Friday, February 29, 2008

Holy OPSEC, Bat Man! We're In Trouble

Just who is in charge of OPSEC (Operational Security) for our military at the moment, Bozo the Clown? Our military has been transmitting unencrypted classified data to a British civilian at a mistaken e-mail address for eight years - including such things as the flight plans for Air Force One.


Our military is the finest in the world in large part because it holds itself to very high standards. Failures happen of course, but they are almost never of the spectacular variety and they are addressed as soon as they are recognized. So the story in today's Telegraph is an anamoly - but a huge one.

OPSEC has been a critical component of military operations since time immemorial. And our military and intelligence operations are no different. OPSEC means taking those steps necessary to insure that one's plans and other sensitive information stay secret. Sensitive materials must be protected from enemy agents and not disclosed beyond those with both the proper security clearance and the need to know.

In today's world, that means that you only transmit classified material to people authorized to receive it and that if you are transmitting classified materials by any sort of electronic means, that you do so by secure means. It should be encrypted. This is very basic stuff.

This is a big deal in the military. There are intelligence officers at battalion level on up whose duties specifically include overseeing OPSEC, and even the lowliest grunt is trained in the basic techniques of OPSEC. This is deadly serious.

So why on God's green earth is there some poor Brit in the town of Mendenhall, U.K. who can't get the U.S. to stop sending him their unencrypted classified documents - some of it very highly classified? And to raise the level of incompetence on this one - he's been trying to get them to stop for eight years:

A tourist information website promoting a small Suffolk town has had to shut down after it received a barrage of thousands of classified US military emails.

Sensitive information including future flight paths for US Presidential aircraft Air Force One, military strategy and passwords swamped Gary Sinnott's email inbox after he established, a site promoting the tiny town of Mildenhall where he lives, the Anglia Press Agency reports.

As well as Mr Sinnott and his neighbours, Mildenhall is home to a huge US Air Force base and its 2,500 servicemen and women, and the similarity in domain names has led to thousands of misdirected emails from Air Force personnel. Any mail sent to addresses ending would have ended up in Mr Sinnott's mailbox.

. . . Mr Sinnott said: "You wouldn't believe some of the stuff that I have been receiving - I wonder if they ever had any security training. When I told the Americans they went mental.

"I got mis-sent e-mails right from the start in 2000 but even after I warned the base they just kept on coming. At one stage I was getting thousands of spam messages a week.

. . . "But then I began to receive military communications from all over the world - a lot containing very sensitive information."

Agents from the USAF Office of Special Investigations have visited Mr Sinnott to ask him to delete any classified material he may have received, but concerns have been raised that resourceful terrorists could use similar methods to fool the US military into revealing state secrets. . . .

Read the story here. Oh my God! Resourceful? If this is all it takes to tap into our sensitive and classified information, setting up a website named closely to an official one, we are absolutely screwed. This is incompetence on a scale I would not even expect from the military of a third world banana republic.

There is only one conceivable first step in handling this. To put this in the military vernacular, the Chairman of the Joint Chiefs of Staff needs to start a new collection - testicles in glass jars adorning his desk. The donors should be the G-2 Intelligence Officers responsible for OPSEC at Mildenhall AFB since 2000. Then our elected leaders, our military and our intelligence people need to get to the very bottom of how this could possibly happen - and why we have anyone, let alone what seems to be a bevy of soldiers, transmitting classified material without encryption.

We got lucky on this one - but the fact that our military is worried that this might not be isolated is potentially disasterous. What if this information fell into the hands of al Qaeda or Iran? Or possibly worse, the New York Times?

Update: I have contacted every source that I can think of to get confirmation of this story. I would expect to get feedback next week.

No comments: