Paying for Non-Secrets

george_tenet_911_1.jpg

Former Director of Central Intelligence George Tenet famously said when asked about so-called open source (unclassified) intelligence, “we only pay for secrets.” He spoke with the confidence of a man born and raised in the world of the 20th century spy and the Cold War. 

With the massive leak of government employee information from the Office of Personnel Management (OPM), Director Tenet’s statement has been proven quite wrong for the 21st century. China and others are willing to pay for “non-secrets” and they matter.

As data breaches go, the OPM break in was not the biggest one experienced in the past few years. Target, JP Morgan Chase and a few others were larger in breath and scope. But, they did not contain information that could be used to target and engage in spying on the US government.

As an old spy, I wanted information. I wanted people’s background: where they live and had lived, who their relatives were, and what personal problems they might have. That way I could figure out how to develop a successful “relationship” with someone who would spy for me. And, also, target more successfully – not waste time on someone who did not matter. You see, the real trick is human intelligence is finding people with access to important people and their information. I don’t want to recruit the Secretary of State -- too big, too awkward to meet and not likely to be recruited. No, I want someone on his staff or someone who has access to his staff and especially their work product.

The OPM leak contains millions of personnel files that will help China do just that. Files on government employees and their contractors with a summary of their backgrounds and what programs they have access to is quite sufficient for my targeting purposes.

In the 21st century, information contained in files like OPM need to be treated like the old fashioned state secrets were. I am sure whatever investigation there is will turn up either woefully inadequate IT security, inside actions, or both. 
Welcome to 21st Century cyber conflict. Information is a weapon to use and target and cyber space is the battlefield. So far, if OPM is the indicator, the US government is getting skunked.
Ronald Marks President and Senior Partner, Intelligence Enterprises, LLC
LinkedIn: http://linkd.in/1RcRTYK

 

« Samsung Will Fix Security Hole in Galaxy Smartphones
Cyber Insurers Won’t Cover Data Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IONU Security

IONU Security

IONU offer a security platform focused specifically on providing Data-centric Security.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Dcode

Dcode

Dcode connects the tech industry and government to drive commercial innovation in the federal market.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Ghost Security

Ghost Security

Ghost is a venture backed, product-led startup building the new standard in application security for the modern enterprise.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

PeoplActive

PeoplActive

PeoplActive is an IT consulting and recruitment services organization with leading capabilities in digital, cloud and security.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.