Beware Of Sticky Fingers When BlackBerrys Handle State Secrets
We're not at war with France, at least not the last time I checked, but that doesn't mean that the French want their state secrets coursing through the U.S. telecommunications infrastructure, courtesy of French government officials addicted to les BlackBerrys. Sure, BlackBerrys come with built-in encryption, but is that enough when you really, really don't want anyone to get their hands on the
We're not at war with France, at least not the last time I checked, but that doesn't mean that the French want their state secrets coursing through the U.S. telecommunications infrastructure, courtesy of French government officials addicted to les BlackBerrys. Sure, BlackBerrys come with built-in encryption, but is that enough when you really, really don't want anyone to get their hands on the information you're carrying around?While Canadian Privacy Law Blog wonders whether encryption makes this a nonissue, others point out that any encryption scheme can be broken; it's just a matter of time.
"Encryption, by its very nature, is designed to be decrypted," Andrew Colarik, an information security consultant who holds a doctorate in information systems security from the University of Auckland, told me Thursday. "All encryption is is a delaying tactic. It might be years from now, or it might be next month."
So, as with many issues related to security, this is not a technology issue. "If you're a cabinet minister, you don't BlackBerry cabinet information to another cabinet minister," Colarik says. "Anyone in a national security position has to take information security seriously, and more often than not they don't because we often defer to efficiency and convenience."
The BC Blog expresses a trust in le BlackBerry security but also argues a pragmatic approach regarding when to send a text message and when a matter is urgent enough to actually pick up the phone and dial.
This doesn't preclude the U.S. security establishment from making its own fair share of mistakes. As my colleague Sharon Gaudin points out in a news story today, the most recent controversy surrounding Homeland Security involves classified e-mails being sent over unclassified networks, and unauthorized users attaching their personal computers to DHS networks and gaining access to government equipment and data.
Colarik notes that a friend and former FBI agent once had a defective BlackBerry that RIM wanted to swap with a new device. "Some of the information on that BlackBerry could not be disclosed by law," he says. Colarik's advice? Get a really big magnet and wipe the BlackBerry before shipping it back.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.