Why Computer Security Fails

I was reading the source document in: DHS Bridging Siloed Databases [Comments?] when I encountered a possible reason for the Snowden security breach.

Records in this system are stored electronically in secure facilities in a locked drawer behind a locked door. The records may be stored on magnetic disc, tape, or digital media.

You might want to read that again:

Records in this system are stored electronically in secure facilities in a locked drawer behind a locked door. The records may be stored on magnetic disc, tape, or digital media.

Something about storing records electronically “…in a locked drawer behind a locked door” tips me off to the writer not having a clear idea about computer security.

Here is one document that has this language:

DEPARTMENT OF THE TREASURY Fiscal Service Privacy Act of 1974, as Amended; System of Records Notice AGENCY: Financial Management Service, Fiscal Service, Treasury. ACTION: Notice of systems of records.

Which covered:

CATEGORIES OF RECORDS IN THE SYSTEM: (1) Motor Vehicle Accident Reports. (2) Parking Permits. (3) Distribution lists of individuals requesting various Treasury publications. (4) Treasury Credentials.

And it reads:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. (emphasis added)

For paper records, ok. For electronic records, not so hot.

I’m not real sure what “a locked drawer behind a locked door” would mean for electronic records. Assuming anyone wanted to use or search the records. Maybe you could put them on a thumb-drive. ;-)`

Update: One of my regulars correspondents will accuse me of being obscure: Why Computer Security Fails? Ignorance. It’s just that simple.

Comments are closed.