Sensitive government data could be another casualty of Afghan pullout

Source: This article was first published on https://www.washingtonpost.com/politics/2021/08/17/cybersecurity-202-sensitive-government-data-could-be-another-casualty-afghan-pullout/

Among the many long-term costs of the rapid fall of the Afghan government and the swift withdrawal of U.S. diplomatic and military personnel, count this one: Troves of sensitive U.S. government data are surely being left behind in the nation now under Taliban control.

The vast majority of classified information that lived on U.S. embassy computers was almost certainly flown out of Afghanistan or destroyed. A lot of government’s highly sensitive data is also housed in computer clouds rather than on hard drives and protected with multiple security controls.

But reams of unclassified but sensitive material will probably remain in the country, both in digital forms and on paper.

In many cases, that’s because it was shared with the Afghan government, non-governmental organizations and other partners in the country. At least some information was also probably overlooked on old laptops, phones and removable media during the faster-than expected exit.

“There are protocols for doing this. … But whenever you have to rush things, you’re going to forget stuff,” Mark Rasch, an attorney who developed cyber forensics capabilities for the Justice Department and prosecuted cybercriminals, told me.

The potential loss of sensitive data is an additional pain point for the withdrawal, which was replete with many of them – most notably the ongoing struggle to evacuate diplomats, U.S. citizens and Afghan allies after the Taliban took over most of Kabul.

Also Read:  What is Pegasus? A cybersecurity expert explains how the spyware invades phones and what it does, when it gets in

Some of the comparatively innocuous data left in Afghanistan can probably be woven together with other such data to reveal information that’s truly damaging to U.S. security – a process intelligence officials refer to as the mosaic effect.

And it will surely be sought by U.S. adversaries outside Afghanistan, such as Russia and China, that are willing to pay for whatever data the Taliban can provide.

“Part of any deliberation on what to provide to other countries we do security cooperation with is the potential threat of what would happen if this information leaked or got into the wrong hands,” Jason Campbell, a Rand policy researcher, told me. “That’s always part of the equation, but you rarely see it happening at such a scale as we are in Afghanistan.”

The Pentagon declined to comment about emergency procedures. The State Department did not respond to a request for comment.

President Biden outlined the final military objectives in Afghanistan during remarks on Aug. 16.

A key challenge is the sheer breadth of the U.S. footprint after nearly two decades in Afghanistan.

The 2014 Marine Corps pullout from Camp Leatherneck in Afghanistan’s Helmand province offers a glimpse of the scope. In that case, more than 7,500 computers were destroyed or removed, The Washington Post reported at the time.

Also Read:  US Cyber Command Warns of Ongoing ‘Mass Exploitation’ of Critical Confluence Vuln

The memo directing embassy staff to destroy sensitive material came Friday, CNN reported, though the process may have begun earlier. It applied to sensitive information about U.S. programs and items that ”could be misused in propaganda efforts.”

Embassies have elaborate procedures in place for evacuating personnel and destroying sensitive documents and digital files that they regularly update based on the risk and complexity of such operations, a person with extensive experience in diplomatic security told me.

But such procedures can’t account for every piece of digital hardware left in Afghanistan after such a lengthy presence or for information shared with allies and local partners.

Indeed, the Taliban appears to have already seized large amounts of military hardware used by Afghan forces.

“Whenever you have a presence somewhere for that long, access to sensitive information is always a concern,” said the person who requested anonymity to describe security issues.