Defense Department Is Now Using Wikis for Sensitive InformationNovember 19, 2009

 

The National Cyber Security Center (NCSC), a division of the Department of Homeland Security, will deploy a wiki to help federal agencies better collaborate on cybersecurity, according to an article in InformationWeek.

A wiki is a website that easily allows multiple users to add and edit content. The agencies collaborating on the wiki include the U.S. Computer Emergency Readiness Team, the FBI's National Cyber Investigative Joint Task Force and the Defense Department's Joint Task Force-Global Network Operations.

Andrea M. Matwyshyn, professor of legal studies and business ethics at Wharton, who closely studies corporate information security and risk management, said that having a single point of collaboration is a logical response to a dispersed organizational structure. It is critical that top management in each agency direct employees to participate to achieve the desired collaboration, she said.
The NCSC and other agencies will share information in real-time about potential threats, attacks and responses on the wiki, according to the article. The wiki also will be a repository for technical information and standards on how the agencies could respond. But the sensitive nature of this collaborative effort makes security an even greater imperative, and the agencies must decide who will manage the wiki.

"When dealing with sensitive information, the choice of whether to outsource management of the wiki or whether to run it in-house is an important decision,” said Matwyshyn. "If a wiki is intended as an internal collaboration tool expected to contain classified or highly sensitive information, such as data on prospective terrorist threats for NCSC – or, for a company, trade secrets – the careful selection of a wiki services provider is of paramount concern."

Insider attacks are a serious threat and people working at this provider will have access to all the information contained in the wiki.

"A highly credible wiki [with] sensitive information is a very attractive point of attack for someone seeking to disrupt the information flow of an organization," said Matwyshyn. An external provider should be "carefully vetted, monitored vigilantly, and aggressively, contractually restricted," she added.