DoD Raising Insider Threat Awareness to Safeguard National Security

September 23, 2019

We often think of cyber threats as coming from an anonymous criminal, hundreds of miles away behind a computer screen. However, current and former employees who have intimate and valuable knowledge about a company are also capable of committing a cybercrime. (Courtesy of YouTube)

The Department of Defense (DoD), is partnering with intelligence and law enforcement agencies to educate government employees on how to detect and mitigate insider threats that pose national security risks.

The DoD, National Insider Threat Task Force, the National Counterintelligence and Security Center, the Federal Bureau of Investigation, and the Department of Homeland Security has designated September as the ‘National Insider Threat Awareness Month’ to highlight the importance of detecting and deterring unauthorized access to national security information, according to the Pentagon.

DoD explained that proactive disclosure of insider threats could prevent loss of classified information and minimize damage to national security.

(The “Game of Pawns: The Glenn Duffie Shriver Story” video dramatizes the incremental steps taken by intelligence officers to recruit Shriver and convince him to apply for jobs with the U.S. State Department and the Central Intelligence Agency. Courtesy of the Federal Bureau of Investigation and YouTube.)

“We highlight the importance of insider threat awareness to preserve our personal safety, strong economy, and national security,” explained Garry Reid, Director for Defense Intelligence (Counterintelligence, Law Enforcement and Security), at the Department of Defense.

“We challenge all Americans to help protect, preserve and strengthen our public and private organizations by learning to recognize and report potential risk indicators.”

The DoD, National Insider Threat Task Force (NITTF), the National Counterintelligence and Security Center (NCSC), the Federal Bureau of Investigation (FBI), and the Department of Homeland Security (DHS), to increase awareness about the risks posed by insider threats and designated September 2019 as “National Insider Threat Awareness Month.”

(See this DoD training video on Insider Threats for Homeland Security and corporate training. Courtesy of the DoD Personnel Security and YouTube.)

Past compromises of national security information by trusted insiders have made America less safe by allowing adversaries unauthorized access to information.

Adversaries have used the knowledge from insiders to change tactics to avoid detection and learn where the nation is most vulnerable.

These actions, coupled with incidents of senseless loss of life perpetrated by insiders, have highlighted the need for uniform engagement.

Proactive insider threat reporting can provide early warning, intervention, and assistance for individuals at risk, while strengthening national resilience.

(Learn More. Naval Criminal Investigative Service (NCIS) is encouraging U.S. Navy and Marine Corps service members, and Department of Defense (DoD) civilians, to be aware of indicators, behaviors and cyber threats that could jeopardize national security through their Insider Threat Awareness program. Courtesy of DoD Personnel Security and YouTube.)

Such reporting can reduce acts of harm to self or others, prevent the loss or compromise of classified information, and minimize damage to national security.

TIPS TO MITIGATE INSIDER THREATS

Insider threats are a result of a combination of organizational, behavioral, and technical issues.

The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) recommends the following best practices for addressing these issues and mitigating an insider threat:

Incorporate insider threat awareness into periodic security training for all employees.
Implement strict password and account management policies and practices.
Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
Ensure that sensitive information is available to only those who require access to it.
Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
Develop a formal insider threat mitigation program.

BEHAVIORAL INDICATORS

An insider threat occurs when a current or former employee, contractor, or business partner who has or had authorized access to an organization's network, system, or data, intentionally misuses that access in a manner to commit a cybercrime. (Courtesy of the the National Counterintelligence and Security Center (NCSC)) — An insider threat occurs when a current or former employee, contractor, or business partner who has or had authorized access to an organization’s network, system, or data, intentionally misuses that access in a manner to commit a cybercrime. (Courtesy of the the National Counterintelligence and Security Center (NCSC))

A good way to prevent an insider threat is to train your employees to recognize some common behavioral indicators among their colleagues.

US-CERT has identified the following behavioral indicators of malicious threat activity:

Remotely accesses the network while on vacation, when sick, or at odd times during the day.

Works odd hours without authorization.
Unnecessarily copies material, especially if it is proprietary or classified.
Expresses interest in matters outside the scope of their duties.
Shows signs of drug or alcohol abuse, financial difficulties, gambling, illegal activities, poor mental health, or hostile behavior.

IF YOU’VE BEEN COMPROMISED

Follow your organization’s rules and regulations regarding cyber threats.
Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or www.us-cert.gov.
Inform local law enforcement as appropriate.
Report stolen finances or identities and other cybercrimes to the Internet Crime Complaint Center at www.ic3.gov.
Report fraud to Federal Trade Commission at www.FTCComplaintAssistant.gov.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

Provides named sources
Reported by more than one notable outlet
Includes supporting video, direct statements, or photos

The Department of Defense (DoD), is partnering with intelligence and law enforcement agencies to educate government employees on how to detect and mitigate insider threats that pose national security risks.

DoD explained that proactive disclosure of insider threats could prevent loss of classified information and minimize damage to national security.

“We highlight the importance of insider threat awareness to preserve our personal safety, strong economy, and national security,” explained Garry Reid, Director for Defense Intelligence (Counterintelligence, Law Enforcement and Security), at the Department of Defense.

“We challenge all Americans to help protect, preserve and strengthen our public and private organizations by learning to recognize and report potential risk indicators.”

Past compromises of national security information by trusted insiders have made America less safe by allowing adversaries unauthorized access to information.

Adversaries have used the knowledge from insiders to change tactics to avoid detection and learn where the nation is most vulnerable.

These actions, coupled with incidents of senseless loss of life perpetrated by insiders, have highlighted the need for uniform engagement.

Proactive insider threat reporting can provide early warning, intervention, and assistance for individuals at risk, while strengthening national resilience.

Such reporting can reduce acts of harm to self or others, prevent the loss or compromise of classified information, and minimize damage to national security.

TIPS TO MITIGATE INSIDER THREATS

Insider threats are a result of a combination of organizational, behavioral, and technical issues.

The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) recommends the following best practices for addressing these issues and mitigating an insider threat:

Incorporate insider threat awareness into periodic security training for all employees.

Implement strict password and account management policies and practices.

Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.

Ensure that sensitive information is available to only those who require access to it.

Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.

Develop a formal insider threat mitigation program.

BEHAVIORAL INDICATORS

A good way to prevent an insider threat is to train your employees to recognize some common behavioral indicators among their colleagues.

US-CERT has identified the following behavioral indicators of malicious threat activity:

Remotely accesses the network while on vacation, when sick, or at odd times during the day.

Works odd hours without authorization.

Unnecessarily copies material, especially if it is proprietary or classified.

Expresses interest in matters outside the scope of their duties.

Shows signs of drug or alcohol abuse, financial difficulties, gambling, illegal activities, poor mental health, or hostile behavior.

IF YOU’VE BEEN COMPROMISED

Follow your organization’s rules and regulations regarding cyber threats.

Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or www.us-cert.gov.

Inform local law enforcement as appropriate.

Report stolen finances or identities and other cybercrimes to the Internet Crime Complaint Center at www.ic3.gov.

Report fraud to Federal Trade Commission at www.FTCComplaintAssistant.gov.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

Subscribe to the AST Daily News Alert Here.

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY