Jimmy Sorrells on Information Security

The current WikiLeaks controversy isn't the first one ... there was a 2007 WikiLeaks release of an Apache gunship video. Why is classified information still falling into the hands of the public?

JS: For the same reason that significant security breaches continue to happen every day, all over the world, in all kinds of enterprises both classified and unclassified. It's because we're looking at network security and the way we organize our most valuable assets and information using out of date technology.

The traditional approach to information security is simply not working. Firewalls are penetrated every day. Intrusion prevention and detection systems find threats only once they've entered. Modern warfare is based on information; we are capturing, cataloging and storing it at an unprecedented pace. Enterprise network architectures, access and security technologies have not kept pace with the exponential explosion of information. Organizations must start investing in new solutions that will enforce the separation of critical valuable data from users and networks that have no need to know, while still allowing access to those that do.

What are the dangers?

JS: The dangers are significant and real. Data in the leaked documents may contain specific information about individuals that could result in retaliation. People could be killed as a result of this specific security breach.

It seems surprising that the original source of the current leaks was an Army PFC ... surprising in that a lowly rated enlisted man would have such access to secrecy as opposed to limiting it to high-ranking officers. How can the military and the government improve security protection to prevent such hacking and illegal pilfering?

JS: This is really the heart of the problem. Soldiers, even Army PFCs, must have access to classified networks to do their jobs, period. But the network architectures have not kept pace with the rapid increase in intelligence data and sources. Too much information is kept in very large, flat networks with no hierarchical segmentation based on need to know. Network access and information separation are at odds with each other, and old school technology is insufficient to solve the problem. New solutions need to be adopted, and fast.

One of the key tenets of the processes required to develop and deliver new secure systems is to establish and adhere to a culture of 'security first and foremost.' Virtually all technology companies providing traditional solutions in use actually compromise security to satisfy the customer's desire for functionality (such as access) ahead of security. INTEGRITY is the only separation kernel to have ever achieved a certification level of EAL6+ for the protection of classified information from sophisticated attackers as defined by the NIAP Common Criteria Certification process. Existing security technologies have only been certified to protect against casual and inadvertent attempts to breach system security, which is an EAL4 certification level.

In order to fix the problem and make sure another breach such as this does not occur, organizations are going to have to embrace processes and technology that will not allow a single person, regardless of rank or position, to have the sole authority to access such large volumes of classified data.

(Mr. Sorrells is vice president of enterprise products at INTEGRITY Global Security. He previously worked at Green Hills Software and was president of Axiom Technology Inc., where he guided the development and deployment of multi-processor software products for parallel processing computer architectures. He also was a software and hardware design engineer at Dynetics Inc and at IBM. He has a B.S. from the University of North Carolina at Charlotte and an M.S. from Purdue and has completed Ph.D. coursework at the University of Alabama in Huntsville ... all in electrical engineering.)