[Philo1962]

Not until they start taking security more seriously. I was assigned a couple of years ago at an agency that deals daily with extremely sensitive information. You can’t get into the building without a Top Secret/SCI clearance, have to swipe in and swipe out, and no cell phones or recordable media are allowed in the building. Problem was, the in/out checks of bags were cursory and nobody ever checked my pockets for a flash drive or other media storage device.

Let me tell you something about where I work. If only our intelligence agencies were this concerned about leaks.

I'm the patent agent/administrator for a major American manufacturer. I'm also responsible for data security in the legal department. We file an average of eight patent applications every business day around the world. We are the cutting edge of technology in our field.

I receive and send around 150 to 200 emails per day. If they contain invention details, they're encrypted. There are no exceptions. We're behind a firewall and we still use encryption. If you work for us and you get an email from me containing unpublished invention details, you won't be able to read it unless you apply for encryption capability. That's not my problem. That's your problem.

We have no floppy drives or CD-ROM burners. None. Zero. When a fax is sent, a copy is stored electronically.

If anyone in the legal department sticks a flash drive into a computer -- whether he or she is a secretary, legal assistant, attorney, senior VP or whatever -- a window pops up on my computer screen showing who it is and what files are being downloaded.

If anyone sends out an electronic document as an email attachment, the same window appears. I get a print-out at the end of the day (in case I was away from my desk when it happened) and a permanent electronic record is made. If one of our inventions turns up on somebody else's shelf, we'll be able to figure out who leaked the information within minutes.

The consequences of a massive theft of data would be no worse than the loss of a few hundred or a few thousand jobs to a rival manufacturer, and our investors would lose money. It would be bad, but at least nobody would be hurt physically. The consequences of a massive theft of data at the CIA or NSA would be lives lost, perhaps thousands of lives -- and I get the feeling that they're not as serious about electronic security as we are.

[jagusafr]

A sad state of affairs when private industry takes security more seriously than the US military. If I were really cynical, I could say that it’s not until vulnerability threatens their wallets that people get serious about protecting themselves - the idea that national security makes it possible for private industry to flourish seems lost on many who have never felt personally threatened by “what’s out there”.