In the wake left by Wikileaks, Government agencies are being encouraged to turn their attention inwards rather than outwards in the hunt for the next big information security threat.
The creation of 'insider threat' programmes are believed to root out aggrieved employees who might feel compelled to cause problems by sharing sensitive information about the agency or the state.
In a memo published by NBC, the US Government encouraged agencies to assess their own vulnerabilities to prevent future attack.
Self-assessment questions included, “Assess what your agency has done or plans to do to address any perceived vulnerabilities or weaknesses on automated systems in the post-Wikileaks environment.”
Trustworthiness key to insider threatThe document also dedicated an unclassified section titled 'Deter, Detect and Defend Against Employee Unauthorized Disclosures' which asked agencies questions such as, 'What metrics do you use to measure "trustworthiness" without alienating employees?' and 'Do you use a psychiatrist and sociologist to measure relative happiness as a means to gauge trustworthiness? Or despondence and grumpiness as a means to gauge waning trustworthiness?'
Speaking to SC Magazine on the issue, Noa Bar-Yosef, senior security strategist at Imperva, gave his thoughts on the US Government memo, drawing particular attention to the benefit of automated scanning devices:
“Overall, this is an excellent memo and anyone in security should read it carefully. The memo asks good questions to help government agencies and private companies assess the threat of a possible insider.
“However, to help identify insider threats, there are two elements: awareness and automation. This memo largely focuses on raising awareness to help spot insiders, that's a very good thing but awareness is only part of the solution. Being aware only part time is not good enough.
“For that matter, the government needs to assume that insiders don't sleep either. What the memo fails to recommend and force readers to consider is automation. An automated scanning capability would have caught this peculiar behaviour and overall, automated scanning (and monitoring) should help identify excessive downloads and access to data and documents that simply are not supposed to see the light of day.
“If government employees know they are being monitored, they will behave differently just like drivers slow down when they know the highway patrol is in the next lane.”
The “internal threat” has long been known about in security circles; for many years it consistently featured as the top threat in almost every security/risk survey conducted. In recent years it has slipped somewhat from the spotlight; however the Wikileaks affair has once again brought it to the fore.