What should be done about this latest security breach? ...our nation's dams....

SGM Private RallyPoint Member — Wed, 22 Oct 2014 10:45:02 -0400

http://www.nextgov.com/cybersecurity/2014/10/noaa-considers-whether-axe-employee-accused-breaching-army-dam-files/97094/?oref=nextgov_today_nl

NOAA Considers Whether to Ax Employee Accused of Breaching Army Dam Files

Hydrologist Xiafen Chen was arrested at work for supposedly stealing sensitive, restricted information on critical infrastructure.

Response by Maj Chris Nelson made Oct 22 at 2014 12:42 PM

Maj Chris Nelson — Wed, 22 Oct 2014 12:42:06 -0400

interesting article. Looks like someone granted access and permissions that should not have been granted, so they need to assess that aspect also. Unless they prove that it was done for profit/espionoge etc, they may have a hard time pressing charges. Let's face it, if any one of us found we had access to something like that, would it not be interesting to learn something like that??!! I know I could find it interesting. And for me, it would only be Gee Whiz!! If it is something that really needs to be secured, then, maybe this info needs to be stored differently (SIPR?).

Response by PO1 Private RallyPoint Member made Oct 23 at 2014 10:18 AM

PO1 Private RallyPoint Member — Thu, 23 Oct 2014 10:18:07 -0400

Looks like pretty common and simple tradecraft, otherwise known as spying. Soviets used to do it, Russians do it now. Chinese have been doing it for decades. Why is anyone surprised at this?

Response by SPC Andrew Smith made Oct 23 at 2014 10:37 AM

SPC Andrew Smith — Thu, 23 Oct 2014 10:37:54 -0400

SGM,

Firstly, I would say a thorough investigation needs to be completed. Thorough, in this case, meaning they absolutely need to discover if this employee was acting on behalf of a foreign entity or not. It seems to be already determined that the employee did, in fact, commit the act, and punishment should hinge on the findings of the investigation.

If they can find no connection to China, or any other foreign entity, they should rule that the breech was due to either negligence, or incompetence on behalf of the employee/s, whom should certainly lose their jobs, in my opinion, and be punished in accordance with any laws that may govern this type of crime. However, should they find she specifically was attempting to aid a foreign entity, then the case would enter the realm of espionage, a completely different animal.

Either way, it appears that the government needs to better protect this sensitive information. Data pertaining to a critical part of our infrastructure should only be accessible to personnel whose positions require it, not to those who merely stumble upon it because it's there, and certainly not those who would use it for criminal purposes.