Capabilities of interception has considerably improved
since many if not all of the public SCIF standards were
prepared.
Security standards, like absolutely safe crypto, are fairly
often perpetuated long after they have been breached, and
SCIFs that have been around for a while need to be carefully
tested to avoid the "default" assessment, as with that long
list of passwords Jim posted.
One among many consequences of the huge increase in
ex-officials setting up shop to exploit counter-terrorism
security opportunties worldwide is that their technological
prowess gets dated awfully fast -- not that most private
and commercial customers need natsec grade protection.
And, to be sure the official spies like that out of date
protection for the easy pickings.
Now and then there are reports that a commercial outfit
set up by ex-officials with a doozie of a security product
cannot get clearance to market it except to mil-intel customers,
and gnaw their legs to get out of the trap. Some illegalities
follow that bind, or maybe just flat out lying about what
the product does, omitting the cripple factor, or worse
the arranged backdoor for permission to export.
Backdoors in SCIFs: what might they be, and are there
any that do not have ways for the testers to pull a few
tricks on the complacent users, and those tricks trickling
into the commercial market when the enticemens cannot
be resisted.
There are SCIFs and Codeword SCIFs and above as with security
classifications, and what might constitute the most secure SCIF
these days, no doubt identified by a classified moniker, should
fetch a gold bar or two from the bullion depositories.
Put it another way, what would a red team do to a breach a
SCIF holding, say, for the purposes of the exercise, the SIOP
and not merely the Arlington/Langley contracts bloody-handshaked
for the GWOT?
Received on Sat Mar 02 2024 - 00:57:21 CST
This archive was generated by hypermail 2.3.0
: Sat Mar 02 2024 - 01:11:44 CST