Home » Cyber » Cyber Security Center » Wikileaks Fiasco Exposes Gaping Holes in Cyber Domain

Wikileaks Fiasco Exposes Gaping Holes in Cyber Domain

by Greg on August 9, 2010

By Kevin Coleman
Defense Tech Cyber Warfare Analyst

Is the Wikileaks fiasco the first defeat for the United States in the cyber warfare domain? Exploring this question shows just how little we have planned for, created doctrine for, and are ready, able and willing to respond to threats to the United States in the cyber domain.

Interesting Data Points:

• General Keith Alexander, the newly appointed head of Cyber Command and Director of the National Security Agency who is now responsible for all military information and communications security, traveled to Afghanistan just two days after the Wikileaks first dump of classified data on their web site.

• We polled several security professional (several with active security clearances) as to the severity of this incident. On a scale of 1 being low and 5 being high, the impromptu survey resulted in a score of 4.2 – a rather concerning score you would have to say.

• Lt. Gen William Lord, Air Force Chief Information Officer (CIO) also serves as Air Force chief of warfighting integration last week spoke at LandWarNet 2010 and said, “Wire power is firepower.”

• Many people looking at this issue wonder why we just don’t hack and take down the site. That is short cited and would only inflame the situation. Others wonder if one or more members of the security organization of the countries mentioned in these documents are looking for those involved and question if we will hear from them again.

Planning for and response to cyber threats is a complex international issue with little or no empirical information. Tehran Times published the following – “The drumbeat of calls for repression and violence against WikiLeaks and Private Bradley Manning is a major threat to democratic rights. All sections of the U.S. political establishment, Democratic and Republican, liberal and conservative, are seeking to retaliate against those who are exposing atrocities by the U.S. military in Afghanistan and Iraq, and intimidate all critics of these wars of aggression by American imperialism.”

We can only hope this is used as a learning experience by our military, intelligence community and Cyber Command and they rapidly address ALL issues this serious breach has brought to light.

Share |

{ 24 comments… read them below or add one }

Chops August 9, 2010 at 11:12 am

Better to learn the weakness in the systems now than later–at least we should be able to plug the leak soon.

Reply

Mark August 9, 2010 at 11:29 am

Currently, it's like the fox guarding the hen house. If supervisors did their most basic of skills, like knowing their workers, I bet they could get the tell tale signs of someone who is a security risk. Better safe then sorry!

Reply

@Cr4shDummy August 10, 2010 at 4:17 am

Exactly. From what I've read, Manning possessed all the signs of a security risk.

Reply

William C. August 9, 2010 at 11:32 am

Sadly we can't really reverse the leak. But that good for nothing arrogant troop hating leftist scumbag owner of Wikileaks should be punished and put in his place. I can't tolerate these people who actively try to portray our soldiers as criminals.

Reply

Jacob August 9, 2010 at 1:47 pm

Get over it.

Reply

William C. August 9, 2010 at 1:59 pm

Sorry but I don't believe we should "get over" something when justice has yet to be delievered. Heads should roll for this, his among them.

Reply

E_Khun August 9, 2010 at 2:12 pm

Well, since the leaked documents seem to be real then if the contents portraits your soldiers as criminals then they're probably criminals.

It's not like that "good for nothing arrogant troop hating leftist scumbag owner of Wikileaks" actually wrote all those documents.

Reply

William C. August 10, 2010 at 8:59 am

Are you calling our soldiers criminals you scumbag? They're far better men than some armchair general like yourself. The type of people are Wikileaks are known to edit out large portions of videos to paint American soldiers and marines in the worst possible light. They hate the military and everybody who serves in defense of this country.

Reply

E_Khun August 12, 2010 at 9:14 am

No. Thats why I used the word "IF".

The comment was about you not understanding what the wikileaks documents were about, but still having your unfounded and dumb opinion.

And then you go and proof me right by not being able to interpret 1 line in a comment. I might be a scumbag but at least I'm not simple.

Reply

Mr B August 9, 2010 at 2:46 pm

One way to deal with him (civilly) is to allow Afghani's who were named in the document to sue him for damages like missing or killed family members, moving expenses, security costs, etc. It is probably best to file where he lives so that he can experience the whole "looking over your shoulder" thing that he exposed all these people to.

Reply

blight August 9, 2010 at 3:57 pm

Assange is going to get a gift basket from someone in Pakistan, for sure. But he's still a unbeliever.

Reply

Oblat August 10, 2010 at 1:52 am

It’s hard to get excited when contractors profess love for the troops. When you have seen soldiers having to buy their own body armor while they are forced to drive around in broken down strykers you realize it’s the love of a parasite for it’s host.

Reply

Mitch S. August 9, 2010 at 11:34 am

Cyber warfare defeat?

Was "The Pentagon Papers" leak a cyber warfare incident? Uh, no…
Well this is no different except the classified info was published online instead of in a newspaper.

