Short of strip searching employees every time they walk out the door, there's probably nothing Boeing could have done to prevent the alleged data theft that has a former employee facing criminal charges, security expert Bruce Schneier says.
Gerald L. Eastman, 45, was accused last week of 16 felony counts of first-degree computer trespass for putting highly sensitive files onto a USB thumb drive and trying to leak them to newspaper reporters, the Seattle Times reported. Eastman allegedly stole documents that could cost Boeing US$5 billion to US$15 billion in potential damages if they fell into the wrong hands.
If a company hires an untrustworthy employee, there is almost nothing it can do to prevent theft, Schneier argues. "What's done in African mines is they do full-body cavity strip searches every time they leave. That works," Schneier says.
Implementing new data policies probably won't prevent theft, he says. The only real solution is to hire trustworthy people, because companies simply have to rely on the people who have access to their data, he says.
"I'm not convinced [Boeing] did anything wrong ... that any policy would have fixed it save strip searches," he says.
Even that might not work, he notes. A strip search would turn up a USB drive, but an employee can easily e-mail classified documents to himself. "Since the beginning of time, your employees could steal your data," Schneier says. "Modern technology makes it easier to take lots and lots of data ... [but] in a sense it's not a technology problem, it's a human problem."
Schneier says the alleged Boeing theft itself was not particularly egregious.
But these thefts are probably more common than people think, with most going undiscovered, says John Jefferies, vice president of marketing at RedCannon Security, which says its products can prevent such thefts.
"These flash drives are just so much easier to steal and nobody's doing anything to manage or control them, encrypt the drives," he says. "It's just fortuitous that they caught this guy. I think Lockheed Martin probably has this problem too. That's why I say it's just the tip of the iceberg."
RedCannon says it can restrict the types of USB drives that are plugged into computers, monitor what data is pulled from a hard drive, and remotely destroy content if the thumb drive is inserted into an Internet-connected computer. As an extra safeguard, the vendor says its products can set USB devices to stop working when they are not inserted into a computer connected to the Internet.
This isn't Boeing's first data-security problem. Last December, a Boeing laptop containing the names, salary information, Social Security numbers, home addresses, phone numbers and birth dates of 382,000 current and former employees was stolen from an employee's car.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Achieving the impossible: Unlimited application scalability
Discover the advantages of an open architecture multi-vendor network solution
Email Archiving 101—Customer Case Study
Data grids and service-oriented architecture
Know thy self: Reduce costs, secure data and ensure compliance with identity management
Security Inside Out
Everything you need to know about email and web security (but were afraid to ask)
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Delivering the Power of Choice with Microsoft Dynamics CRM
Join Ed Thompson, Research VP, featured analyst firm, Gartner, Inc., and Brad Wilson, General Manager CRM Microsoft Dynamics, for a new webcast, Delivering the Power of Choice with Microsoft Dynamics CRM, available now. Our panel will break down the best practices for getting the most out of CRM and you'll learn key recommendations you can implement in your organization. Additionally, you'll also hear Microsoft's vision for CRM.
Buying Guides
Latest Products
Buying Guides
