Look. I don't want to diminish the importance or complexity of securing our critical infrastructure from Evil Doers, Bad Actors, Wingnuts, Doofuses and Well-Intentioned Idiots. It's an important job that has to be done much better than we've done it so far. Hard work by early adopters of the latest security technology and a big dose of dumb luck have kept the really ugly possibilities out there from coming true.
But sometimes I have to wonder if in our legitimate concern for preventing these cyber-incursions we're missing the forest for the trees. We really often are our own worst enemies.
This news release is out on the Innerwebs this morning. A couple of the money quotes: "The Los Alamos nuclear weapons laboratory in New Mexico is missing 67 computers, including 13 that were lost or stolen in the past year. Officials say no classified information has been lost."
"Thirteen of the missing computers were lost or stolen in the past 12 months, including three computers that were taken from a scientist's home in Santa Fe, N.M., on Jan. 16, and a BlackBerry belonging to another employee was lost 'in a sensitive foreign country,' according to the memo and an e-mail from a senior lab manager."
"Only one of the three computers stolen from the employee's home was authorized for home use, which raised concerns 'as to whether we were fully complying with our own policies for offsite computer usage.'"
"The security administration memo said the 'magnitude of exposure and risk to the laboratory is at best unclear as little data on these losses has been collected or pursued given their treatment as property management issues.'"
This story seems right up there with the report of a week or so ago about people leaving data sticks full of important info in the pockets of the clothes they send to the cleaners.
Situations like this one aren't about spending elebenty million dollars on a state-of-the-art security system. Security on this level is about following the rules already in place and exercising common sense.
I mean, what is it about the word "portable" that's hard to understand? If it's easy for you to carry around, it's just as easy for somebody else to walk off with it. While I love the convenience of working from home as much as the next person, maybe there are some computers, laptops or not, that should just never leave the building. Maybe some stuff shouldn't be accessible through your smart phone or put on a data stick, no matter how tempting it is to do so.
I know that getting computer wizards and scientists to do what they're supposed to do is just like getting journalists to do it--can you say "herding cats?" But surely this can't be beyond the capacity of organizations to handle.
OK. Nobody's gotten hold of the Secret Codes for the POTUS' red phone or anything equally scary--this time--but, sheesh! Get a grip, people!
