ARL Logo
Risky Thinking
On Risk Management, Business Continuity, and Security
24 June, 2017
Do your staff know what to do in an emergency?
With Plan424 they will.

How Not To Update Secret Lists

Please keep this email really secret and don't tell anybody about it.


The press has made much of Wikleaks publishing a cable containing names of installations around the world which the US State Department considers critical to national security. Naturally the news organizations, apart from explaining how terrible this was and how useful it would be to terrorists, also included excerpts from the list just to show how bad it was that terrorists could find out all this stuff without doing the obligatory five minutes research on Google.

It made me wonder: why would the US State Department be sending such a list of supposedly sensitive information to its embassies around the world?

So rather than read the media gossip, I read the cable. It’s remarkably boring. But if the list is as sensitive as has been claimed, it also demonstrates some questionable judgement on the part of the State Department.

If you had a list of your friends, and wanted to make sure each of their addresses was up to date, would you email the entire list to all your friends and ask them to update their entry? No you wouldn’t. You would be worrying about friend A seeing the information about friend B.

But this is precisely what the US State Department did. It mailed the 2008 list of critical infrastructure outside the USA to all of its embassies and asked each embassy to update the parts it knew about, thus ensuring the list had the greatest possible chance of being accidentally disclosed.

Of course, if the list itself wasn’t that sensitive, this was the sensible way to get it updated quickly and efficiently. If it was that sensitive, then each embassy should only have been sent that part of the list that it knew about, and no more.

So did the US State Department really screw up? Are we really suddenly at risk from terrorists unable to use Google? Or is this just another case of the media (and various governments) blowing everything out of proportion for their own ends?


Some very interesting commentary on Wikileaks can be found at former British ambassador Craig Murray’s blog. And if you are trying to understand the Swedish extradition request for Julian Assange, you should probably read this blog too.

Michael Z. Bell
December, 2010

Want to know when new articles are available? Subscribe to the Risky Thinking Newsletter and keep up to date. It's free for people working in business continuity, disaster recovery, or risk management.

[ Back To Top ]


Note. Where trademarks are mentioned, they belong to their respective owners.

© Albion Research Ltd. 2017