Security absurdity: US in sensitive information quagmire
Protecting and classifying sensitive information such as social security numbers shouldn’t be that hard, but perhaps not surprisingly the US government has taken complicating that task to an art form.
It seems that designating, safeguarding, and disseminating such important information involves over 100 unique markings and at least 130 different labeling or handling routines, reflecting a disjointed, inconsistent, and unpredictable system for protecting, sharing, and disclosing sensitive information, according to the watchdogs at the Government Accountability Office.
What would your ultimate network security look like?
The GAO noted the security classification mess in a report that looked at the challenges government contractors face in protecting private information last week.
That report found that at least three federal agencies were not fully safeguarding private information increasing the risk of unauthorized disclosure or misuse. Part of the problem was the way such information is handled.
And as you might imagine, this is not a new problem.
In 2006 the GAO reported on a survey of federal agencies that showed 26 were using 56 different designations to protect information they deemed critical to their missions-such as law-enforcement sensitive, sensitive security information, and unclassified controlled nuclear information.
Because of the many different and sometimes confusing and contradictory ways that agencies identify and protect sensitive but unclassified information, the sharing of information about possible threats to homeland security has been difficult, the GAO stated.
It seems the problem has only grown worse since then, despite efforts to streamline and simplify the process.
Without trying to define what exactly each one of these designations mean, here are just 50 of the ways sensitive but unclassified is carved up.
…