Category Archives: Military

Outrage: Less and More

danrather0207.jpg We’ve been discussing Outrage Considered Useful. Alex remarked in a comment:

The term "Outrage" suggests that risk cannot or should not be discussed in a rational manner.

What I think Sandman is getting at is that often risk isn’t discussed in a rational manner, because managers’ (and security people’s) egos, fears, ambitions, etc. get in the way. In a perfect Platonic world perhaps things wouldn’t be that way, but in this one, people don’t operate by reason alone, even when  they think they are doing so.

Outrage x Hazard may be a means to express risk within the context of the organization, but I like probability of loss event x probable magnitude of loss better for quantitative analysis.

Indeed, quantitative analysis is good. However, once you’ve got that analysis, you still have to sell it to management. And there’s the rub: that last part is going to require dealing with emotion.

Continue reading

Brass Leaks

usacio.png We already observed that military information security is a bit of an oxymoron and over in Peerflow that the U.S. military thinks its soldiers in Iraq are likely leaks.

Well, it turns out that:

For years, members of the military brass have been warning that soldiers’ blogs could pose a security threat by leaking sensitive wartime information. But a series of online audits, conducted by the Army, suggests that official Defense Department websites post far more potentially-harmful than blogs do.

Army Audits: Official Sites, Not Blogs, Breach Security, By Noah Shachtman, Danger Room, August 17, 2007, 12:29:00 PM

Is there a psychologist in the house? Is the military blaming it’s own incompetent leaks on the troops projection, or is it just plain old CYA?

I’m pretty sure hiding this report until the EFF filed a FOI lawsuit to get it is CYA.

I don’t think it’s good risk management for the troops, or the Iraqis, or even for the brass.

-jsq

Military Information Security

bagram_overview.jpg I suppose we shouldn’t be surprised that the U.S. military doesn’t seem to be any better about information security than companies or other parts of government:
Detailed schematics of a military detainee holding facility in southern Iraq. Geographical surveys and aerial photographs of two military airfields outside Baghdad. Plans for a new fuel farm at Bagram Air Base in Afghanistan.

The military calls it “need-to-know” information that would pose a direct threat to U.S. troops if it were to fall into the hands of terrorists. It’s material so sensitive that officials refused to release the documents when asked.

But it’s already out there, posted carelessly to file servers by government agencies and contractors, accessible to anyone with an Internet connection.

Military files left unprotected online, By Mike Baker, Associated Press Writer, Thu Jul 12, 8:03 AM ET

Surely they know better than this? Continue reading