Disclaimer: This site has been first put up 15 years ago. Since then I would probably do a couple things differently, but because I've noticed this site had been linked from news outlets, PhD theses and peer rewieved papers and because I really hate the concept of "digital dark age" I've decided to put it back up. There's no chance it can produce any harm now.
| Identifier: | 03THEHAGUE2734 |
|---|---|
| Wikileaks: | View 03THEHAGUE2734 at Wikileaks.org |
| Origin: | Embassy The Hague |
| Created: | 2003-10-31 06:23:00 |
| Classification: | UNCLASSIFIED |
| Tags: | PARM PREL CWC |
| Redacted: | This cable was not redacted by Wikileaks. |
This record is a partial extract of the original cable. The full text of the original cable is not available.
UNCLAS THE HAGUE 002734 SIPDIS STATE FOR AC/CB, NP/CBM, VC/CCB, L/ACV, IO/S SECDEF FOR OSD/ISP JOINT STAFF FOR DD PMA-A FOR WTC COMMERCE FOR BIS (GOLDMAN) NSC FOR CHUPA WINPAC FOR LIEPMAN E.O. 12958: N/A TAGS: PARM, PREL, CWC SUBJECT: CHEMICAL WEAPONS CONVENTION (CWC): FIRST MEETING OF THE FOURTH SECURITY AUDIT TEAM 1. This is CWC-114-03. 2. The OPCW Technical Secretariat (TS) convened a 16-17 October 2003 meeting of the fourth Security Audit Team (SAT-IV) in The Hague, The Netherlands. SAT-IV is comprised of representatives from Japan, France, The Netherlands, and the U.S. Yonosuke Harada of Japan, who chaired SAT-III, agreed to chair SAT-IV. The meeting was called at short notice, ostensibly to finalize an audit charter, mandate, and timetable. The team remains concerned that the TS may have called the meeting in order to satisfy an Executive Council requirement that it do so before the 20-24 October 2003 Conference of State Parties. The team was disappointed by the TS' reluctance to discuss the mechanics of the upcoming audit and was concerned about the TS claim that it will not have the resources to support a security audit before October 2004. 3. OPCW Director General (DG) Rogelio Pfirter personally welcomed the SAT-IV team on 17 October 2003, and agreed in theory that the TS needs a baseline review of its Information Technology (IT) infrastructure and operating environment. The DG asked the team not to overwhelm his staff, and his comments may have inadvertently postponed further SAT-IV-related activities until fall 2004. The TS and SAT-IV began work on a draft charter, mandate, and mutually agreed timetable for future security audit activities. The team will continue its joint drafting effort with the TS via e-mail in the hope that once agreed, the team can schedule a follow-on face-to-face meeting with TS personnel later this calendar year. (Comment: As of 28 October 2003, the SAT-IV had completed work on its drafts.) 4. The French and Japanese auditors both noted that TS attitudes regarding IT security and auditing remain somewhat cavalier and worrisome. In particular, the team was told by Robert Simpson, Office of Confidentiality and Security (OCS), that its current emphasis had shifted from IT to physical security concerns. Comments by Jan Engles (Information Security Systems), Robert Simpson (OCS), and Gregory Linden (Information Support Branch) provided more questions than answers regarding TS plans for deployment of its verification database, electronic data exchange, and handling of confidential data. SIPDIS 5. OCS staff indicated that the TS' classified computer network, known as the secure critical network (SCN), had been certified to process confidential data by an earlier audit team. SAT-IV viewed this as a misperception: the SCN has never been formally evaluated for this specific role; what had been certified was the electronic document management system. Previous security audit teams have been unable to evaluate the efficacy of the TS IT security lock-downs because they have not been allowed to inspect the TS' protocol for securing the declaration data submitted by State Parties or the derivative data generated by the TS from the declarations. The audit team also remains concerned that the TS is proposing to transfer declarations scrubbed of SIPDIS sensitive material from the SCN to States Parties using electronic data written on CD-ROMs. 6. Finally, an earlier audit team recommended that the TS consolidate its stand-alone databases onto the SCN until the TS was ready to implement its full relational database. SIPDIS According to the TS, the interim system is based on Microsoft Access, which has a number of security deficiencies. Recent audit teams have not been able to assess the level of security used, although the audit team asked that the TS provide it with database logs upon completion of the migration. 7. SAT-IV assesses that a number of IT issues require a candid and open dialogue and has sought to establish a collegial working relationship with the TS. The team is concerned that the continued TS reluctance to share information with the team may be indicative of a more systemic problem within the staff levels at the TS. SOBEL
Latest source of this page is cablebrowser-2, released 2011-10-04