Home > Uncategorized > The Snowden conversation we are all having in one way or another…

The Snowden conversation we are all having in one way or another…

Edward Snowden (source Wikipedia)

Edward Snowden (source Wikipedia)

Edward Snowden did one important thing: He made an important conversation on security and ethics popular and international.

One one hand, he told us something we always knew: Spies spy. That is, stealthily gathering secrets, usually associated with times of war or matters of national security, is the third(?) oldest profession.  :-)
Spying on specific national interests is assumed, expected, and probably universal, which is why the feigned indignation of global leaders is laughable.
However, spying on a populous is extreme. Spying is normal when its targets are decision makers, influencers and information handlers. Regular citizens, though, don’t qualify for surveillance unless they are associated in some other way with a security threat.
  • Surveillance of a high crime street corner is appropriate
  • Surveillance of a shoplifting-prone market is appropriate
  • Surveillance of military leaders engaged in assault on national interests is expected
  • Yet, combing private communications, collecting information that may someday be factored as a risk – destroys the fabric of trust between a people and its government. 
Therefore, surveillance in itself is morally neutral, neither good nor bad. Sometimes it’s downright necessary for security or loss prevention. It’s a simple formula: Analyze meta data, identify risks, manage risks.
This surveillance and spying conversation, however, sends shivers down the backs of security managers and executives.
My recent informal research shows that security executives are Least Aware of physical threats to information. Every security executive we’ve interviewed had an understanding of physical threats to information (unauthorized visitors, dumpster diving, etc) but almost none had studied or measured the risks associated with physical threats to information, nor did they have in place thorough procedures to protect against it.
…and Least Prepared for Social engineering and physical penetration.  Every security executive confessed that confidential company information was as risk of social engineer attacks (phony phone conversations, pre-texting, impersonation, spear-phishing, etc.).  Physical penetrations were even more frightening to some executives who were certain that their confidential company information could be collected and conveyed out of the building (in the form of printed documents, photos, memory sticks, etc) by
  • an unauthorized visitor tailgating into the building
  • an attacker bypassing security controls at doors and fences
  • rogue employees or contractors (a la Snowden)
  • an internal attacker of any type
We are all in this discussion now, public and private organizations, data and physical infrastructures. Now tell me your opinion. Do you think the “Snowden affair” is relevant to your organization?  Is it a physical security issue? A cybersecurity issue? Both? Something different?
(Published by Steve Hunt previously on SecurityCurrent.com)
(Photo credit: Wikipedia)
About these ads
  1. July 8, 2014 at 11:39 pm

    What’s up, its ppleasant piece of writing on the topic oof media print, we all understand media is a
    great source of facts.

  2. August 7, 2014 at 5:46 pm

    Hello I am so glad I found your site, I really found youu by
    error, while I was researching on Digg for something else, Anyways I
    am here noow and would just like to say cheers for a trermendous post and a
    all roundd iteresting blog (I also love the theme/design), I don’t havee time to read
    it all at the minute but I have book-marked it and also
    added your RSS feeds, so whn I have time I wwill be back to read a great deal more, Please do keep
    up the excellent work.

  3. August 10, 2014 at 8:14 pm

    Useful information. Lucky me I found your site by chance,
    and I’m stunned why this coincidence didn’t came about earlier!
    I bookmarked it.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: