During the First World War, allied forces were able to read a lot of German radio traffic because of codebooks falling into allied hands. Eerily reminiscent of those days, NATO forces recently ran into a similar scenario, however, through their own missteps.
Instead of being retrieved during a state of war and capture, plans for NATO exercise Joint Warrior 161 were accidentally sent to Scottish fishermen and ferry operators emails.
— Rob Edwards (@robedwards53) 17 aprile 2016
In an age where tensions are rising, justifiably or not, between NATO and Russia, the loss of the information teaches us lessons.
Security personnel needs to be especially concerned when transmitting sensitive information. In the case of Joint Warrior 161, codewords, ciphers, coordinates, and radio frequencies were released. Security experts need to assume there is someone attempting to gain access to sensitive information. Whether that information is security secrets of a country/alliances military or the intellectual property associated with a new product coming to market, there is always someone attempting to get that information.
Despite a Ministry of Defence (MoD) spokesperson claiming there was “no impact to the public, military personnel, or units participating in the exercise”, at what point does one ask if other potential breaches have gone unreported or even undiscovered? Reports show there is an under-reporting of breaches of sensitive information. While we see the major scenarios like the Office of Personnel Management (OPM), Target, or Home Depot, most breaches go unreported because of concerns over company reputation.
All personnel of an organization needs to understand they have a part to play in the security of sensitive information – whether military secrets or company intellectual property. Security personnel has a major role in ensuring the culture at an organization understands the procedures and levels of sensitive information that needs to be protected. While humans are our weakest link in the security chain, learning from incidents and regularly reviewing procedures and identifying sensitive information for protection.
Dave Snell, a retired naval officer, is a Security Professional with twenty years of experience working cyber intelligence, project management, and counter-terrorism operations.
Written by: Dave Snell
Author Bio: Dave Snell, a retired naval officer, is a Security Professional with twenty years of experience working cyber intelligence, project management, and counter-terrorism operations.
Edited by Pierluigi Paganini
(Security Affairs – NATO Manual, data leakage)