This article is from the source 'washpo' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.washingtonpost.com/business/economy/federal-agencies-embrace-new-technology-and-strategies-to-find-the-enemy-within/2014/03/07/22ce335e-9d87-11e3-9ba6-800d1192d08b_story.html?wprss=rss_homepage
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Federal agencies embrace new technology and strategies to find the enemy within | Federal agencies embrace new technology and strategies to find the enemy within |
| (6 months later) | |
| After years of focusing on outside threats, the federal government and its contractors are turning inward, aiming a range of new technologies and counterintelligence strategies at their own employees to root out spies, terrorists or leakers. | After years of focusing on outside threats, the federal government and its contractors are turning inward, aiming a range of new technologies and counterintelligence strategies at their own employees to root out spies, terrorists or leakers. |
| Agencies are now monitoring their computer networks with unprecedented scrutiny, in some cases down to the keystroke, and tracking employee behavior for signs of deviation from routine. At the Pentagon, new rules are being written requiring contractors to institute programs against “insider threats,” a remarkable cultural change in which even workers with the highest security clearances face increased surveillance. | Agencies are now monitoring their computer networks with unprecedented scrutiny, in some cases down to the keystroke, and tracking employee behavior for signs of deviation from routine. At the Pentagon, new rules are being written requiring contractors to institute programs against “insider threats,” a remarkable cultural change in which even workers with the highest security clearances face increased surveillance. |
| The “if you see something, say something” mind-set of the post-9/11 world has fully arrived in the workplace, with new urgency following high-profile leaks such as the revelations of former National Security Agency contractor Edward Snowden. | The “if you see something, say something” mind-set of the post-9/11 world has fully arrived in the workplace, with new urgency following high-profile leaks such as the revelations of former National Security Agency contractor Edward Snowden. |
| “People’s sensitivity to this has changed substantially,” said Lynn Dugle, president of a Raytheon business unit that markets an insider threat detection system called SureView. “I can tell you five years ago, when we were talking to agencies or companies about insider threat, we would normally be talking to (chief information officers) who were under budget stress. . . . And that was a very tough sell. Now we see boards of directors and CEOs really understanding what the threat can mean to them, and the risk it poses to them.” | “People’s sensitivity to this has changed substantially,” said Lynn Dugle, president of a Raytheon business unit that markets an insider threat detection system called SureView. “I can tell you five years ago, when we were talking to agencies or companies about insider threat, we would normally be talking to (chief information officers) who were under budget stress. . . . And that was a very tough sell. Now we see boards of directors and CEOs really understanding what the threat can mean to them, and the risk it poses to them.” |
| In response to the breach by former Army intelligence analyst Pfc. Bradley Manning, President Obama in 2011 issued an executive order that established a National Insider Threat Task Force and required all federal agencies that handle classified material to institute programs designed to seek out saboteurs and spies. | In response to the breach by former Army intelligence analyst Pfc. Bradley Manning, President Obama in 2011 issued an executive order that established a National Insider Threat Task Force and required all federal agencies that handle classified material to institute programs designed to seek out saboteurs and spies. |
| While corporate security has long been part of Beltway culture, the heightened focus and the emergence of new monitoring technology touched off a burgeoning industry. In addition to Raytheon, Lockheed Martin has developed an insider-threat detection service, as have several start-ups in the Washington area. | While corporate security has long been part of Beltway culture, the heightened focus and the emergence of new monitoring technology touched off a burgeoning industry. In addition to Raytheon, Lockheed Martin has developed an insider-threat detection service, as have several start-ups in the Washington area. |
| Even Booz Allen Hamilton, which faced national embarrassment when Snowden, one of its employees, walked off with some of the country’s most guarded secrets, counsels its clients on how to detect rogue employees. A recent job posting said the company was looking for an “insider threat analyst,” which required a security clearance and more than five years of experience in counterintelligence. The posting spread on the Web and sparked ridicule over the notion that the company that employed Snowden was now looking to help turn the historic breach into a profitable lesson learned. | Even Booz Allen Hamilton, which faced national embarrassment when Snowden, one of its employees, walked off with some of the country’s most guarded secrets, counsels its clients on how to detect rogue employees. A recent job posting said the company was looking for an “insider threat analyst,” which required a security clearance and more than five years of experience in counterintelligence. The posting spread on the Web and sparked ridicule over the notion that the company that employed Snowden was now looking to help turn the historic breach into a profitable lesson learned. |
| Raytheon’s SureView program allows agencies to create all sorts of internal alerts indicating when something may be amiss. A company could, for example, program the software to detect whenever a file containing the words “top secret” or “proprietary” is downloaded, e-mailed or moved from one location on the system to another. | Raytheon’s SureView program allows agencies to create all sorts of internal alerts indicating when something may be amiss. A company could, for example, program the software to detect whenever a file containing the words “top secret” or “proprietary” is downloaded, e-mailed or moved from one location on the system to another. |
