The Government’s War on Insider Threats
Agencies will reportedly invest $1 billion this year on cybersecurity. But what’s the strategy behind that spending?
Few nation states exploit the “bribery will get you everywhere” adage better than China. This applies to security, too, where the Beijing’s rampant greasing of palms is exacerbating the U.S. government’s insider-threat crisis.
Just last week, an American state-department employee with top-secret security clearance was arrested for covertly receiving thousands of dollars’ worth of gifts from Chinese intelligence agents. (The defendant, Candace Claiborne, pleaded not guilty.) She faces up to 25 years in jail for the felony offenses of obstructing an official proceeding and making false statements to the FBI.
According to Bloomberg Government, federal agencies may invest more than $1 billion on “insider-threat countermeasures” this year alone. (See the chart, below.) The estimate includes everything from authentication to user monitoring to event management.
Insider threats can stem from malicious intents such as the above, but they can also occur due to employee negligence, such as ignoring best practices or careless use of IoT devices. Given the varied nature of these threats, it’s notoriously difficult to spot them. Even seemingly impervious tools such as firewalls and rules-based SIEMs have buckled in the face of such curveballs.
According to CNN, Claiborne was targeted to “obtain information on political, economic, and security policies that may affect China, foreign intelligence operations directed at China, and biographical profiles of foreign politicians and intelligence officers.” The FBI claims she had been leaking information to the Chinese for more than five years, yet they only discovered her alleged crimes recently.
Although it may sound counterintuitive, less-rigid security would’ve been the difference-maker here. Given the scope of federal networks and the increasing bulk of log data they generate, federal agencies require security that’s automated and scalable. It should also be Oz-like in visibility, and Sherlock-like in providing the specifics and evidence surrounding threats. This type of analytics-based security would show its mettle, its value, almost immediately. And yes, it does exist.
Claiborne’s charges came mere months after the Department of Defense issued regulations to control insider threats, specifically stemming from contractors or subcontractors. (Clearly, the indiscretions of NSA contractor Edward Snowden continue to haunt them.) The DoD safeguards require that workers handing sensitive information be compliant with 110 security requirements, as well as monitor for, and report, incidents.
Like most regulations, they are vague if well-intentioned. The next necessary step for each agency: research and adopt proactive security for themselves. They must then use that intelligence, as they are wont, to regulate the type of platform contractors use, while creating best practices for both on- and offsite workers. Government agencies may want to project fortitude, but it’s time for deftness and leadership.