Over a year
ago, an Israeli reserve officer discovered that the Israeli armys internal
Internet, Tzahal Net, had a flaw which enabled anyone using it to access top
secret documents. These included data on new weapons, and wartime plans for
units. Over sixty percent of the personnel in the army use Tzahal Net at least
once a day, and most of them are not cleared to access top secret documents.
The officer, a medical doctor, wrote to the army information security
department about his discovery. He was told that the army was aware of the
problem, and was working on a solution. The problem was that units were not
supposed to put top secret documents PCs connected to Tzahal Net. Those that did were first warned,
then, if they persisted, were cut off from Tzahal Net for a period of time.
When the officer returned for
another bit of active duty recently, he found that the problem still existed on
Tzahal Net. This time he reported the security breach to army headquarters, and
to an Israeli newspaper, which promptly published the information. Army
headquarters said they were not aware of last years complaint, but would get
right on to finding a solution. Captain Kahan was thanked for his efforts.
The problem has nothing to do
with hardware or software, but with user error. It's an all-too-common problem
for government and military officials to put secret documents on servers
connected to the Internet, or networks that allow people lacking sufficient
security clearances to see those documents. It's what is called a user problem.