The WikiLeaks debacle demonstrates that governments aren’t yet ready to deal with the security challenges of a Web 2.0 world. At the outset of the disclosures, Washington was unable to come up with the right package of measures to stanch the flow. The government stuttered and stumbled for months as wave after wave of leaked document hit the Internet. It must be viewed as a cautionary tale showing why good governments must not be passive in dealing with online threats.
Unfortunately, WikiLeaks is not the worst of the problem. When secrets are dumped online, governments at least know where they are. Potentially more damaging are secrets that are stolen without the government learning of the theft until after the resultant carnage has occurred.
For twenty-two years, Robert Hanssen, an FBI agent in charge of ferreting holes in U.S. intelligence security, turned over classified information to the Soviet Union and later Russia. Unmasked in 2001, he pleaded guilty to thirteen counts of espionage. Social networking only increases the opportunities for communication between those who want to give away government information and those who want to get it.
Even before WikiLeaks, there were plenty of signs of bad days coming. In 2004, for example, Shannen Rossmiller, an independent researcher, stumbled across Ryan Anderson online. A Robert Hanssen-wannabe, Anderson was trolling the Internet for an al-Qaeda operative interested in information about his National Guard unit’s upcoming deployment to Iraq.
Posing as an al-Qaeda operative, Rossmiller tracked Anderson ’s IP address to Seattle, Washington. Deducing from their online exchanges that he was a member of the U.S. military, Rossmiller contacted the newly established Department of Homeland Security, which put her in touch with the FBI. The FBI began monitoring the correspondence with Anderson. In February 2004, they decided to act. Undercover agents met with Anderson in a Seattle parking lot, just days before he was to leave for Iraq with his unit. Anderson was arrested, prosecuted, and convicted of five counts of attempting to aid and provide intelligence to the enemy.
Web 2.0 ups the demands for governments to conduct this new type of “counterintelligence” and information security to ensure classified information is not being compromised or exploited. And, because no prevention system is foolproof, they also must be able to do after-the-fact damage control. They too must figure out how to sustain the virtues of social networking, the capacity of individuals to freely share and collaborate. Protecting critical information without stifling communication is the prime challenge for cybercompetitors.
James Jay Carafano is director of the Heritage Foundation’s Allison Center for Foreign Policy Studies.