The file was found by a commuter and handed to The Sun newspaper. The newspaper returned the file to the police after checking the content. “The dossier contained details that would have helped al-Qaeda terrorists mount a devastating attack on the Games in London this summer. ‘Restricted’ files spell out security plans in place at the sites of events and provide minutes of top-level meetings where ways to beat terrorists were discussed,” reports The Sun.
The officer concerned is reported to have been reprimanded, and Scotland Yard insists that the Olympics security has not been compromised because the documents are not operationally sensitive.
The incident shows how vulnerable a physical document can be. Mobile devices are lost or stolen every day, but the content can be protected by access control to the device and file or disk encryption of the data. No such security can be applied to a typed page.
Christian Toon, head of information security Europe at Iron Mountain, believes that the Olympics officials have been too focused on digital threats to data, such as denial-of-service attacks or virus infections. He believes that this and any future similar incidents could be prevented by the introduction of “secure information management controls and policies for all employees to follow, supported by effective training and communication.” Keeping track of information, irrespective of its format, is a key aspect of information management, he says. “Public safety for the London 2012 Olympics may well depend just as much on responsibly managing sensitive paper-based data as it does on effective anti-terrorism policing and cyber-threat security. The world’s eyes will be on London this summer, the organizers cannot afford a false start.”
“This incident heightens the need for a digital approach to document management,” confirms Chas Moloney, a director at Ricoh UK, “to ensure the secure sharing and distribution of confidential correspondence.”