A Locked Room Mystery: How Cleared Companies Can Protect Against Insider Threats | #itsecurity | #infosec

If you read crime fiction, you know what a locked room mystery is. In such a mystery a murder takes place, yet no one but the victim seems to have been in the room at the time of the killing. Sherlock Holmes solved such a case when he discovered a hole in the roof. From there, the murderer allowed a poisonous snake to enter, bite the victim, then recede back through the opening. Or consider too how Agatha Christie’s Inspector Hercule Poirot discovered how Roger Akroyd was murdered in his locked office. A new early 19th century device, the Dictaphone, deceived investigators into believing the killing could not have taken place when it did. Poirot identified the means, and solved the crime.

How Do We Protect Against Insider Threats?

So it is with modern espionage. We who protect classified information have secure rooms where none but the authorized are allowed in. Yet, our most deeply guarded secrets sometimes escape. When American naval officers detected new Soviet submarines were constructed with silenced engines, the Americans wondered how the adversary figured out their previous loud engines were their Achilles heel. It turned out that within our own secure apparatus, an American, cleared naval specialist John Walker, stole our precision listening technology and sold it to the Russians. He alerted them to their vulnerability. Likewise, Count Esterhazy provided designs of French forts and modern cannons to the Germans when such designs were carefully protected in the French General Staff safes. He was never suspected because he was trusted due to his family name, position, and skill level. But he was, like John Walker, a traitor. Such tales of betrayal are all too common today.

What can we do to protect against such insider threats? Take the case of Sergey Alenikov. He downloaded vast amounts of computer codes, proprietary to his American company. He was caught through routine network monitoring. Chinese immigrant Chi Mak obtained, from his American defense industry job, the details about how American submarines remained quiet. Then he stole information about the Aegis radar system, and even about stealth naval craft. His planning for theft included copying, then encrypting information which he then secretly had carried back to China by his own relatives. In each of these cases, careful methods of our own protection ultimately worked, and the violators were arrested.

Why They Spy

As we all know, or have even experienced, work can put tremendous pressure on our employees. Financial problems, be they of a family or corporate origin, lack of recognition, revenge, and even a narcissistic belief in one’s own status can all factor in for a motive to steal. These motives are always being sought out by adversaries. Once identified, these vulnerable people can be played upon by clever recruiters until the person is hooked and induced into performing acts of sabotage or espionage. Or, these people can themselves seek out possible buyers for what they have to betray. Spies and thieves have offered their services recently to India, to Russia, to China, and even to other companies, in just the past years.

A potential thief may believe they are above the law, or won’t get caught. Even worse, they may consider themselves invulnerable even if they are caught. They may consider the lack of punishment meted out to wrong-doers another motivating factor or think that security is so lax the money they will make is worth the risk.

Methods to Combat Insider Threats

The DOJ has offered several means of defending against such spies or corporate raiders. As we’ve read recently, the Federal Government is demanding certain levels of computer security be implemented as a pre-condition of defense contract eligibility. But that’s not all. Employees need to be trained, and reminded regularly, of security protocols and rules. Particularly here is an awareness of when and what they can take home to work on. Most important, employees need to be provided with a means for reporting insecure activities. They must be convinced that their reports of their suspicions are confidential, and not subject to less than professional handling.

Traditional techniques are always valuable, if often forgotten. Time pressure may cause short cuts to be made. Often that short cut is security consciousness. The ‘two-person rule’, where two people are always involved in any cleared activity, helps there. One can perform as a check on the security of the other colleague. ‘Need to know‘, a classic, is more than a slogan. No one is so high in rank that he should be given access or awareness of some classified program outside his authority to know. Lastly, never, ever let a person know they are under suspicion. If you’ve reached this concern, it is absolutely essential to let your FBI support office personnel know.

aftermath of Secrets Spilled to Adversaries

Your company may only deduce secrets are lost when they see evidence of such loss reflected in the actions of others. That ship which was supposed to be secure is readily detected by an adversary. That code which you knew to be proprietary is now compromised, or used elsewhere. Each of these and a host of other indicators may suggest compromise or theft. Leave it up to investigative professionals, working with your cleared, knowledgeable staff, to solve. Locked room mysteries are fascinating to read about, unless they are your own.


Original Source link

Leave a Reply

Your email address will not be published.

forty − thirty =