The situation where state secrets are betrayed by an insider is so familiar. It is discouraging that all the lessons of the past have been thrown out the window. Long ago, access to sensitive information required a “right to know” *and* a “need-to-know”. Now, just a security clearance and a terminal affords you full access to whatever.
Limiting contractors is also a prototypical response. But, Aldridge Ames and Robert Hanssen were government employees and set new records for publicly acknowledged damage to the US.
Any of you who remember my talk from mill-oss workshop last fall know I’m pushing a “need-to-know” based cybersecurity system implemented open-source. I might as well be Sisyphus pushing that damn rock! Government is just doubling down on the “more policy memoranda” coupled with “punish the contractors” spitefulness.
Sigh.......
Paul Baker