December 13, 2010: The biggest casualty from the Wikileaks disclosures is not the information that American soldier PFC Bradley Manning stole and passed on to Wikileaks, or the fact that this was a major breach in American security. The big danger is that the American intelligence community will go back to pre-September 11, 2001 practices. Back then, "need to know" and unwillingness to share data with other branches of the government meant that a lot of vital connections were not made. For example, if there had been more data sharing before September 11, 2001, those four aircraft would not have been hijacked. While intelligence people remember all that, many politicians and senior bureaucrats do not. Or, rather, they are more concerned with covering their collective asses than they are of maintaining access to data for those who are keeping the terrorists at bay. For all the effort put into airport security, it's been intelligence work that has detected and shut down nearly all Islamic terror plots against American targets. These operations get very little publicity, and this is intentional. You don't want the enemy to know anything about your sources and methods. But now the intel community is going to give some publicity to how data sharing within the government is essential to catching terrorists, or wayward souls like Bradley Manning.

As an intel specialist, Manning had a security clearance and access to SIPRNet (Secret Internet Protocol Router Network). This was a private Department of Defense network established in 1991, using Internet technology and able to handle classified (secret) documents. Since September 11, 2001, over half a million people have obtained access to SIPRNet, and many government agencies made their secret (but not top secret and above) data available there. In the wake of PFC Manning's theft, some agencies are reconsidering the value of sharing.

The key problem was that Manning got access to a computer with a writable CD drive, and was able to copy all those classified documents to a CD (marked as containing Lady Gaga tracks) and walk out of his workplace with it. The big error here was having PCs available with writable media. You need some PCs with these devices, but they should be few, and carefully monitored. Normally, you would not need to copy anything off SIPRNet. Most of the time, if you want to share something, it's with someone else on SIPRNet, so you can just email it to them, or tell them what it is so they can call it up themselves. A network like SIPRNet usually (in many corporations, and some government agencies) has software that monitors who accesses, and copies, documents, and reports, and sometimes prevents, any action that meets certain standards (of possibly being harmful). SIPRNet did not have these controls in place, and still does not on over a third of the PCs connected.

The guilty party here, who will probably not be identified, much less punished, are the bureaucrats who dropped the ball on installing available security monitoring software on SIPRNet. Internet security experts have been castigating the government for more than a decade over the slow pace of upgrading security on government networks, and SIPRNet in particular. Now those upgrades are being made, but the big danger is bureaucrats, in an effort to look good (while doing damage) eliminate the sharing, and give the terrorists the kind of invisibility that made September 11, 2001 possible. Come to think of it, no one got punished for the intel screw-ups that led to that disaster either.