Combatting the Insider Threat

Combatting the Insider Threat

Combatting the Insider Threat

Additionally, DHS should continue to bolster systems that detect the behavioral red flags preceding a malicious cyberattack. Agencies can share information about anomalous behaviors with employees, as employees who work alongside an insider may be in the best position to recognize unusual behavior. DHS currently recognizes a more systematic approach: behavioral methodologies that establish normal use trends (i.e., baselines) of employee cyber activity and evaluate new cyber activity against these trends. When cyber activity deviates from the baseline, this system identifies employees who may be in the process of going rogue.

According to a majority of Federal information technology (IT) professionals, accidental insiders are the greatest IT security threat to their agencies. Lax environments and poor data protection protocols enable employees to accidentally open doors to otherwise secure cyber systems. Online training can emphasize the potential for social media activity to unintentionally leak information, and in-person training helps employees integrate cybersecurity measures into the context of DHS’s larger culture of vigilance. Performing regular audits and effectively managing new-hire background investigations can also reduce the risk of potential accidental insider threats.

Given the dual identity – malicious and accidental – of the insider threat, successfully combatting this risk demands a nuanced approach that balances the need to enhance cybersecurity with the need to promote information sharing and efficiency among Government personnel.

Insider threats are a serious cybersecurity risk to the Federal Government. According to Verizon’s 2013 Data Breach Investigations Report, insider threats, which can be malicious or accidental, comprise at least 14% of confirmed data breaches. Each type of insider threat requires a unique solution.

Malicious insiders intentionally abuse their privileged access to execute cyberattacks. Currently, the  Department of Homeland Security (DHS) restricts employee and contractor access only to the sensitive data required for their roles to limit avenues for malicious insiders. Still, the Government must continue to enhance systems that monitor, review, and roll back unnecessary access. These ongoing reviews should prioritize manager-level personnel, who, according to the 2015 Insider Threat Spotlight Report, are the highest risk cohort due to the large volumes of sensitive data they can access.

Contributors

Aaron Bishop |

Aaron Bishop is an Associate at Arc Aspicio.  A former transplant from the environmental consulting sector, Aaron has dedicated his focus to homeland security and currently supports Enterprise and Operations for Arc Aspicio.  He graduated with a B.S. in English and Environmental Policy from the College of William and Mary.

Mr. Roboto: Your Newest Coworker

Mr. Roboto: Your Newest Coworker

Could your next cubemate be a robot? Elon Musk, the Tesla and SpaceX founder, is building our future coworkers and forming a world filled with Artificial Intelligence (AI) that could “beat us in just about everything,” including our jobs. As Musk attempts to create a real-life iRobot, many advantages and a possible partnership arise with this future. How can the Government and Homeland Security prepare and welcome new technological advancements?

Data + Strategy: Using Data to Inform Agency Strategy

Data + Strategy: Using Data to Inform Agency Strategy

Understanding the types of data available, gaining access to the right data, and making sense of data are daunting tasks for most organizations as they develop a strategy to meet mission demands and enterprise-wide goals. Data is especially challenging for the Government, yet provides the opportunity for insight for leaders as they strategically move their agencies forward.

Workplace Morale is Going to the Dogs… Literally!

Workplace Morale is Going to the Dogs… Literally!

There are few greater feelings than a dog’s unconditional love. And some are finding that a dog’s love can help combat stress at work. Secretary Zinke of the Interior Department announced his intent for "Doggy Days" where he encouraged employees to bring their canine companions to work on designated days. More than 80 dogs arrived for first event and the overjoyed employees immediately scheduled the next.

Accelerating FITARA Compliance: Five Steps That Leaders Can Take Today

Accelerating FITARA Compliance: Five Steps That Leaders Can Take Today

Implementing change is not always easy, but it is always necessary. Federal agencies have been working to transform how they acquire and manage Federal information technology (IT). The Federal Information Technology Acquisition Reform Act (FITARA) in December 2014 has increased visibility into this transformation.Although FITARA enhances the authority and accountability of Chief Information Officers (CIOs) in reviewing and approving major IT investment projects, CIOs continue to look for new ways to implement best practices at their agencies.

Combating the Rise of Transnational Criminal Organizations

Combating the Rise of Transnational Criminal Organizations

Crime, corruption, and violence – particularly involving drug, human, and weapons trafficking – continue to increase at an alarming rate in the U.S. Transnational Criminal Organizations (TCOs) are a critical part of this trend and pose a serious and growing threat to homeland security – at our borders and beyond.U.S. Customs and Border Protection (CBP) is at the tip of the spear to combat TCOs. With the context that the first goal in their Vision and Strategy 2020 Strategic Plan is Counter Terrorism and Transnational Crime, CBP is focusing on disrupting TCOs responsible for the cross-border trafficking of illegal drugs, humans, and guns.

Design Thinking: Putting the Citizen at the Heart of Lasting Change

Design Thinking: Putting the Citizen at the Heart of Lasting Change

For the past few decades, there has been a growing increase in the digital channels available to network with the Federal government. These channels have made it easier for the public to interact and elicit responses from elected officials.These growing interactions have increased expectations for Government to be more transparent and collaborative. From the Department of Homeland Security (DHS) to the Department of State (DOS), Design Thinking transformations have begun to develop and modernize programs to be more human-centered. Agencies and programs beholden to serve the public good should logically adopt a problem-solving mindset that places the individual at the heart of any lasting changes.

Using Behavioral Science to Improve Mission Outcomes

Using Behavioral Science to Improve Mission Outcomes

Although behavioral science has been studied and applied within academia for decades, recently the concept has emerged everywhere – from Silicon Valley tech giants such as Google and Uber, to various Government agencies including the Department of Education, the Department of Defense, and the Department of Agriculture.But defining and applying such a broad and sometimes-nebulous discipline can prove difficult. What exactly is behavioral science? How can the Government use the concepts and lessons learned effectively?

Crowdsourcing to Improve Security

Crowdsourcing to Improve Security

Many of us are familiar with the idea of crowdsourcing. Corporations and the Government both use crowdsourcing to generate data, raise awareness campaigns, and produce ideas. So, what if we used crowdsourcing to enhance our security and bridge communication gaps between the Government and American citizens at the same time?

Homeland Security Managers = Innovative Leaders

Homeland Security Managers = Innovative Leaders

The search for and implementation of innovative methods to protect the homeland should play an important role in homeland security managers’ approach to how they guide their organizations. Citizens expect government leaders to propose and implement organizational, acquisition, and personnel management practices that enhance our nation’s ability to prepare for and mitigate potential threats. They expect these to make them safer and the nation more secure.