The National Insider Threat Task Force is raising awareness about phishing, social engineering and other modern tactics used to target federal employees and contractors, while also gearing up for a new push aimed at “safeguarding science,” according to its deputy director.
The theme of year’s “insider threat awareness month,” held every September, has been “critical thinking in digital spaces.” The task force and its partners have been highlighting online risks including social engineering efforts, mis-, dis-, and mal-information, and cyber tactics like phishing emails.
Rebecca Morgan, assistant director for enterprise threat mitigation at the National Counterintelligence and Security Center and deputy director of the task force, says this year’s campaign is motivated by the shift to remote work along with increasingly sophisticated online campaigns aimed at compromising the national security workforce.
“What we really wanted to do for our federal workforce and our private sector partners was provide a toolkit for folks that they could really foster their critical thinking skills, increase their digital and media literacy capability, recognize things like cognitive bias and where we receive information, and also alert them to some of these new techniques,” Morgan said on Inside the IC.
Social engineering has come a long way from the “Nigerian prince”-scam style emails, Morgan said, and are more difficult to distinguish than in the past. Some common tactics employed by adversaries include soliciting individuals to speak at a conference or posing as an online job recruiter, she said.
“The key thing is to increase your critical thinking skills, use that digital literacy, verify sources, look up companies that are making these offers to you, and ensure that you’re following all those common sense best practices,” Morgan said.
The federal workforce is also the target of disinformation campaigns, according to Morgan. The targeting goes beyond those with access to classified data, she said, to agencies like the Department of Labor and the Social Security Administration.
She declined to name specific instances of such campaigns targeting the federal workforce, but added, “There have been instances where misinformation has been relied upon by decision makers, and that misinformation was fed by malign foreign influences.”
“And we want to make sure that people recognize that each of us has a responsibility as a citizen, but also as a federal employee to make sure that we’re very cognizant of where the information is coming from, that it could be used for malign purposes, and to know what to do to protect ourselves, think critically about where we’re getting our data,” she said.
The insider threat task force has spent the last year focusing on increasing its support to the financial sector. It also worked closely with healthcare organizations during Operation Warp Speed, and lends support to the defense industrial base, as well as the food and agriculture sector.
Over the next year, Morgan said the task force is pivoting to a new initiative called “safeguarding science.” The idea is to help both public and private sector entities involved in emerging technologies be more aware of potential insider threats.
Such technologies include quantum computing, biotechnology, artificial intelligence, unmanned vehicles and semiconductors, according to Morgan.
“We are working with partners throughout the federal government . . . not because we want to control it, not because we want to stifle innovation,” she said, “but because we want people to understand the vulnerabilities that are out there, and some of these very simple techniques and methods they can adapt to keep their intellectual property safe to keep their people safe from targeting and recruitment.”