Breach of Faith
Over the course of twenty-two years, from 1979 to 2001, Robert Hanssen participated in what is possibly the most severe breach of national intelligence in the United States' history. Through a combination of skill and sheer luck, Hanssen was able to pass critical information from his job at the FBI to Soviet and later Russian intelligence agencies, information that may have contributed to the capture and execution of a number of individuals. Hanssen's case is particularly interesting because it takes place over the course of two decades that included the end of the Cold War and the beginning of the internet age, and as such examining the various means by which Hanssen was able to breach security offers extra insight into the security threats, new and old, that face those tasked with protecting sensitive government information. Ultimately, the Hanssen case reveals a number of ongoing vulnerabilities concerning the safeguarding of sensitive government information, because although the FBI adapted its security functions in response to developments of the last thirty years, this response has been characterized by the same underlying structural and cultural problems that created these intelligence and security failures in the first place.
1. Identify specific vulnerabilities that allowed Robert Hanssen to access highly sensitive personal and secret information, disclosure of which could prove harmful to U.S. security and endanger American lives, to breach FBI security rules and requirements, and pass this sensitive information to the Soviet Union, a government inimical to the U.S. At the time.
Hanssen's breach was so successful that in its aftermath, the Justice Department ordered a review of the FBI's security programs in order to identify which policies and procedures should be changed or updated in order to confront the kind of threats embodied by Robert Hanssen and others like him. Many of the specific vulnerabilities that allowed Hanssen to access highly sensitive information and pass it along to the Soviet Union and eventually Russia were outlined in the report compiled by the Commission for Review of FBI Programs, also known as the Webster Commission, after its chairman William H. Webster. The Webster Commission notes the relative success of Hanssen's breach in the introduction to its report, noting that "the Commission for the Review of FBI Security Programs was established in response to possibly the worst intelligence disaster in U.S. history: the treason of Robert Hanssen, an FBI Supervisory Special Agent, who ever twenty-two years gave the Soviet Union and Russia vast quantities of documents and computer diskettes filled with national security information of incalculable value" (Webster, 2002, p. 1).
First and foremost, this represents a security failure at the basic level of physical security. Although some of the information Hanssen sold was acquired through his skill with computers, a major reason he was able to go undetected for so long was because he could simply "walk into Bureau units in which he had worked some time before, log on to stand-alone data systems, and retrieve, for example, the identities of foreign agents whom U.S. intelligence services had compromised, information vital to American interests and even more immediately vital to those whose identities Hanssen betrayed" (Webster, 2002, p. 1). Considering "who needs to be able to physically access each machine, and structur[ing] your site layout in order to allow the minimum necessary access" is one of the most basic steps that can be taken to help ensure the security of sensitive information, but according to the Webster Commission report, "Bureau personnel routinely upload classified information into widely accessed databases, a form of electronic open storage that allows essentially unregulated downloading and printing" (Beale, 2007, p. 22, & Webster, 2002, p. 4).
Hanssen also exploited the FBI's lack of any kind of behavior analysis and anomaly detection program, because as the Webster Report notes, "an information-system auditing program," -- which works by detecting behavioral anomalies "as current host activity is gauged and compared to a statistical baseline, or threshold, of known activity for that host" -- "would surely have flagged Hanssen's frequent use of FBI computer systems to determine whether he was the subject of a counterintelligence investigation" (Webster, 2002, p. 4, & Trost, 2010, "Network Flows and Anomaly Detection"). Because he actually developed many of the information systems used by the Bureau, Hanssen was ideally placed to exploit any potential weaknesses or shortcomings in those systems.
2. Considering the serious consequences of security breaches at the highest levels of our government, as evidenced in the example of Robert Hanssen and others, what organizational, management, lie not only with Hanssen and specific vulnerabilities he exploited, but also the organization, management, technology, and procedures that contribute to this culture of "insecurity" wherein warning signs and useful hints can be ignored for so long.
The Webster Commission's report locates the source of this pervasive insecurity in the inherent tension between the FBI's law-enforcement and intelligence operations, because intelligence and law enforcement sometimes demand entirely different goals, standards, and procedures, especially when it comes to the sharing of information. For example, the report notes that "until the terrorist attacks in September 2001, the FBI focused on detecting and prosecuting traditional crime, and FBI culture emphasized the priorities and morale of criminal components within the Bureau" (Webster, 2002, p. 1). Problems arose because "this culture was based on cooperation and the free flow of information inside the Bureau, a work ethic wholly at odds with the compartmentation characteristic of intelligence investigations involving highly sensitive, classified information" (Webster, 2002, p. 1-2). As a result, "operational imperatives will normally and without reflection trump security needs," such that, for example, "senior Bureau management recently removed certain security based access restrictions from the FBI's automated system of records, the principal computer system Hanssen exploited, because the restrictions had hindered the investigation of the terrorist attacks" Webster, 2002, p. 2).
