Security

Insider threat grows more ominous

threat

When former National Security Agency contractor Edward Snowden leaked a cache of classified secrets detailing how foreign signals intelligence is gathered, it changed the way government and industry perceive insider threats.

Media reports suggest Snowden accessed a trove of documents containing as many as 40,000 files through his system administrator position. He was a privileged user who, over the course of several months, was able to download documents on flash drives from a secure NSA facility in Hawaii without getting caught.

The case precipitated a very public conversation about intelligence gathering, but behind closed doors feds are reassessing how they handle insider threats, according to a study commissioned by Vormetric, a data security company based in San Jose, Calif.

Released Sept. 23, the study surveyed more than 700 IT professionals and business managers in civilian, defense and intelligence agencies and across large public sector organizations. It suggests that insider threats are more dangerous than ever given new technologies such as cloud computing and virtualization.

Of those surveyed, 63 percent feel vulnerable to the abuse of privileged user access by employees, 46 percent feel vulnerable to insider threats and 45 percent have changed their perspectives since the Snowden incident.

"From the federal movement in IT, it's clear that most organizations are trending toward consolidation. That means in many cases going toward the cloud, creating better centralization, going with virtual desktops and looking to big data," said Wayne Lewandowski, vice president of Vormetric's Federal division.

"In each of those cases, it doesn't take too long for someone to understand that consolidating desktops and sensitive information leads to a higher density for a target, of infinitely higher value to an adversary," Lewandowski said. "That makes a threat vector like a privileged user a big problem."

Federal agencies collecting more data than ever which is consolidated through White House directives such as the Federal Data Center Consolidation Initiative. Cloud computing is increasingly streamlining access to those piles of data – even within the intelligence community –  and it all adds up to increased risks posed by insider threats.

Compared to two years ago, the study suggests, organizations feel "significantly more threatened" now, with 54 percent of those surveyed suggesting insider threats are more difficult to protect against than in 2011.

Vormetric CEO Alan Kessler said organizations have become more wary about the contractors they work with and the damage they could do.

"Forty-eight percent said third-party contractors pose threats for the entire organization, and 58 percent felt vulnerable to what they could do," Kessler said. "The perception has changed."

Several weeks after the first Snowden revelations surfaced, NSA Director Gen. Keith Alexander announced agency plans to eliminate about 90 percent of its 1,000 system administrators in favor of automated technology.

Lewandowski said short of replacing system administrators with in-house machines, many large organizations are looking to employ security architecture that strips away what system administrators can see, creating a firewall-like approach to an insider's internal network. In such an approach, data accessed by a user is encrypted, and policy governed by an organization's security team dictates what applications and users can decrypt it.

Lewandowski said insider threats will pose increasingly high risks to organizations in the public and private sectors, especially those individuals with "full and unfettered access" to an organization's inner-most networks. It's the post-Snowden world, and everybody in IT security is dealing with the fallout.

About the Author

Frank Konkel is a former staff writer for FCW.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Tue, Sep 24, 2013 Nick

No, it's not about why they are doing it, it's why low-level techs have access to highly confidential data. There is no reason someone doing maintenance should be able to access this data, there needs to be more internal security to answer internal threats. However, don't mistake me for someone that is not considered a human ignorant of social matters. I think we should be in knowledge of what the government is doing, but people like Snowden also pose a threat by allowing important info to leak out. If another country were to have this information it could be detrimental.

Tue, Sep 24, 2013 DToad

So they worry about contractors and subs because of Snowden. Bradley Manning was one of the government's own, a GI. Seems they didn't tighten up access because of Bradley's dump after all. You need to worry about what makes the person spill secrets and not for whom he works.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above