| Once that wire is tripped, an alert almost immediately pops up on a security analyst’s monitor, along with a digital recording of the employee’s screen. All the employee’s actions — the cursor scrolling over to open the secure file, the file being copied and renamed — can be watched and replayed, even in slow motion. It’s the cyber equivalent of the security camera that records robbers sticking up a convenience store. | Once that wire is tripped, an alert almost immediately pops up on a security analyst’s monitor, along with a digital recording of the employee’s screen. All the employee’s actions — the cursor scrolling over to open the secure file, the file being copied and renamed — can be watched and replayed, even in slow motion. It’s the cyber equivalent of the security camera that records robbers sticking up a convenience store. |
| Lockheed Martin provides a service called Wisdom, which acts as “your eyes and ears on the Web,” according to a company official. At its broadest use, the service can monitor mountains of data on the Web — Facebook, Twitter, news sites or blogs — to help predict everything from a foreign coup or riot to political elections. But it can also be turned inward, at employees’ online habits, to predict who within the organization might go rogue. | Lockheed Martin provides a service called Wisdom, which acts as “your eyes and ears on the Web,” according to a company official. At its broadest use, the service can monitor mountains of data on the Web — Facebook, Twitter, news sites or blogs — to help predict everything from a foreign coup or riot to political elections. But it can also be turned inward, at employees’ online habits, to predict who within the organization might go rogue. |
| Counterintelligence officials use Wisdom to “evaluate employee behavior patterns, flagging individuals who exhibit high risk characteristics,” the company says in a brochure. | Counterintelligence officials use Wisdom to “evaluate employee behavior patterns, flagging individuals who exhibit high risk characteristics,” the company says in a brochure. |
| “I like to think of it as a digital intuition that is being developed,” said Jason O’Connor, Lockheed’s vice president for analysis and mission solutions. | “I like to think of it as a digital intuition that is being developed,” said Jason O’Connor, Lockheed’s vice president for analysis and mission solutions. |
| The market is much broader than the defense and intelligence industries. It extends to hospitals, which need to protect patients’ information; retailers, which hold customers’ credit card numbers; and financial institutions. | The market is much broader than the defense and intelligence industries. It extends to hospitals, which need to protect patients’ information; retailers, which hold customers’ credit card numbers; and financial institutions. |
| Some worry that the programs are an overreaction to a relatively rare threat that will do more to hinder the free flow of information than to deter crime, while creating repressive working environments. | Some worry that the programs are an overreaction to a relatively rare threat that will do more to hinder the free flow of information than to deter crime, while creating repressive working environments. |
| Despite the soon-to-come federal mandate, many defense contractors have “already implemented fairly imposing controls to minimize the unauthorized use of data,” said Loren Thompson, a defense industry consultant who has worked with Lockheed Martin and other contractors. But he warned that this “clearly is a trade-off in which values like efficiency and collaboration will be sacrificed in order to reduce the likelihood of internal wrongdoers from succeeding.” | Despite the soon-to-come federal mandate, many defense contractors have “already implemented fairly imposing controls to minimize the unauthorized use of data,” said Loren Thompson, a defense industry consultant who has worked with Lockheed Martin and other contractors. But he warned that this “clearly is a trade-off in which values like efficiency and collaboration will be sacrificed in order to reduce the likelihood of internal wrongdoers from succeeding.” |
| After Sept. 11, many agencies were criticized for not sharing sensitive information that could have prevented the attacks, so steps were taken to consolidate data within the government. Thompson fears the current climate of worry about Snowden-like leaks could lead to a return to the old habits, with key information once again compartmentalized. | After Sept. 11, many agencies were criticized for not sharing sensitive information that could have prevented the attacks, so steps were taken to consolidate data within the government. Thompson fears the current climate of worry about Snowden-like leaks could lead to a return to the old habits, with key information once again compartmentalized. |
| “Insider threats are a real problem, but mandating a particular standard for all contractors will cost huge amounts of money and quite possibly result in the wrong steps being taken,” he said. | “Insider threats are a real problem, but mandating a particular standard for all contractors will cost huge amounts of money and quite possibly result in the wrong steps being taken,” he said. |
| In addition to the cases that have made headlines worldwide, there are an untold number of incidents in the broader corporate world where insiders wreak havoc — from the systems administrator at what was then UBS Paine Webber who planted a “logic bomb” on the company’s network, to the Chinese national who was convicted of stealing trade secrets from Ford Motor Co. | In addition to the cases that have made headlines worldwide, there are an untold number of incidents in the broader corporate world where insiders wreak havoc — from the systems administrator at what was then UBS Paine Webber who planted a “logic bomb” on the company’s network, to the Chinese national who was convicted of stealing trade secrets from Ford Motor Co. |
