WikiLeaks Could Have Been Prevented with Better Access Controls

By Ken Ammon  |  Posted 2011-02-15 Print this article Print

WikiLeaks could have been prevented with better access controls

Clearly, once information is available online-whether government cables or music-the people who own the information have lost all control over it. They can discuss new laws to accommodate new technologies, ethics and so on, but an equally pertinent question is, "What could we have done to prevent this in the first place?"

Organizations industry-wide are abuzz with what happened with WikiLeaks. Unfortunately, many are focusing on the "Wiki" and not the leaks. Providers have shown good faith by shunning DNS and hosting services to the WikiLeaks site. What will follow is a game of Whack-A-Mole. Case in point: Napster music sharing was replaced with platforms such as LimeWire and BitTorrent.

The WikiLeaks loss represents yesterday's clumsy virus. Quite simply, the leak originated from a low-level analyst trusted to follow policy. While the security community is focused on emerging, persistent threats capable of sophisticated and coordinated attacks on nuclear plants (Stuxnet), let us not forget that we continue to be at great risk from much less sophisticated threats such as trusted insiders with access controls that are enforced with basic tools such as handbooks and written policy.

Ken Ammon is Chief Strategy Officer at Xceedium. A recognized expert in security issues, Ken joined Xceedium from LookingGlass, a high-technology consulting firm that advises corporations and private equity funds on emerging security trends and technologies. Prior to LookingGlass, Ken was founder and president of managed security services provider NetSec. A noted security expert in matters relating to the federal government, Ken has testified before the House Government Reform Committee on dramatic security vulnerabilities affecting sensitive government information and infrastructure. Ken has also served as an adjunct faculty member at the National Cryptologic School where he was recognized with the Scientific Achievement Award. Ken began his career in the United States Air Force where he was a captain assigned to the National Security Agency. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel