Unique security problem - data security under fire

[MidnightWarrior]

Hey and thanks for your reply.

Edit: I was in a hurry so this is a revised version of the post I wrote earlier.


The database would be used to coordinate the bureaucracy and logistics of the separate units spread across the country. Entities that would be interested in gauging the manpower, training, morale and other aspects of such an organization would with no doubt wish to obtain this information so a more accurate threat assessment can be made, preferably in a covert manner. However even as such, the leaking of such information would not be immediately harmful - or without strict auditing - probably not even noticed.

The situation changes when, this being a hypothetical scenario, a hostile party would engage in armed conflict within the territorial borders of this country. At this point such information compromises the identities of all members. Not only that, it would also reveal the command structure of local units, not to mention a good idea of the capabilities and training of each, giving more than enough information a malicious element would need to dispatch those persons. It can be expected that such individuals would be considered priority targets along with reservists, former officers and others whose skills, experience or motivation could be used in a variety of ways to foil the realization of the hostile element's objectives or reduce their effectiveness.


The reason a central database was suggested in the first place is that all units have some sort of similar system already in place. A lot of sensitive information is stored on easily accessible places with little real security to speak of. In addition there are no specific guidelines on internet security, neither mandatory nor even suggested - in many cases obtaining this kind of information is all to easy, as security experts (and I never claimed I'm one) aren't that common. Even in places where some rudimentary security is in place, it can still be easily defeated by forcing the person to divulge the information by known means.

Hence the idea of a central database that would replace all those separate and vulnerable ad-hoc improvised solutions and consolidate them into one system that focuses on data security and providing anonymity to a degree not possible to achieve for smaller organizational segments, due to lacking funds, expertise or even little awareness of the true seriousness of how dangerous a threat like that is.

Even if "classic" steps are taken to provide some degree of anonymity, such as obscuring the faces and name-tags in pictures meant specifically for public release, few people realize how easily accessible data stored online is. Nontheless, it is the most convenient form of communication and seeing as how, gaping security hole aside, is used by virtually all branches of the organization already, it would be a hard sacrifice to make - throwing the baby out with the water, if you will. That's why a system designed to address the particular needs of such an organization would be preferable, as it would provide an incomparably higher level of security and still provide the functionality and convenience of existing online systems

Which brings its creation even more into question does it not?

Not really. The system is specifically designed for easing and streamlining organizational issues during times of peace. The event that would create the necessity of purging such a system would be the same event that would result in the activation of specific protocols, a change of standing orders and evaluating and adapting to the situation in the manner deemed the most appropriate. If this were to happen, the online database system would not only lose all usefulness, but also become a dangerous liability.

and you would need the assistance of the ISPs.

Again, should the hostile party be denied that kind of information, it may well use force to obtain it, if it considers that particular individual worth the effort of tracking him down.

At any rate, you will have been infiltrated long before then......trust me

Access control to the online system is one issue, infiltration by hostile collaborators is another. The first can be monitored to some extent using security auditing and minimizing privileges. The second is an issue I probably would be the last person qualified to address.

Returning to the topic at hand - the security of this central server:

For those too lazy to read, here are the key points:

1) The data must not under any circumstance become plainly visible in unencrypted form to a hostile party. Data destruction is a perfectly acceptable outcome.

2) Any person who may know the password will be forced to reveal it in a short time-span

3) The data has to be kept safe against both covert attempts to retrieve it, which means keeping it safe from hackers and burglars, as well as overt intrusions.

4) There exists a possibility that the data will have to be permanently made unrecoverable even in the event of power and GSM failure.

I realize this is a difficult problem and not a very common one. But "mission impossible" is not the kind of answer I was looking for. The database won't contain anything as important as launch codes and fission bomb schematics - it's sufficient to make the retrieval of this data too impractical and costly for it's value, not necessarily impossible.