A story in The Sunday Times that an agent of the Serious Organised Crime Agency had a memory stick containing details of all undercover agents being run in Columbia had parallels with the sub-plot in Mission Impossible concerning the ‘Non-official Cover (NOC)’ list. Unlike Ethan Hunt, our Agent T appears not to have ensured that the “list” would not get out in the open, as she left it on a transit bus in Bogata Airport.
The implication of the article was that an unencrypted memory stick was being carried rather casually by a new agent. Was there a rather sexist tone to all the details that the agent was female and the stick was left in a handbag?
A bit more disclosure online and in the papers today reveals that this may all have occurred in April 2006. The apparently relaxed reaction of SOCA (Agent T not, it appears, dismissed) seems to suggest that there is more to the story; at least we hope so.
However, this is yet again another timely reminder that there are two aspects to information security: organisational AND technical security. If the facts on this potential leak as reported are true, then was the agent really “a bit daft and scatterbrained”? What encryption techniques were used to safeguard the memory stick?
We only have to pray that this was not another data security screw-up.