Report: Too Much Cyber Security at CIA

Report: Too Much Cyber Security at CIA
Kevin Poulsen, SecurityFocus 2003-05-28

While other government agencies struggle with their cyber security practices, the Central Intelligence Agency apparently suffers from the opposite problem: too much security -- according to a recent study of the agency's use of information technology.

Expand all | Post comment

Report: Too Much Cyber Security at CIA 2003-05-29
Anonymous (4 replies)

Report: Too Much Cyber Security at CIA 2003-05-30
Anonymous

Report: Too Much Cyber Security at CIA 2003-05-31
Anonymous

Report: Too Much Cyber Security at CIA 2003-06-02
Anonymous

Report: Too Much Cyber Security at CIA 2003-05-29
Anonymous (1 replies)

Never Too Much Cyber Security at CIA 2003-06-02
Anonymous2

Report: Too Much Cyber Security at CIA 2003-05-29
fruid (1 replies)

Report: Too Much Cyber Security at CIA 2003-05-30
LumpyGames (at) hotmail (dot) com [email concealed]

Report: Too Much Cyber Security at CIA 2003-06-02
Anonymous

Report: Too Much Cyber Security at CIA 2003-06-03
Anonymous

Over-zealous countermeasures do create a poor security environment; and Intel agencies suffer great problems in sharing data across systems with different classifications. Traditional approaches such as air-gap separation of systems are no-longer working as the need to share intel more freely increases. This presents some very interesting technical problems, but does necessitate the use of risk management.

Security problems are exacerbated by overly-complicated accreditation schemes, that ensure only lip-service is paid to security; and poor user training meaning that even the best technical countermeasures can be undermined by worryingly simple social engineering.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/5201/20289#20289