Military Hard Disk Encryption: Ireland’s Reserve Defence Forces Data Breach.

According to herald.ie, a senior officer with the Reserve Defence Forces (RDF) of Ireland had his laptop stolen, triggering a data breach.  It is quite clear that the laptop in question was not protected with disk encryption like AlertBoot, which would have (potentially) stopped the need for victimized reserve officers to “frantically check with their banks and local revenue offices after being told of the theft.”


Not Authorized to Have Personal Details



Herald.ie, notes that, while 70 reserve members with the 65 battalion were affected, “previous members may also have had their personal details seized” by thieves, possibly increasing the number of affected people to hundreds of members.  The laptop was stolen last week from the Dublin home of a senior officer.  Other items besides the portable computer were stolen at the time of the robbery.


A spokesperson for the military said the laptop “‘allegedly’ contained personal details such [as] names, ranks, military service numbers, gender and dates of birth.”


Allegedly.  What an odd yet accurate choice of words.  Based on the story (found here), it can be surmised that the stolen laptop was issued by the military: (a) herald.ie notes that “a military laptop…has been stolen” and (b) “military intelligence officers were today trying to establish whether the laptop contained financial details such as bank account numbers.”


(If the stolen laptop had been a personal device that happened to be owned by a military officer, you wouldn’t have the military trying to establish whether financial details were in the laptop — the only way to figure out the presence of such data is to do an analysis of backed up data which most people do not engage in).


Anyhow, one might wonder “what was the officer doing with unauthorized data?”  This is the wrong question to ask.  I mean, it’s an important question, no doubt, and the military is looking into it, but the real question is: why was a military laptop issued to an officer without adequate protection?  Where was the encryption software that would have secured the data?  Was encryption not used because the officer in question wasn’t authorized to have sensitive data on his laptop?


Balderdash.  This is why critics go around cheekily stating that military intelligence is an oxymoron.  Everyone that works in IT knows that, when it comes to data, what you should have in your computer and what you do have in your computer are two different things.  Otherwise, people wouldn’t get written up for violating computer usage policies; USB memory sticks wouldn’t be used in the workplace, and be the trigger for data breaches every month (or more often); nine-tenths of the current data security and loss prevention solutions would not exist because they wouldn’t be necessary.


In my opinion, it’s not just the disgraced officer that failed in this case.  The military failed by not providing the officer with an encrypted machine.



Related Articles and Sites:
http://www.herald.ie/news/military-names-on-stolen-laptop-3059629.html
http://www.databreaches.net/?p=23700



Comments (0)


Let us know what you think