|By William Sturgeon|
This article was originally published on Corrections.com on December 12, 2010.
Did You Hear the Wakeup Call
Over the past week hackers brought down numerous web sites to include MasterCard. The reason for these attacks was the arrest of Julian Assange in England, he is the purported head person of WikiLeaks, a web site that has leaked millions of pages of military and United States State Department secrets. He was not arrested for leaking classified information, but for rape charges lodged against him in Sweden.
In support of Mr. Assange, “an anonymous group of ‘hacktivists’, which is behind what it calls “Operation Payback”, claimed on Twitter that it was responsible for disrupting the credit card group’s (MasterCard’s) website.” 
Of course, I immediately thought of how secure are the United Kingdom’s web sites, especially those associated with Her Majesty’s Prison Service. If this group of “hacktivists” can disrupt, shutdown, and/or interrupt a sophisticated web site like MasterCard, one must be concerned about their governmental web site. I have some familiarity with HMPS and it is a very professional group of people. Yet with all of the new technology being developed and/or adapted, it is difficult for governmental agencies worldwide to keep up with the ever-evolving trends.
After considering the United Kingdom’s cyber security, my thoughts wandered to the United States and the number of prisons and jails systems, both public and private, that are here in the United States. How prepared are these numerous and diverse correctional systems for an all out cyber attack? Additionally, I pondered the following:
I learned throughout my career that very often policies, procedures, or protocols are violated and/or ignored, adapted or disregarded by personnel, who are not authorized to do so, to increase efficiency or to make the work environment more comfortable. I am mentioning this because during my time, policies and procedures dealing with adding any equipment to the emergency generator (s) were ignored. I would be willing to bet that there are computers (agency and private) with classified information on them. Additionally I would bet that there are CD’s with classified information on them floating around. In addition, there are probably computers attached to the network without the proper security programs.
I am not criticizing correctional agencies; for all of us this is a new world. With all of the physical security issues correctional administrators have to address, they now have to insure that their agencies’ cyber communications are secure from cyber attack. Here is was I do know about cyber security: we are all still learning.
By arresting Julian Assange, the correctional career field is now open to cyber attacks to all of its web-based systems by the hacker community/”hacktivists”.
The internal security of information that is stored and maintained electronically is another area that I believe must be reviewed. Some of our nation’s most secure secrets were laid open to the world because of the actions of a Private First Class who had been subjected to detailed and comprehensive background investigations before being granted a security clearance. These background investigations far surpass the background investigations that most correctional personnel are subjected to when they are hired.
Some steps that I would take if I were a working for an agency today:
Finally, I would recommend that correctional administrators have their systems and policies and procedures reviewed by a cyber security professional. I am recommending that this cyber security professional be someone from outside of state government. My rationale for this recommendation is that private firms are more up to date with the current trends in cyber attacks, in my opinion. I would also recommend that as part of this vulnerability test, the firm attempts to hack the files. The most important thing is that you start today to secure all of your cyber systems and the information they contained.
 Financial Times, December 9, 2010
Visit the Bill Sturgeon page
Other articles by Sturgeon:
IN CASE YOU MISSED IT