Incident response: Don't lie

The long view of security strategies for your network.

A couple of recent news stories got me thinking about the confluence of practicality and morality that should inform effective computer incident response.

The first case may seem silly: Richard Marson, the editor of a popular child’s show called “Blue Peter” on the British Broadcasting television network was suspended in September 2007 “after it emerged that the wrong name had been chosen for the new Blue Peter cat in an online poll.” Apparently the children wanted “Cookie,” but upper management allegedly ordered the staff to chose “Socks” - and Marson is taking the consequences.

The second news report is much more serious and will touch many readers deeply. In brief, there is overwhelming evidence that U.S. Army doctors have been deliberately lying about the medical condition of veterans returning from the U.S. invasion of Iraq. In many documented cases, the doctors have unjustifiably labeled wounded veterans as suffering from pre-existing personality disorders.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

A couple of recent news stories got me thinking about the confluence of practicality and morality that should inform effective computer incident response.

The first case may seem silly: Richard Marson, the editor of a popular child’s show called “Blue Peter” on the British Broadcasting television network was suspended in September 2007 “after it emerged that the wrong name had been chosen for the new Blue Peter cat in an online poll.” Apparently the children wanted “Cookie,” but upper management allegedly ordered the staff to chose “Socks” - and Marson is taking the consequences.

The second news report is much more serious and will touch many readers deeply. In brief, there is overwhelming evidence that U.S. Army doctors have been deliberately lying about the medical condition of veterans returning from the U.S. invasion of Iraq. In many documented cases, the doctors have unjustifiably labeled wounded veterans as suffering from pre-existing personality disorders.

The wounded veterans are therefore denied their well-deserved medical benefits because they are discharged under Regulation 635-200, Chapter 5-13. The benefits withheld are estimated in the tens of billions of dollars and many of the veterans and their families are suffering severe financial woes.

Worse, new investigations reveal that assurances of independent review of the situation made by Maj. Gen. Gale Pollock, acting surgeon general of the Army, are outright lies. Pollock claimed that she had ordered a “comprehensive review… conducted by a panel of health experts” but a single reviewer, Col. Steven Knorr, was the only author of the first report. Knorr was in fact one of the psychiatrists allegedly mislabeling many of the wounded veterans as suffering from the pre-existing personality disorders being contested.

As a result of the scandal, Rep. Bob Filner (D-Calif.), chair of the House Committee on Veterans’ Affairs, scheduled public hearings on the matter in July. The investigations continue.

In both of these cases, the dishonesty of managers has resulted in embarrassment and additional expenses for their organizations. Employees have been scrambling to gather information more quickly than they would have under normal circumstances; public relations staff are undoubtedly working overtime - and perhaps making yet more mistakes because of the pressures to recover credibility. Supervisory bodies have been dragged into investigations. I’m sure that morale among employees is damaged.

Ironically, both organizations are governmental or quasi-governmental: They’re supposed to be working for their people – so what are managers doing lying to the public?

Dishonesty is demoralizing to everyone - managers and employees alike; lying destroys the web of trust that encourages honesty and forthrightness in all aspects of our work. Dishonesty breeds more dishonesty; I would expect an increase in petty theft, inaccurate and misleading reports designed to please upper management, and absenteeism. In addition, lying opens the organization to blackmail.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.