|
|
Analysis: Spying Chinese temptress steals senior Brit's BlackBerry (continued)
Bumbling Brit
And that brings our story back to our bonking Brit and his BlackBerry bandit. Just how much trouble did this aide's problematic peccadillo get him into? Of more concern, how much damage did our international man of mystery's "special branch" do to Britain's security -- and, by extension, the security of her allies?
We know a single BlackBerry can store a surprising amount, the equivalent of about 28,000 printed pages of data, or -- in keeping with the theme of our British boner -- the equivalent of seven complete sets of all seven Harry Potter novels. That's a lot of strategic government information to lose to the Chinese.
We also know a single BlackBerry can be turned into a shockingly powerful surveillance device, with all sort of disturbing implications for national security.
The Sunday Times reports "that even if the aide's device did not contain anything top secret, it might enable a hostile intelligence service to hack into the Downing Street server, potentially gaining access to No 10's email traffic and text messages."
As these various stories -- my initial book scenario, the Mexican theft of U.S. government BlackBerry devices, this new Chinese theft of British BlackBerrys -- have shown, the risk of BlackBerry theft is particularly high when government officials are traveling.
These devices are often the mobile extension of their offices, their primary means of communication, and their personal, pocket file cabinets.
So, what should governments do?
I've made recommendations before about the secured handling of handheld devices. If you recall, I recommended the establishment of an Electronic Communication Protection Detail, a group I've recommend be created as part of the Secret Service to manage all of the email security issues. I've recommended each staffer issued such a device needs to be trained to notify the Electronic Communication Protection Detail immediately when a device is lost.
But clearly more is required. It's clear that the White House, and, by extension, governments of our strategic allies need to establish a complete end-to-end asset management policy for handheld devices. Guidelines need to be established for where these devices can be taken, when they can be removed from one's person, and how they should be handled in secured situations like those that ocurred in New Orleans and Shanghai.
Finally, a true rapid-response operation needs to be established so data can't fall into the wrong hands. I've recommended that no communication device be issued to White House staffers without two key features: location and destruction.
It is possible to both remotely erase certain BlackBerry devices and remotely locate them. When lost, a team from the Electronic Communication Protection Detail should first trigger the remote erase and then a tracking team needs to be dispatched to recover these little mobile nightmares as quickly as possible.
Clearly, the Secret Service responded relatively quickly in the New Orleans case and recovered the devices. We don't know whether the Special Branch recovered the missing British device. In the case of the theft of the American devices, because there was no apparent remote destruction capability, the data wasn't secured until the physical devices were. And, again, we don't know whether or not the Brits had any operation in place to secure their missing device.
|
|
|
|
