Security

Insider threat grows more ominous

threat

When former National Security Agency contractor Edward Snowden leaked a cache of classified secrets detailing how foreign signals intelligence is gathered, it changed the way government and industry perceive insider threats.

Media reports suggest Snowden accessed a trove of documents containing as many as 40,000 files through his system administrator position. He was a privileged user who, over the course of several months, was able to download documents on flash drives from a secure NSA facility in Hawaii without getting caught.

The case precipitated a very public conversation about intelligence gathering, but behind closed doors feds are reassessing how they handle insider threats, according to a study commissioned by Vormetric, a data security company based in San Jose, Calif.

Released Sept. 23, the study surveyed more than 700 IT professionals and business managers in civilian, defense and intelligence agencies and across large public sector organizations. It suggests that insider threats are more dangerous than ever given new technologies such as cloud computing and virtualization.

Of those surveyed, 63 percent feel vulnerable to the abuse of privileged user access by employees, 46 percent feel vulnerable to insider threats and 45 percent have changed their perspectives since the Snowden incident.

"From the federal movement in IT, it's clear that most organizations are trending toward consolidation. That means in many cases going toward the cloud, creating better centralization, going with virtual desktops and looking to big data," said Wayne Lewandowski, vice president of Vormetric's Federal division.

"In each of those cases, it doesn't take too long for someone to understand that consolidating desktops and sensitive information leads to a higher density for a target, of infinitely higher value to an adversary," Lewandowski said. "That makes a threat vector like a privileged user a big problem."

Federal agencies collecting more data than ever which is consolidated through White House directives such as the Federal Data Center Consolidation Initiative. Cloud computing is increasingly streamlining access to those piles of data – even within the intelligence community –  and it all adds up to increased risks posed by insider threats.

Compared to two years ago, the study suggests, organizations feel "significantly more threatened" now, with 54 percent of those surveyed suggesting insider threats are more difficult to protect against than in 2011.

Vormetric CEO Alan Kessler said organizations have become more wary about the contractors they work with and the damage they could do.

"Forty-eight percent said third-party contractors pose threats for the entire organization, and 58 percent felt vulnerable to what they could do," Kessler said. "The perception has changed."

Several weeks after the first Snowden revelations surfaced, NSA Director Gen. Keith Alexander announced agency plans to eliminate about 90 percent of its 1,000 system administrators in favor of automated technology.

Lewandowski said short of replacing system administrators with in-house machines, many large organizations are looking to employ security architecture that strips away what system administrators can see, creating a firewall-like approach to an insider's internal network. In such an approach, data accessed by a user is encrypted, and policy governed by an organization's security team dictates what applications and users can decrypt it.

Lewandowski said insider threats will pose increasingly high risks to organizations in the public and private sectors, especially those individuals with "full and unfettered access" to an organization's inner-most networks. It's the post-Snowden world, and everybody in IT security is dealing with the fallout.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.