Open, but secure. That is the new approach governments need to take to secrecy and national security in the age of WikiLeaks. Social media is changing the way people and organisations work and communicate, and its impact on public sector agencies and national security strategies is a subject of both excitement and grave concern.
This new digital universe enhances governments' interactions with their global counterparts for matters of national security and diplomacy; it enables better information-sharing and collaboration among agencies, governments, private industry and the public; it can provide a human face to a government body; it can enhance a government's and nation's reputation locally and globally. But why do we seem to be less secure, more terror prone? Why, in a time when governments can engage directly with citizens, is our age characterised by fear and loss of trust?
In the virtual world, a vast amount of diverse information is available at the click of a button, but there can be adverse impacts on operations, assets and individuals when confidentiality, integrity, or availability of that information is compromised. Given the viral nature of social media and the wide geography and audience it spans, it is much easier for agencies to gather and disseminate information quickly and easily. However, it also makes sensitive information leakage much harder to contain.
As government agencies look to leverage new technologies to communicate with the public, move more citizen services online, share services amongst agencies, share intelligence for national security purposes and collaborate with other nations and private industry, they will need to take a more open stance to secrecy and information sharing.
But to mitigate risks, they need to take a more solid security stance at the same time. It is imperative for leaders at all levels within government (agencies, departments, contractors, etc.) to weigh the risks and benefits of making information more accessible and, once decided, put strong safeguards in place to ensure only those who need access can get access.
Information leaks imply failures across multiple areas, particularly risk management, access control and confidentiality. The ongoing WikiLeaks exposé clearly shows that the threat is not always from external groups; it can be far more insidious when it stems from trusted individuals within an organisation.
To reduce sensitive data leakage, officials, employees and contractors must only have access to information necessary to do their jobs, so information should be regularly assessed in terms of who is 'need to know'. To achieve this, governments should embrace a more contextual approach to classifying, managing and protecting information that is based on the attributes of the person seeking to access it. These attributes could include identity, geolocation, time of day, group associations, usage patterns of the requester, and where the information is going (eg. mobile device, office, home, etc).
The benefits of the virtual world are manifold and its potential can be harnessed for greater national security and more efficient and engaging governance. Governments today have the opportunity to reach new audiences and engage with existing ones, enhance internal collaboration, enable information sharing with local and global partners and break down traditional bureaucratic boundaries. However, recent external breaches such as the one at NASA and the internal breaches that continue to drive the WikiLeaks saga, through to the reports of Australian government agencies losing mobile devices holding confidential data, prove that caution is required and governments must take an 'open, but secure' approach to secrecy.
Steve Vinsik is vice president and partner in Global Security Solutions for Unisys Corporation, sponsor of The Lowy Institute's 'The Future of Secrecy' forum. This articl was first published on The Interpreter. Republished with permission