You've undoubtedly heard about the two hard disks containing instructions for defusing nuclear weapons that disappeared from the Los Alamos National Laboratory in New Mexico on May 7. The disks, which weren't reported missing until May 31, finally reappeared on June 16—behind a copier, a curious place to leave a hard disk (and even more curious considering that security personnel had already searched that area). Security officers don’t yet know where the disks have been or whether their data is corrupted or compromised. In other news, someone stole a laptop from an MI5 (the British equivalent of the FBI) officer who was buying a train ticket in Paddington Station in early March. In February, a laptop possibly containing classified data disappeared from a secure State Department conference room.
I don't want to make too much of all this, but something isn’t working, and it sounds to me like it’s the data delivery system. It’s easier to talk off with a client machine than with a server, which you can locate behind locked and guarded doors. The recovered Los Alamos hard disks are removable so that information doesn't reside on a vulnerable network. Instead, users can take the disks out of the client laptops and lock them in a safe at night—a good idea, but one that depends on a human for execution. I’m not a fan of thin-client computing in every case. However, if you lose classified data not because someone gains access to a network but because it resides on easily removed client computers, it begs a question: Why not use server-based computing to make the data available but keep it off client computers?
In the United States at least, national security agencies are the Roach Motels of electronic media: tapes, CD-R discs, and floppy disks check in, but they don’t check out. The only time that employees are supposed to leave the building with classified data is if they’re specifically authorized for courier duty. The next logical step is to prevent data from leaving the building at all. Consider the laptop that disappeared from the conference room; it certainly wasn’t supposed to leave the building. Had the sensitive data been on a terminal server and just viewed from the laptop, only someone with access to the network and with authorization to log on to the terminal server could access the data. Interestingly, some US intelligence agencies (e.g., the National Ground Intelligence Center in Virginia) use MetaFrame to deliver Windows applications to analysts’ UNIX workstations—but only because they’re short on funding and can’t yet make the move to a full Windows NT environment, as some other agencies have. They already use server-based computing for interoperability purposes, so why not use that same technology to enhance security by delivering data to conference-room laptops?
Federal governments and agencies aren't the only entities that deal with classified information. Private companies do too; they’re just better able to keep stories about lost data out of the news. If organizations don’t have any other use for server-based computing, they should consider it for security purposes.