|
tl;dr: No, not for Top Secret information - one must assume that one's attacker is more capable than one's self, but ruled by the same physics. Therefore, one destroys media utterly (heating to the Curie Point, grinding to dust, etc.) rather than assume that the adversary cannot recover from a degaussed disk. For other levels of information, guidelines vary. Guidelines for media destruction vary based on sensitivity of the information and the risks associated with its disclosure. There are two basic categories of information, private interest and national interest, and various levels within the categories. Private interest refers to individuals, businesses, etc., that is, anything that isn't "in the national interest". National interest refers to anything that could seriously impact the country and its interests, its overall security, etc. The classic examples are intelligence and military operations. Others include government plans that have yet to be made public, e.g., cabinet confidences in the UK and Canada, etc. There is a debate as to whether certain types of economic information, even if private, should be considered national interest, because the impact of disclosure could be recession, depression, or complete collapse, which would seriously impact national interest. Many jurisdictions use the term "Classified" to refer to information related to the national interest; Confidential, Secret, Top Secret, and Cosmic are some common western/NATO terms for various levels of classified information. Labels for private interests vary; for example, Canada uses "Protected A" for information about an individual that could lead to minor, recoverable harm (think a slap upside the head - it hurts, you might need ice, but it doesn't really impact you), "Protected B" for moderate harm that is difficult to recover from (think a broken arm - you will need medical attention, your life is impacted, possibly seriously, but you will recover), and "Protected C" for serious or grave harm (think being shot - you're done). Degaussing is often considered sufficient for "Protected A" and "Protected B" type information - but there are debates as to quantity: While aggregating doesn't change the label (10,000 Protected B records are still Protected B), it can increase the harm (compromise of 100,000,000 Protected B records might seriously harm the nation, e.g.). Degaussing is not considered enough for "Protected C" information and for Classified information: The degaussing may be imperfect, there may "edge effects", etc. We just don't know - and we assume our adversary isn't as ignorant as we. So we destroy the media, utterly, so that it cannot be recovered. That's what was happening here. Use of grinders is pretty standard practice. Yes, this information had all been revealed. As far as we know. Seems pretty pointless, doesn't it? |
The UK government publishes the tables that it uses to assess business impact over at http://www.cesg.gov.uk/publications/Documents/business_impac... and you can read more about the wider information security concepts at https://www.gov.uk/service-manual/making-software/informatio...
Unfortunately, IS5, the document that describes secure sanitisation of sensitive materials is not available to the public, so we don't know what guidelines the officials were working to here.
You can assume that the least risky process for all parties is to be witness to the destruction of the physical media, giving both sides confidence that the materials were actually destroyed.