- BIG NEWS:
- Iran
- |
- Afghanistan
- |
- Philippines
- |
- Europe
- |
Cybersecurity: Why The Hell Was Secret White House Helicopter Data Found On A Computer In Iran?
Read More:
Barack Obama, Cyber Crime, Cyberattacks, Cybersecurity, Cyberwar, Iran, Marine One, Sensitive Information, Sikorsky, Tiversa, Tiversa Obama's Helicopter, Vh-60,
World News
It is a case of perverse but predictable irony that the first administration to truly harness the Internet's full power likewise faces the greatest threat from it. Nothing underscores this reality more acutely than a report this week that confidential mechanical data regarding the VH-60 presidential helicopter were found on a computer in Iran.
But then again, the new administration is perhaps fortunate to be furnished with such a thudding wakeup call as it leads the nation further into the Information Age -- the biggest mistake now would be to respond by hitting the Snooze button.
The leak, according to Reuters, was discovered by a peer-to-peer file sharing monitor company, Tiversa, based in Pennsylvania. Tiversa spokesman Keith Tagliaferri did not divulge the name of the defense contractor whence the files were leaked nor the Iranian computer wherein they were discovered, but he assured interested parties that the necessary government bodies had been notified.
One of the most discomfiting elements of this incident is that, according to Tagliaferri, the leak was most likely unintentional -- resulting from the data being stored on a personal computer, wherein it was compromised by music, movie, or any other number of file sharing conduits. Thus, rather than being some isolated, vile act of treason, the problem arose from an unforeseen systemic failure.
Now under investigation, it is safe to presume that this specific incident has been nipped in the bud. However, the larger implications of such an egregious slip will not be so ephemeral. Paralleling what we recently saw in the financial sector with 'exotic instruments' (of the derivative and credit default swap ilk), information-sharing technologies and practices may be outpacing the necessary regulatory safeguards that should accompany them. Elevate this to the level of national security, and it becomes an exigent prerogative -- a prompt and honest appraisal, followed by respective overhauling of the nation's cybersecurity infrastructure is in order.
Fortunately, proposals for how to do this are already on the table; most notably is a report from the Center for Strategic and International Studies Commission on Cybersecurity that was published towards the end of last year as a resource for the new administration. According to the CSIS report, cybersecurity breaches now pose one of the most significant threats to national security -- militarily and, even more so, economically: "The immediate risk lies with the economy. Most companies' business plans involve the use of cyberspace to deliver services, manage supply chains, or interact with customers. Equally important, intellectual property is now stored in digital form, easily accessible to rivals. Weak cybersecurity dilutes our investment in innovation while subsidizing research and development efforts of foreign competitors."
Yet for years after September 11, 2001, terrorism was unequivocally considered the number one threat to America and to suggest otherwise was blasphemous. Only more recently did national intelligence director Dennis Blair semi-officially reposition the established stance (though it is more just an obvious fact now) when he appeared before Congress and declared the global economic crisis the new primus inter pares. Given the strife and instability already spurred by the economic meltdown, few are likely to dispute Blair's position.
But of course, everything is interconnected. Economic troubles could very well exacerbate terrorism, for example, as middle class youth in fragile regions slip back into depravity, grow disillusioned, and find solace in radical ideologies. And while economic woes may contribute to terrorism and regional strife, cybersecurity underlies both. In a world where everything is digitized, information is power.
The Mumbai terrorists last November stretched their destructive effectiveness exponentially by tapping into salient information that gave them the upper hand -- be it through Google Maps, live news feeds or ordinary cell phones. Similarly, the 9/11 attackers had been to flight school to learn how to navigate and read flight plans. If such destruction can be rendered with basic information, it would be almost masochistic even to ponder what high-security breaches could mean -- except that that is now precisely what we should be doing to afford this issue the proper gravitas.
President Obama has demonstrated the symbolic importance and practical wisdom of expressly prioritizing his administration's primary goals; such as with health care reform where he has created the new White House Office of Health Reform ex nihilo to guarantee full and adequate attention to the issue. The view of many within the national security community is that he should do the same with cybersecurity, by creating an executive level office to address the growing threats and responsive defense measures head on. Indeed, that seems like a reasonable start.
Around the Web:
Cyber security standards - Wikipedia, the free encyclopedia
In move to consolidate cybersecurity, Obama taps Hathaway to lead ...
Obama's cyber security to-do list - Cybercrime & Hacking ...
Cyber Security Obama Style | ControlGlobal Community
Obama Adds 'Cyber Security' to National Defense Plan | The New ...
U.S. cybersecurity review done, heads to Obama soon | Politics ...
