here are a few of the interesting articles that I’ve read on this topic:
Yes, there are plenty of misperceptions out there amongst people who should probably know better. A few government managers have commented, “We don’t have anything worth protecting here. We’re not the Department of Defense (DoD), you know.”
These naïve perspectives may shock some (for good reason), but they cause me to relook at our security training for business areas. In the defense of some state and local government staff, a large amount of government information is (and should be) open and the information is available via the Freedom of Information Act (FOIA) or even freely on public websites.
Newly elected officials and legislators and/or other new state or local execs may not be aware of the various compliancy and legal issues we must abide by to protect citizen information. We can certainly use WikiLeaks as a training opportunity.
Bottom line, we do have plenty of sensitive data that must be protected, and no citizen wants their health records, high school test scores, social security numbers or tax records revealed to the world.
So what WikiLeaks lessons am I suggesting? Here are three, keeping it simple in this particular blog:
1) The “insider threat” is real for all of us.
2) Yes, we have sensitive data to protect in state and local governments.
Final thoughts: Government Technology Magazine ran this article stating that City Leaders are worried about the implications of WikiLeaks for security in their jurisdictions. This gives readers an opening to educate others on the importance of good practices.
There is also this webinar from Governing coming up later this month that may help you in this area if you want to learn more as we begin 2011.
Any opinions on WikiLeaks that you would like to share?
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.