Well dear readers, much as I do not wish to continue day in and day out about the Wikileaks debate, I think it is time to look at the current situation from a different angle.
Many years ago, at the tender age of 18, I was posted to my first BFPO addresses in northern Germany at a time when the Cold War was still a very real event. Gorbachev had just taken over from Brezhnev and had a very different style. Northern Ireland remained a bloody issue and the Falklands was still deemed and active theatre.
Of course my now Ukrainian family was then part of the Ukrainian SSR, my good lady’s father sat in a T72A ready to repel my advances should such a notion have occured…..a situation I am pleased to say, that had resolved itself before I met my good lady (lest I caused an international incident).
Anyway, within 2 weeks of arriving within the BAOR zone, I am sent on a course relating to security, not the physical security of the BAOR zone, but because of my role, document security, subversion, espionage, coercion and subterfuge, in which it rather pointedly and unforgettably demonstrated how those nasty people in the PGU (now SVR) would seek to exploit any weakness I or a colleague may have, to glean by hook or by crook, any and all sensitive information I would undoubtedly see and have access to.
Now whether this course was simply exceptional in its delivery, or whether at the tender age of 18 and for the first time sent abroad, it remains vivid as a wake up call to the realities of life for gown-ups, I still remember this course as if it was yesterday.
Of course in those days the Internet system did not exist, everything was done by signals or paper relating to everything from unclassified to top secret material. Every single document though, was put on a circulation list relevant only to those who needed to know the contents (even for unclassified material) and a record kept of its dissemination. Confidential generally and below was sent out to others, secret and above meant others came to view.
Effectively, there was what is now called in computer circles, a data management system, so that every copy of any document could be accounted for by way of who had a copy and internal circulation was signed as “read” by those deemed worthy to need to know the contents. A wonderful system, fully auditable (and it was frequently) that allowed for the controlled destruction of documents as well…..because you instantly knew who had copies of what……and you knew who was vetted to see what.
However, the weakest link in the entire system was of course the human……hence the course I shall never forget. I have since attended many such courses when in the service of The Crown, but this first one was by far the most striking.
Unsurprisingly in the private sector, document controllers still exist as a role in many large projects, particularly in oil and gas projects whether it be upstream, mid-stream or downstream parts of the project as a specific function outside of normal HR and administrative organs. Controlled information flow is key to effective awareness and/or planning.
This takes us back to Wikileaks, or rather the system that was compromised and the contents subsequently released by Wikileaks.
The US system seems to have run quite out of control whereby it is alleged that over 2,500,000 US personnel of various types have complete access to the system (which explains how Iraq/Afghanistan (military) communications have been accessed and subsequently leaked, as easily as the diplomatic communiques).
Now whomever leaked this information surely did not need access to both diplomatic and military communication for their role…..unless there is more than one leak and they are relevant to each sector.
I fully understand that after 9/11 and the finger pointing about intelligence sharing (or lack of it) between US agencies caused a major change in the ability to access information but to allow access to 2,500,000 people when any security analyst will state there is no such thing as 100% security and the weakest link will almost always be human?
You have to suspect that about 2,499,500 really do not need access to all this information but only parts of it.
Whilst that would reduce the number of possible leaks, of course that does not eliminate them. The human issue still remains. No matter how well vetted anyone is, and regardless of what rank or position they hold, each and every person with access remains a “risk”…..after all, the best and infamous spies all got through even the most meticulous of vetting procedures throughout history.
What I was told almost 30 years ago remains true today, the weakest link is you.
