So much of our nation’s cybersecurity focus is on controlling information — who can access it, use it, redistribute it, and talk about it. Experts talk about privacy and access controls, authentication and identity management. But what happens when cybersecurity efforts fail, systems are compromised and information is shared on the Internet with millions of others?
There is a growing phenomenon of post-cybersecurity efforts that focus not on technical or policy solutions, but on good old cause-and-effect human influence. Once information is leaked, companies and the government warn Internet users and potential viewers to stay away, or else.
The most significant example of this is in how the government has handled the WikiLeaks disclosures. Several agencies, including the Department of Defense, issued notices and memos warning employees and contractors of the hazards (to their employment) of taking a peak at WikiLeaks. On February 11th, the Defense Security Service sent a memo to “contractors cleared under the national industrial security program” warning that:
Unauthorized disclosures of classified documents (whether in print, on a blog, or on websites) does not alter the documents’ classified status or automatically result in declassification of the documents. To the contrary, classified information, whether or not already posted on public websites or disclosed to the media, remains classified and must be treated as such, until it is declassified by an appropriate original classification authority.