Stark Reminders about the Threats to Your Sensitive Data
Posted on: June/13/2015 10:38 am by: William Brooke Stallsmith
Respond to this Article | Return
Two news stories from the first half of 2015 highlight the importance of counterintelligence awareness for stabilization and transition professionals.
The most recent and widely covered item was the US Department of Homeland Security’s announcement earlier this month that China-based hackers had stolen personal data on some 4 million federal government employees from the information systems of the Office of Personnel Management. Whether the hackers were associated with the Chinese government, another nation-state, or a criminal gang, the OPM breach is a stark reminder of the value that malicious actors attach to personal information. And data about us stabilization and transition professionals is likely to have above-average interest for the OPM hackers and their ilk. Many of us, even if we don’t work directly for the US Government, are the subjects of the security clearance and background investigation records that were broken into, and others may be cited as character references for current or prospective employees of the Department of State, USAID, or other federal agencies. The details in these records about our foreign contacts and experiences overseas greatly help criminals or spies find vulnerabilities they could exploit—to the detriment of ourselves and our organizations.
The other reminder of the stakes in CI awareness comes from Syria. Computer security company FireEye in February published Behind the Syrian Conflict’s Digital Front Lines, which details how hackers possibly located in Lebanon penetrated the databases and Skype sessions of rebels, media activists, and humanitarian aid workers associated with the conflict in Syria. Aid workers such as the coordinator for a charity based in Turkey suffered the compromise of lists of humanitarian needs for victims of the fighting and of the records of financial assistance. Even worse, Syrian refugees in Turkey had their personal information stolen—potentially allowing hostile armed groups to target the refugees themselves or their families.
The lessons from these incidents for stabilization and transition professionals are the same ones I laid out in my article for IST last September. Many actors want access to the data that describes us, our organizations, and our activities, and they can use a range of methods—from massive data breaches to one-on-one recruitment pitches—to try to get it. Loss of this data could be embarrassing for us and, in war zones like Syria, downright catastrophic for contacts, local employees, clients, and aid recipients who count on us to help keep them safe. We need to take common-sense measures to protect this data and the people behind it—such as ensuring the regular updates of computer applications—and, above all, to be ready to respond with intelligence and flexibility when a data breach does occur.