Seeking Obama's Cyber Czar - Forbes.com
Wanted: Computer Hackers ... to Help Government - ABC News
Organizing for America | BarackObama.com | Homeland Security
Loading comments…
Most Popular on HuffingtonPost
9TN%2FnJguV8gZ1ArqH91yIfAi%2BeiKCwZk2G2KqilaFkQw6nXhTauPsix2pYoSlnKMD%2FMg%2B2TUckpXlnH8%2BtyUzIDh0C7Xshyn
O4J9oRG0RCNRuA65WH9V0WdWKQggPq5RrsnRolf723rmN2algfH7wQ%3D%3D
1 of 2
Don't Miss HuffPost Bloggers
1 of 4
Huffington Post Apps and Feeds
Want to reply to a comment? Hint: Click "Reply" at the bottom of the comment; after being approved your comment will appear directly underneath the comment you replied to
Manufactured security alert. As if NSA doesn't mandate that manufacturers of encryption technology, Intel and Microsoft not make their products so secure that it would it harder for them to spy on anyone using the technology.
What I find appalling is that the computer user here in the U.S. was storing classified info on his personal computer. His personal computer, OMG :-( f
Then to make matters worse he then used that same personal computer to do music file sharing over the net? How stupid can a person be?
This is not an issue of technological or mechanical security failure. It more certainly is a human caused security failure.
Sounds like they drop files of soon to be obsolete equipment out into the wild, tagged like a salmon and track where they go.
Whoooeeee I hope they hooked a big one!
OK, so the story is that some defense contractor "inadvertently disclosed" the file containing the information in a breach of data security. Computer program error.
This leaves open the question of the computer in Iran.
Like, was it some college kid, downloading hip-hop?
Was it even an Iranian?
Was the information "inadvertently acquired" through the same defense contractor's security breach?
Was it a plant?
Or, are those dastardly Iranians plotting against those dastardly Americans?
Or, vice-versa?
Your ambiguous vote for revamping "cybersecurity" is a money pit. A complete and utter waste.
ALL data security is compromised by people, not machines. People misconfigure web servers, mail servers, firewalls, shut off anti-virus, use crappy operating systems that incubate malicious software, copy files onto thumb drives, throw away computers with hard drives intact, give out passwords over the phone, etc., etc., etc. All the money spent on "high-end" security solutions are very easily defeated by accidents, laziness, and incompetence. I suppose you could add greed in there as a cause, too.
The only way to get 100% data security is to disallow human beings from touching computers or creating content that has to be kept private. Pursuing 100% security is guaranteed to be a failure and waste a lot of money. It's just the way it is.
The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.
-- Robert H. Morris
former Chief Scientist, NSA National Computer Security Center
Stuart, this Government handles vast amounts of information at all levels of secrecy. This information flow is part-and-parcel of our lives now. While the leak of information certainly needs explaining, and the potential threat caused by such leaks is serious, that potential threat is also well-understood. And, I think, well-managed by the "spooks."
See Stuart Whatley's Profile
While I certainly trust the vigilance and general competence of the "spooks" as well, my primary goal here is simply to emphasize that one truly cannot be too careful on this issue. The leak this week, regardless of its root cause, should serve as a wakeup call for the nation's entire approach to cybersecurity -- both human and technological. You say the threat is "well-understood", however the Center For Strategic and International Studies, for example, would probably disagree with you; hence their 96-page report. From the Preface:
"Over the course of our year-long discussions and investigation, the Commission met formally four times; convened more than 30 briefings with government officials and private-sector experts leading the current effort to secure cyberspace; assembled eight working groups; and participated in several congressional hearings and briefings."
I would hope that this much effort by a respected think tank was not all wasted on a moot end. The CSIS lays out a comprehensive plan for staying ahead of the game in an ever-changing cyber-environment, rather than finding that one day some saboteur or worse has outsmarted us.
There is no reason more attention shouldn't be directed towards this issue.
Come on - it's all part of building a massively negative profile of Iran.
The spoilers are at work.
By any means neccessary.
Planted as part of the pretext for invasion. Then they realized they didn't have an army anymore.
COMPUTER BREECHES HAPPEN WHEN THE SECURITY IS NOT THERE.
Sent all the money out to a war and cut taxes too.
Who can afford security issues ?
Cmon republicans only know about the intertubes and the google, computer security is about as important as education to them.
It was Bush or Cheney
My theory is that one of the companies involved in the building of the "new" presidential helicopter (recently spotlighted in an exchange between Sen. McCain and Pres. Obama during which both agreed it was overpriced and probably not needed) deliberately placed the plans for the "old" (current) helicopter online, thereby perhaps compelling the US to go ahead with the new heli project since the old secrets have been leaked. How perfect is it that the "discovered" location for the secret files was somewhere in Iran? It sounds like a set-up.
I think there was a definite purpose behind it, and don't for a minute believe it was an accident, or that the company "Tiversa" was otherwise uninvolved, merely being good citizens by monitoring network traffic, or inspecting file content on foreign servers and "somehow" being able to recognize technical documents which were supposedly classified and unavailable to American citizens or companies without a specific need to know.
This makes me angry. I hope President Obama's team finds out who leak this information.
This is actually a plausable theory, but I don't think Obama will persue it. He gets new toys and you know how boys like new toys.
Great title!
Senator McCain recently suggested at a Whitehouse forum, that President Obama not carry forth with the new helicopters that had orginally been ordered by the Bush administration. I feel so mistrusting of the Republicans, I think they were involved with the hostage release when Pres. Carter was in office.
Me too.
You must be logged in to comment. Log in or connect with
