Security is “No Easy Day”
The recently published book containing the details of the raid on and killing of Osama bin Laden has caused a firestorm in military and security circles.
In “No Easy Day”, Mark Owen (a pseudonym, his real name is Matt Bissonnette) provides a first-hand account of the planning and execution of the operation to kill the world’s most wanted terrorist.
The ex-Navy Seal gives a blow-by-blow in what is described as a vivid, and sometimes gruesome documentary.
But this debate goes beyond disclosure of classified information, which is a crime.
These types of disclosures have very real parallels in information security, as well.
Some security experts argue that disclosure of security operations, particular during databreaches and other incidents, is critical to the successful handling and prevention of future incidents.
The concept is that the more that is published about how particular vulnerabilities were exploited, the better prepared other organizations can be to defend them.
Some claim that the disclosure of databreaches and their related vulnerabilities only invites copycats. After all, how many organizations will take action on advice, once given?
Still another argument suggests that disclosures weaken the defenders themselves, rather than the vulnerabilities. The more an attacker knows about our Tactics, Techniques and Procedures (TTPs), the better they can work around them.
Sharing information is critical, whether it’s done at the department, industry or nation level. The question then becomes, how can we share intelligence without compromising our own mission?
The concept of Operational Security (OPSEC) has existed for millennia. During times of war, mission plans are the most sought after of all artifacts.
During times of peace, they are surpassed only by the plans for war.
Many argue that Mark Owen has now put the lives of many Navy Seals in jeopardy. At a minimum it’s going to make their jobs a little harder for a while.
And if nothing else, it has brought visibility to the importance of Operational Security.
Irrespective of which side of the fence you sit, you need to know where the fence is. And you can be pretty damn sure that there’s somebody on the other side.
Now we know that they’ve got 23 other guys, dropped out of a stealth chopper and are carrying M4s.