When you’re the US military and you’ve got a $300 million clandestine project with a name like Sea Dragon, you pretty much don’t want anyone getting their hands on the top-secret briefcase. That’s basically what happened when the Chinese government made off with a trove of undersea military secrets. OK, so maybe it wasn’t exactly a briefcase — it was the computer networks of a Navy contractor.
Early this year, massive amounts of sensitive data flowed into the hands of the Chinese after they torpedoed the vulnerable network, including “secret plans to develop a supersonic anti-ship missle for use on U.S. submarines by 2020” Not good. Not good at all. As far as anyone can tell at this point, the vulnerability was due to basic security hygiene. Seems the critical data was being housed on the contractor’s unclassified network.
Yup, that simple and a reminder of how important it is to know exactly what and where your sensitive data is stored, both on site and in the hands of trusted third parties. Even in the corporate environment where you don’t have top secret military plans, the aggregation of a bunch of non-sensitive stuff can open the window to things you may not want others to know about like strategic marketing plans, intellectual property, or personnel information.