Case Study 1: The Brazilian Federal Data Processing Service
The proposed business ethical problem that the Brazilian Federal Data Processing Service is presently experiencing.
This all comes from a leak from Edward Snowden who released files showing that the United States was collecting intelligence on Brazil’s business one such as Petrobras. This company generates a major source of revenue for the government, and the National Security Agency (NSA) was collecting data on their private network (Watts, 2013). If this were true, it would be going far and beyond the core mission for national security. This can go either way depending on what point-of-view you are looking at. Brazil would see this as an invasion of privacy and could take it as espionage from taking their data on economics or how their business is doing. While the U.S. sees it as general data collecting and was not engaging in espionage in a way and is a standard practice to look for financial matters or terrorist financing.
I suppose it could be an ethical issue since the NSA knew they were getting more than what they were supposed to be looking for but at the same time its not their fault either. I would say yes they did cross an ethical line by access their private networks even though it was routing through a U.S. line. Which the NSA would say has every right to check and gather data. This is where I think Brazil should also be blamed for having lacked security or as they said in future statements that they would no longer use the U.S. as a backbone for connection and could lay new fiber wire to Europe or other countries. This also points out their weakness with their cybersecurity, if one person can do it anyone else can and they may use that information in a negative act.
Assess the levels of security deficiencies inherent in the Brazilian Federal Data Processing Service original enterprise architecture.
There are many levels to their architecture that were weak with security that allowed countries like the U.S. and Canada to enter their networks that allowed this to happen. This is a problem for most countries not only Brazil, and each should take steps to minimize this from happening. One of the problems stemmed from Brazil not having their data stored on their own server in Brazil. This by no means should be all on Brazil since the NSA knew what they were doing when they were collecting data or communications from them I don’t think. Personally, Brazil would have built up a whole new architect since the majority of the internet servers are based in the U.S. and majority of providers us the same type of architecture as the U.S. when it comes to existing infrastructure. They could have decided to get a different infrastructure different from the U.S. so it would not be the same setup, which would be allowing easier access for the NSA since they already know the framework. In the end, Brazil could have gone through a different means of creating their architecture but to be fair; they found more cost effective just to use the U.S. and go by their example. I don’t think they would have thought they would have to worry about something like this happening even though anyone could have done the same thing.
Evaluate the quality of the Brazilian Federal Data Processing Service’s proposed architecture plan geared toward solving the security problem.
To help prevent this from happening again the Brazilian Federal Data Service created a more secure email system for the government (Curtnywalles, 2016). This would lead to encryptions for their email system and also look at implementing a closed network rather than using the World Wide Web. A couple more things I would look into would be reworking the security and establish a whole new plan and strategy. We would need to make sure we check all connections and locate any weak areas of the network and make sure to utilize software and hardware to improve security such firewalls, policies, and tools that can help detect intrusion. Another idea would to be to educate the workers on proper email or communication techniques to help prevent unauthorized intrusions. Using a biometric or secure common access card will also help prevent on authorized access (Lee, 2013 p 41-66). These are just a few examples that could be used to help secure the Brazilian Federal Data Processing Service’s that I have used in many situations that have helped secure certain organizations.
Determine whether or not one (1) of the governments or intelligence agencies that you researched has taken precautions to avoid a security breach similar to the one that the Brazilian Federal Data Processing Service had experienced.
The Austrian government implemented a type of email security that would help protect their electronic mail. With this architecture, it would change the organization’s email clients to enforce user classification of email and modifications of the organization’s email gateway to manage the delivery and audit of official information. This not only helps protect their emails but also provided rules to filter the content based the rules set, the messages’ security classification, and the destination classification that it was being routed to (Colla, 2005). With this type of security implemented, this would have made it harder for an outside counterpart to access their emails so easily. This type of policy would help mark different types of emails and block those that did not meet the policy. This would help manage and control the flow of information thus minimizing the risk of information getting out. I think this is where the Brazilian Federal Data Processing Service’s had an issue is that they didn’t have their information properly secured which lead to the leak or breach depending on our point of view. I don’t think the policy would have protected them fully, but it would have helped deter or stop low-level access. Proper training and security practices need to be looked over to ensure proper safeguards are in place to help protect your data. Constant checks and reviews should be done to look for new ways to defend or find a weakness that grant other user’s access.
- Colla, G. (2005, July). Architecture for ACSI33 email security requirements. Retrieved January 11, 2019, from https://www.janusnet.com/papers/ProtectiveMarkingEmailArchitecture.pdf
- Curtnywalles. (2016, February 16). Brazilian federal data processing. Retrieved January 10, 2019, from https://mbadissertationproposal.wordpress.com/2016/02/16/brazilian-federal-data-processing/
- Lee, R. B. (2013). Security basics for computer architects. San Rafael, CA: Morgan & Claypool.
- Watts, J. (2013, September 09). NSA accused of spying on Brazilian oil company Petrobras. Retrieved January 9, 2019, from https://www.theguardian.com/world/2013/sep/09/nsa-spying-brazil-oil-petrobras