In a way, then, the FBI's security problems revealed as a result of the Hanssen investigation were indicative of the issues more or less facing the entire Intelligence Community prior to the attacks of September 11, 2001, because they represent an imbalance between the necessary and sometimes exclusive goals of sharing important intelligence while keeping strict control over the flow of that intelligence. When the latter goal takes precedence over the former, crucial information may not be shared between offices and agencies, leading to unnecessary and costly gaps in intelligence (as in the run-up to 9/11). Or, as in the FBI's case, the goal of information flow may be prioritized in the name of law enforcement efficiency, precipitating decisions that may help operational efficiency but ultimately undermine security; for example, Bureau management's decision to remove certain access restrictions to the FBI's automated system of records unintentionally granted "general access within the Bureau to information obtained through warrants under the Foreign Intelligence Surveillance Act  the use of [which] in criminal investigations is tightly restricted by Constitutional considerations and Department of Justice guidelines" (Webster, 2002, p. 2). Thus, when attempting to consider the organizational, management, technological, and procedural approaches one might take towards preventing the future recurrence of such breaches, one must bear in mind that these breaches are ultimately the result of a conflict between necessary but occasionally oppositional duties, and that as such the solution to these breaches must focus specifically on minimizing this tension.
The first substantial action that could be taken to help ensure future breaches do not occur is a reorganization of the FBI's security and intelligence functions. The Webster Commission compared the FBI's organization of its security functions with the rest of the Intelligence Community and found that, "in sharp contrast to other agencies," the FBI's security and intelligence functions "are fragmented, with security responsibilities spread across eight Headquarters divisions and fifty-six field offices" (Webster, 2002, p. 4). This fragmentation of security functions dramatically increases the likelihood of a breach because it means that the overall security apparatus is that much more porous, with adequate, lacking, or inconsistent oversight depending on particular Headquarters or field office.
To combat this phenomenon, the Webster Commission recommended that the Bureau establish an Office of Security tasked with, among other things, consolidating security functions under a senior executive" in order to "prompt management to focus on security, resolve conflicts between operational and security objectives, and foster Headquarters and field coordination" (Webster, 2002, p. 4). The FBI did not establish an Office of Security, which would have meant a high level office reporting directly to the…
Breach of Common Law and Statutory Duties Under the Corporations Act 2001 On 17 February 2012 Builders Hardware Ltd., made public a new share issue proposal. The Company also made it clear that this would only apply to those who registered their shares before 31 December 2003. This was done in a bid to lock out the Victoria-based Powertools Ltd. from acquiring Builders H. Ltd. The takeover issue resulted in the
D.). The doctrine of good faith and fair dealing is like the idea of fairness, is simple to expressive but hard to relate with accuracy. Most lawyers know the policy in the circumstance of personal property sales for the reason that the Uniform Commercial Code is clear on that issue. The principle is frequently murky though in regards to other matters. The principle is additionally clouded when courts and critics merge
There are many examples of God's love, but much violence as well. The Bible is full of stories of warring peoples, fighting to the death for their beliefs. Persecution of the Jews, seen on a massive scale as late as the 20th century's Holocaust, was fueled by the New Testament, as Jews were blamed for the crucifixion death of Jesus Christ. Even after World War II, Jews in the
IPad Security Breach and Corporate Ethics In the course of this short essay, the author will demonstrate hacking into a Web site is almost never justifiable unless the hackers are acting with a warrant and under the direction of law enforcement agencies. We will see this applied to a real world case, in which Goatse Security and Gawker Media hacked into iPAD email records stored on an AT&T server in June
Theism or Atheism? When humans consider the existence of God, they tend to look outward for evidence and inward for understanding. Humans must process both types of information through a filter that is based on an unwarranted confidence in human reasoning. Or, failing that, humans must fall back to rely on faith. The nature of faith may perhaps be characterized by an absence of definitive criteria other than the absolutes that
7). This point brings up one of the larger issues suggested by the opinion (which will be discussed in greater detail later), namely, the fact that the conflict between the law's position on jurisdiction and this kind of estoppel is "yet another case where the government has 'taken entirely irreconcilable positions regarding the jurisdiction of the federal courts," leading to increased litigation and cost (Lettow, 2012, p. 7). Thus,