CNN’s Mike Ahlers and Elaine Quijano put together an intriguiging segment about a lost hard drive from the National Archives for The Situation Room with Wolf Blitzer television show I appeared on last night. The hyperlink goes to the actual article…the video hasn’t been posted yet and they’re telling me it may not be. I hope you had the chance to see it live last night. If it gets posted I’ll be sure to link to it.
If you haven’t read the other takes on the story it’s pretty fascinating. An external hard drive containing a good bit of personal and sensitive information was moved from a secured area of the building and left exposed for a while in an unsecured location. It then apparently sprouted legs and walked off. With 100 or so people having badge access to the area as well as janitors and visitors this doesn’t surprise me. It was a 2 Terabyte drive…Wow. But that doesn’t necessarily mean that it contained that much information. But all it takes is one bit of sensitive info going unaccounted for to have a breach on your hands.
Yet another data breach likely to end up on the hall of shame list. I haven’t confirmed whether the National Archives and Records Administration falls under the scope of FISMA but I suspect it does. They do have their own Information Security Oversight Office (ISOO). Probably should’ve been obeying their own rules, you think? And they probably should’ve encrypted that drive so whoever has it can’t do much with it, huh?….Better to spend $200 of taxpayer money on drive encryption software than no telling how many tens (if not hundreds) of thousands of dollars it’s going to cost before all’s said and done. Oops.
I’ll say it again folks: what’s it going to take to encrypt mobile drives?
BTW, did anyone catch the last name of the U.S. Congressman featured in the story linked above? Issa. Funny tie-in. Get it?
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”