Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
Ever since Edward Snowden went against the National Security Agency, it seems like the federal government has been victim to a string of insider threats carried out. The latest being the young woman who sent NSA documents to a news site. David Buckley, managing director for federal risk consulting at KPMG, joined Federal Drive with Tom Temin to provide ideas for how agencies can mitigate the insider threat in the cyber age.
It was presidentially ordered after the Edward Snowden affair. It's chaired by the director of national intelligence and the attorney general. But the National Insider Threat Task Force has information, training programs and policy guidance useful to all agencies dealing with cybersecurity vulnerabilities posed by insiders. The Federal Drive with Tom Temin discussed the task force and its work with co-director Wayne Belk.
IBM has claimed 60 percent of all intrusions can be attributed to insider threat. Further, Information Week suggests that 95 percent of all organizations have employees who seek to bypass security controls.
So clearly there is risk in eliminating the polygraph for new hire. A risk management approach asks, is it a risk worth taking?
George Fallon, a 30-year veteran of IT auditing, explains why agencies need to re-evaluate the protection of e-mail, document and business systems.
The Office of Personnel Management was the sixth agency to achieve final operating capability on an insider threat program. But OPM is among the few agencies who have set up such programs. Small agencies say cultural barriers, lack of resources and legal and privacy questions are among the obstacles preventing them from meeting the goal, but insider threat experts say those problems aren't unique.
Civilian agencies have been struggling with the same challenges in developing strategies for insider threats for years now. They say those challenges are unique to them not to the Defense Department and intelligence community that have the insider threat mindset built into their culture. But the IC and DoD say not so. Federal News Radio Reporter Nicole Ogrysko tells Federal Drive with Tom Temin the two agencies have struggled with the same issues.
Federal employees and contractors waited hundreds of days in some cases for a security clearance in 2016, but the Office of Personnel Management spent much of the year putting the policy pieces in place for improvement. Key stakeholders in the Performance Accountability Council developed an IT plan for the new background investigation system and issued business rules for adjudicating some cases.
David Green, chief security officer for Veriato, details why it’s important for agencies to rate employee positions and apply the appropriate insider threat oversight based on those ratings.
The defense industry has gotten off to a good start implementing initial capabilities for insider threat programs, the Defense Security Service said. Cleared contractors had until Nov. 30 to develop and submit their plans for an insider threat program and appoint a senior official to lead and oversee it.
Experts say until the government moves to a continuous evaluation program of employees and contractors with clearances, threats from employees will continue to grow.
Lightning has struck twice in the same spot now — NSA and Booz Allen Hamilton.
Jonathan McDonald, executive vice president of TransUnion, says agencies need to look to multiple sources to understand potential risks posed by employees.
The Coast Guard said it's the first Executive Branch agency to achieve full operating capability on its insider threat program. The Homeland Security Department said it's working to automate its continuous evaluation program, in support of a governmentwide goal to add 5 percent of the cleared population under CE by 2017.