In part 1 of his commentary, Tom McMurtrie, a research fellow with the Army’s Training with Industry Program, offers details on the current state of agency efforts to protect against insider threats.
The National Counterintelligence and Security Center plans to deploy its own fully functional continuous evaluation system by fall 2018. Executive branch agencies buy into those services, and NCSC will continually vet agency employees against 10 different databases.
Daniel Payne, the director of the Defense Security Services, said the continuous evaluation program will have 1 million employees by 2018.
Whether you're a federal agency or a contractor, cybersecurity has become too important to leave solely to the tech staff. The worst threat these days seems to be the insider threat. Addie Cliffe and Evan Wolff, attorneys with the privacy and cyberscurity group at Crowell Moring, joined Federal Drive with Tom Temin to offer advice on how to take a corporate approach.
Near-weekly, worldwide cybersecurity threats underscore the importance of network, end-point, and application monitoring. Federal agencies have worked under a policy of continuous monitoring/continuous diagnostics and mitigation for a decade. But given the seemingly unending growth in attack vectors, the spread of internal infrastructure to commercial cloud providers, and the rise of insider threats – they’ve got to up the game into what might be called advanced cyber monitoring.
Insider Threat programs across all agencies must develop alongside technology, the GAO reports. However, the Department of Defense is making significant progress.
The Defense Information Systems Agency is hard at work on the next generation of mobile, secure computing for the Defense Department. And it's up to some heavy contracting activity.
Even if your people don't handle classified information, you can learn a lot from the National Insider Threat Task Force.
From proving bomb parts can get through front-door screenings to examining the Fort Hood shootings, the Government Accountability Office has been following the federal insider threat situation for years. Its work covers both the physical world and cyberspace.Joseph Kirschbaum, GAO director of defense capabilities and management, joined Federal Drive with Tom Temin to discuss the range of work he's overseen.
Wayne Belk, co-director of the National Insider Threat Task Force, wants feds to know that insider threat programs are there to protect them, not to get them in trouble.
Ever since Edward Snowden went against the National Security Agency, it seems like the federal government has been victim to a string of insider threats carried out. The latest being the young woman who sent NSA documents to a news site. David Buckley, managing director for federal risk consulting at KPMG, joined Federal Drive with Tom Temin to provide ideas for how agencies can mitigate the insider threat in the cyber age.
It was presidentially ordered after the Edward Snowden affair. It's chaired by the director of national intelligence and the attorney general. But the National Insider Threat Task Force has information, training programs and policy guidance useful to all agencies dealing with cybersecurity vulnerabilities posed by insiders. The Federal Drive with Tom Temin discussed the task force and its work with co-director Wayne Belk.
IBM has claimed 60 percent of all intrusions can be attributed to insider threat. Further, Information Week suggests that 95 percent of all organizations have employees who seek to bypass security controls.
So clearly there is risk in eliminating the polygraph for new hire. A risk management approach asks, is it a risk worth taking?