Unless there's new info I'm unaware of, the source of the leak had clearance to access the docs. Wikileaks did not hack into DOD or State computers and steal the docs.

Not surprised to see Cyber Command and private consultants glom onto this to seek budget increases and more business.

Reply

ACA August 9, 2010 at 2:46 pm

As noted, this hardly constitutes a "Cyber Attack." No electronic/computing/information asset was hacked, infiltrated, or subject to a DoS attack. Much more appears to have made of this than it deserves. I can't help but think that while we fuss over this something more important is being missed.

Reply

Kevin August 9, 2010 at 5:36 pm

When Does Electronic Espionage or a Cyber Attack – “Act of War”

PLEASE SEE https://www.issa.org/images/upload/files/Willson-

Reply

Drake1 August 9, 2010 at 11:41 am

Lack of security protocols on the inside for acquiring classified information. Isn't cyber command designed primarily for outside threats- not internal?

Reply

Kevin August 9, 2010 at 4:38 pm

When Does Electronic Espionage or a Cyber Attack – “Act of War”

PLEASE SEE https://www.issa.org/images/upload/files/Willson-

Reply

ohwilleke August 9, 2010 at 4:52 pm

Leaks are caused by neither hackers nor spies. The classic leak is a response to a perceived cover up or misconduct by higher ups that has been allowed to continue. They are tools of intramural bureaucratic warfare by loyal, patriotic people, not efforts to harm national security.

No security protocols can defeat this kind of inside job by someone who is trying to do what they see as the right thing, at a time when a public debate about the important issues isn't taking place for lack of information.

The best way to prevent leaks is to make it easier to anonymously present criticism to inside oversight that takes it seriously, and to keep secret only information that needs to be kept secret rather than instinctively keeping everything confidential.

A sustained, widespread secrecy is not one of the military advantages of democratically ruled superpowers. A nation like the United States has to use strategies that work even when the other side can discover what they are. We aren't a small country like Israel, and we aren't an authoritarian country like Soviet Russia, and can't run our defense-intelligence establishment the same way.

Reply

Oblat August 10, 2010 at 1:54 am

If you have been reading Kevin long enough you know that anything involving electricity is cyberwar. For instance if your toaster oven blows up: that’s cyberwar.

What he won’t tell you is that consultants like him are by far the highest security risk and the source of by far the most leaks. History has shown that the single greatest improvement you can make to security is to get rid of the people who’s primary loyalty is to the $.

Reply

William C. August 10, 2010 at 9:02 am

And your ideal 100% state run defense industry with no outside contractors or consultants would be equally at risk of leaks as we have seen with this event.

Reply

shawn1999 August 11, 2010 at 1:16 pm

Except he said to get rid of all (gov or contractor) whose loyalty is to the dollar. In other words, he is including the the guy who keeps complaining about poor government pay too. Need those who are doing the job for Family & Country- because they love the country and their families (though then you still have risk of coercion, but at least it no longer depends on who can pay the most)

Reply

Mitch S. August 10, 2010 at 12:28 pm

Kevin, I read the article you linked to.
It deals with the question of when an act of cyber-espionage crosses the line and becomes an act of cyber-war.
The author defines cyber-espionage this way:

"There is no official definition for
electronic espionage, but IT could easily be defined as the use
of electronic techniques such as computers, phones, wiretaps,
etc., in order to conduct spy activities."

The author uses China's hacking of Google's computers as his example.
Perhaps if Google has stronger electronic data protection China couldn't have wormed it's way in.

As I noted above, this Wikileaks incident does not meet the definition of cyber-espionage, much less cyber-warfare.
Electronic techniques were not used to extract the info. A human recovered the info from electronic storage using the standard means (which he was given access to).
The strongest electronic firewall cannot protect data from someone with a valid password.

If I run someone over with a car it's vehicular homicide. If I stab someone in the back seat of a car it's homicide but not vehicular homicide.

Reply

Technolytics August 10, 2010 at 3:56 pm

You hit at the hear of the issue I have been blogging about for years. There is an absence of of formal terms and definitions for cyber terrorism, cyber war, cyber attack and cyber espionage. I believe that making copies of US classified materials and giving them to anyone outside the United States or perhaps the United nations is an act of espionage because of the information they contain and the resulting damage.

You also hit another key point – A human recovered the info from electronic storage using the standard means (which he was given access to). Where we differ is in my opinion and the opinion of several others, all active clearances fell that if you copy a digital file on to a CD that is an electronic function. I would further state that I believe there is case law that would backup this interpretation. What is so perplexing to me is what the hell ever happened to compartmentalization? That was to isolate, control and protect classified data – if that were in place, how did the soldier ever access such a broad swath of classified data?

Reply

@Earlydawn August 15, 2010 at 5:22 pm

Didn't you hear? He and his country are on the U.N. council for Women's rights. They're a liberal democracy now.

Reply

Leave a Comment

Previous post:

Next post: