Security leaks like this can reach anyone. First, understand that this blog is not political; we do not have a dog in this fight or any other political battle going on. But when a breach of this serious proportion is reported we have to talk about it. Geert Wilders is the leader of a populist political party in the Dutch elections.
The Dutch media reported this incident recently from Dutch newspaper Algemeen Dagblad. Evidently, one of the high-ranking Moroccan-Dutch officers has been exposed as a mole, and he leaked information about Geert Wilders to the Moroccan organized crime syndicate for what we do not know. But I am sure you can speculate it would not be good.
What’s The Significance?
So why do you think we might care about a person running for election in a foreign country. When this type of security breach happens we should take notice. Because we are always learning from examples of security breaches in order to protect ourselves. One of the things we have talked about repeatedly in the concept of overlapping security techniques. And this example bears this out. No single security structure or technique or person is ever going to be good enough. We must at all times follow the concept of overlapping security. Never buy all your security products from one vendor no matter how good they may seem or how good your relationship is with them.
Do not always get your security advice from the same people every time. Vary this also with differing opinions. Remember our previous post on Stanley McChrystal and the Red Team. This example applies here. Always be looking for alternate ways to do things and to change your security routine. Just like when a political leader or the president drives from one place to the next they will take different routes in the possibility that someone could attack his car when traveling the same predictable route.
I have quoted him before but it bears paraphrasing again, “the price of security is constant vigilance.” Cyber security is a problem that is not going away. It is with us indefinitely, so we need to get used to being on our toes if we are in the public sphere. This essentially means every company out there.
I used to work for a large defense contractor and I had a secret security clearance for years. Back then background checks were performed by the FBI and they literally went back to where you lived as a kid and asked people about you. That is how thorough they were. They cost the defense contractor a lot of money, and they took about 6 months to get.
So when I finally got this secret security clearance I was a young engineer there and I felt a little pride in having this clearance. It was like a small bit of status for a 23-year-old. Then a few weeks later I was asked to visit a certain department to discuss some IT issue, and when I went to the department for the meeting they would not let me into the room.
Their area was locked and they told me to meet them in a conference room down the hall. I said its ok I have a secret clearance. They chuckled and looked at me and said: “not in here you don’t.” And that was the end of that. These guys had good vigilance they knew that even though I was an employee in good standing for the same company, and that I had a secret clearance. They had rules that did not allow outsiders into their department.
It is the same with Geert Wilders security detail and your cyber security posture. Mr. Wilders needed to be checking on everyone all of the time randomly. Your cyber security posture needs to be checking on itself randomly all of the time. Everyone should be watching everyone, unfortunately, that is the way it has to be.