And that’s an example of why elaborate security tends to decay over time — it’s such a PITA to authorized users that people get into the habit of bypassing it, with the tacit approval of the people who are supposed to be enforcing it because it’s a PITA for them, too.

Needless to say all disk data is heavily encrypted. We’re talking full disk crypto, not just the files, but the directory also.

Second, it is NEVER connected to an external network.

Third, you make a new communications protocol. To access an IBM AS/400, you have to be running a 5250 protocol. You create a new protocol that no one else has software for, and you make it sufficiently different that even if you could connect a computer to it, it wouldn’t do you much good. The specification is never released to the public, so no one can easily write an interface to connect to it.

Fourth, internal network. You’re going to have to have an internal network, there’s going to be too much information for it all to be entered in at one point. First, limit the number of workstations. Make them close together, so a single squad of supers can defend all of them, or see if anyone is accessing them who shouldn’t be there. Make each network connection a direct port connection: no switches, no routers. Any disconnect of any workstation, i.e. attempt to insert a packet sniffer, results in immediate area lockdown and alert. Also encrypt the network traffic, naturally.

Fifth, what happens to the original paper/electronic documents? How are they destroyed. A friend of mine worked on crypto equipment during the Vietnam war. You put paper in the top of this thing, you got dust out of the bottom. You’re going to need some significant document destruction, shredding or burn bags won’t do it.

Sixth, what about backups? If all of the information is in one place, it is vulnerable to a site catastrophy. Could the Brotherhood of Evil Mutants disintegrate the entire building and data center? Normal disaster recovery planning would have the data backed up and stored in another site, which then risks the backups being stolen en route to the off-site location. I think I’d have multiple backup sites such that each site always receives the same backup tape: Site 1 always gets Tape 1. That way if any one site is compromised, they won’t get a complete backup set.

And how do you secure against someone like Mystique? You’d probably have to have genetic identification for anyone to access to the system, sort of like what they did in the movie Gatticca.

And finally, for now, what about output? You probably shouldn’t have printers hooked up, because printing out someone’s information is the same theft as stealing it from the computer. This can be fixed physically: no printer or USB ports on the computers, no print routines on the terminals connected to it.

You trade ease of use with security, this would not be an easy system to use.

Just a few thoughts. And yes, I have an extensive background in computers, networking and disaster planning. Realistically, this is how I’d approach it. But since we’re talking comics, it doesn’t have to be realistic, just dramatic.

Deployments would be subject to FOIA with the caveat that the agency will excise tactical information or other stuff like that. The “sensitive but unclassified” designation has been horribly abused by the current administration, but that SBU stuff should be released to the public. If parts of a mission are declared classified, by all means, excise that shit. We don’t need to know superhero social security numbers or real identities or that kind of thing. But everything else would be subject to FOIA.

Oh, and the diplomatic immunity would be an interesting angle to explore.

This is all quite academic for a comics discussion. I freaking love it!

I didn’t know this was that complicated til I read the responses. Thanks for showing every senerio, guys!