Iran said Wednesday it would not accept longstanding allegations that its nuclear programme once had a military dimension without seeing the secret documents on which the charges are based.First and foremost, Iran knows this isn't going to happen. That information is almost certainly classified, and part of the reason for classifying information isn't so much to protect the information itself, but to protect methods and sources. There's no doubt that Iran wants to work at figuring out those methods and sources, so that it can mitigate those information leaks in one manner or another in order to prevent future leaks of sensitive information about its nuclear program. This statement from Iran probably relates to an item from last week that I discussed on Facebook with on of my coursemates from Aberdeen, CN Slapshot. As he's well read on some of the specifics, I shall now quote him without asking permission first:
EBWs are part of what is known as 'Project 110', which intelligence sources given to the IAEA, explain as an attempt to synchronize detonations on a spherical or hemispherical device to within 130 nano seconds. While EBWs have civilian applications, such a narrow synchronization timeframe does not. Further, the Iranians might have to explain 'Project 111'- an attempt to design a warhead for the Shabab 3 MRBM that could detonate at 600m above the ground, which is a height that is completely ineffective for the deliverance of traditional ordinance. Nuclear weapons are usually airbursted- the first weapon ever used in a war was detonated at a height of 580m. Lastly, they should explain the attempted development of neutron detonators that are designed to compress uranium deuteride to produce neutrons for detonation. Such a device has no civilian application.Iran has both financial and strategic stakes in ensuring that the current round of seemingly promising negotiations over its nuclear program don't fail; the international community has a mainly strategic stake in the same, but it also has a strategic stake in not upsetting the balance of power in the Gulf, and in not upsetting the global balance of nuclear power. Revelations such as the one in question, and several others since the deal was heralded a couple of months ago, would call an eventual comprehensive deal into question. The Iranian government wants tight control over the information about its nuclear program, just as the international community wants to protect the methods and sources it employs to collect its own information.
For what it's worth, experts are divided on the likely outcome of a notional Iranian nuclear weapons test. About a year ago, I read a report from CNAS entitled Atomic Kingdom, in which the authors argued that the Saudi government was likely to pursue nuclear security guarantees in lieu of its own nuclear program. I read the report, and thought that their data made precisely the opposite case, so I wasn't surprised when the BBC published an article corroborating my appraisal later in 2013. In January, noted American nuclear scientist Siegfried S. Hecker and former Secretary of Defense William Perry co-authored an article entitled Iran's Path to Nuclear Peace; it's worth reading, though it assumes (contrary to much of the evidence, and probably for the sake of diplomacy) that Iran's nuclear program is actually for peaceful purposes. (The article also claims that Iran doesn't have enough indigenous uranium to sustain a nuclear energy program, though I know that the IAEA recently visited an Iranian uranium mine, so I'm not sure whether that's a disconnect or if Iran's mines just don't have much uranium.) Two other recent posturing incidents on Iran's part are its claim that it's going to sail an (apparently quite modest fleet near American territorial waters, and an apparent successful missile test from earlier this week.
I want to get back to the topic of classified and/or sensitive information, because looking at the critical information elements of this dispute (from both the Iranian and non-Iranian perspectives) can provide some valuable lessons for companies and individuals.
I can't remember the source off the top of my head, but either a fictional drama about espionage, or else a source from last year's Strategic Intelligence course, talks about methods and motivators to get people to hand over sensitive information. Motivations for an agent can range wildly; a source could be convinced that his country gives him no grounds to be patriotic, or that providing the information is actually an expression of his own patriotism. Others are persuaded by blackmail - for example, the KGB and GRU Were well known for sending prostitutes to consort with various intelligence targets in bugged hotel rooms in order to discredit them, or else to blackmail them for information. (I've heard rumors that certain Middle Eastern regimes have done the same sort of thing.) Another motivator is money, which is why vetting for security clearances often includes both credit checks to ensure that potential employees aren't under pressure from large debts; and lifestyle appraisals to ensure that those same potential employees won't get themselves into a situation in which the promise of money would entice them. As I noted in my Strategic Intelligence term paper:
One example of this is the Robert Hanssen case, in which an FBI counterintelligence officer was convicted of having accepted payment of $1.4 million in cash and diamonds over the course of twenty-two years - an average of only about $64,000 per year[1], substantially less than the annual operating cost of most SIGINT assets and considerably less than the cost of a single GEOINT asset. Similarly illustrative is the case of Ronald William Pelton, who betrayed Operation Ivy Bells - the U.S. Navy's operation to tap unencrypted Soviet communications cables in the Sea of Okhotsk - for a mere $40,000.[2] [1] Wise, David; Spy: The Inside Story of How the FBI's Robert Hanssen Betrayed America; Random House; New York City, New York; 2003 [2] Drew, Christopher and Sontag, Sherry and Annette Lawrence Drew; Blind Man's Bluff: The Untold Story of American Submarine Espionage; PublicAffairs; New York City, New York; 1998When one considers how delicate and labor-intensive vetting, information security measures, and asset recruiting efforts are, it's easy to see why so many national security folks are upset with people like Bradley Manning, Julian Assange, and Edward Snowden.
The same concepts can be distilled down to the corporate level. One way I've heard this explained is through the invocation of the "New York Times Rule" and its "Karachi Corollary": if you don't want your boss to see something on the front page of the New York Times, or for a terrorist to be able to find it while sitting at an Internet cafe in Karachi, Pakistan, then you need to protect your information accordingly. I'm obviously not talking about corporations hiding their efforts to construct an illicit nuclear program. Instead, I'm talking about corporations, or any organization or individual, taking appropriate measures to protect their own critical information. I've talked about the Five Step OPSEC Process before, but it's never a bad time to review it:
1) Identify critical information
2) Threat analysis
3) Vulnerability analysis
4) Risk assessment
5) Implement OPSEC Measures
While I wouldn't recommend that individuals or companies develop illicit nuclear weapons, I would recommend that they learn from the ongoing dispute with Iran, and protect their sensitive information accordingly.
No comments:
Post a Comment