| In 2008, a network administrator for the city of San Francisco held much of the network hostage for nearly two weeks because he was the only one with the password. The city didn’t get it back until then-Mayor Gavin Newsom visited the administrator in jail and essentially begged him for it. | In 2008, a network administrator for the city of San Francisco held much of the network hostage for nearly two weeks because he was the only one with the password. The city didn’t get it back until then-Mayor Gavin Newsom visited the administrator in jail and essentially begged him for it. |
| According to a brochure put out by the FBI with tips for companies “on how to detect an insider threat,” there are “increased incidents of employees taking proprietary information when they believe they will be, or are, searching for a new job.” | According to a brochure put out by the FBI with tips for companies “on how to detect an insider threat,” there are “increased incidents of employees taking proprietary information when they believe they will be, or are, searching for a new job.” |
| As a result, companies and government agencies are training employees to notice, and report, odd behavior — if the person in the next cubicle is working odd hours, taking short trips to foreign countries or suddenly comes into wealth. | As a result, companies and government agencies are training employees to notice, and report, odd behavior — if the person in the next cubicle is working odd hours, taking short trips to foreign countries or suddenly comes into wealth. |
| A recent training video for the Department of Homeland Security features “Doug,” a suspicious employee who skulks around in restricted areas, brags about his new car and blogs under a pseudonym about the shortfalls of the company. | A recent training video for the Department of Homeland Security features “Doug,” a suspicious employee who skulks around in restricted areas, brags about his new car and blogs under a pseudonym about the shortfalls of the company. |
| “You have the power to protect your workplace,” the narrator says. “If you see something suspicious from one of your co-workers, say something to your supervisor, human resources department or your security officer.” | “You have the power to protect your workplace,” the narrator says. “If you see something suspicious from one of your co-workers, say something to your supervisor, human resources department or your security officer.” |
| There have also been advances in what’s called “sentiment analysis,” which allows organizations to scan employees’ e-mail for changes in behavior and tone. | There have also been advances in what’s called “sentiment analysis,” which allows organizations to scan employees’ e-mail for changes in behavior and tone. |
| Stan Soloway, head of the Professional Services Council, an industry group that represents hundreds of federal contractors, said looking at employees as potential threats “is a real mind shift. But it’s the reality of the business world today.” | Stan Soloway, head of the Professional Services Council, an industry group that represents hundreds of federal contractors, said looking at employees as potential threats “is a real mind shift. But it’s the reality of the business world today.” |
| “There’s a growing awareness that this is a very significant challenge for institutions of all kinds, and what we’re seeing now is the implementation. It’s going to take some time to get it right. . . . How do those protections align with your other responsibilities as an employer?” | “There’s a growing awareness that this is a very significant challenge for institutions of all kinds, and what we’re seeing now is the implementation. It’s going to take some time to get it right. . . . How do those protections align with your other responsibilities as an employer?” |
| Chris Kauffman, the founder and chief executive of Personam, a McLean company that focuses entirely on insider threats, said programs can “assess insider threatening behaviors without breaching the employee’s privacy.” | Chris Kauffman, the founder and chief executive of Personam, a McLean company that focuses entirely on insider threats, said programs can “assess insider threatening behaviors without breaching the employee’s privacy.” |
| “There’s always the concern of the Orwellian overseers watching everything we’re doing. But we’re very sensitive to that,” he said. “We evaluate the activities and the transactions over the networks. Which Web sites they go to, which file servers they go to. But what we don’t do is absorb the content of that data. We don’t read e-mails or chats or texts. Or even the content of the Web sites they go to. We’re looking at the patterns they use.” | “There’s always the concern of the Orwellian overseers watching everything we’re doing. But we’re very sensitive to that,” he said. “We evaluate the activities and the transactions over the networks. Which Web sites they go to, which file servers they go to. But what we don’t do is absorb the content of that data. We don’t read e-mails or chats or texts. Or even the content of the Web sites they go to. We’re looking at the patterns they use.” |
| MITRE, a not-for-profit research and development company, did a study in 2009 where it asked some of its own employees to try to access sensitive information on its own network. In addition to assessing the network’s strength, the company wanted to “study evasiveness,” said Deanna Caputo, MITRE’s principal behavioral psychologist. “We wanted to see what good guys gone bad would look like.” | MITRE, a not-for-profit research and development company, did a study in 2009 where it asked some of its own employees to try to access sensitive information on its own network. In addition to assessing the network’s strength, the company wanted to “study evasiveness,” said Deanna Caputo, MITRE’s principal behavioral psychologist. “We wanted to see what good guys gone bad would look like.” |
| Working under a grant from the Defense Advanced Research Projects Agency, the Pentagon’s research arm, Georgia Tech computer scientists have worked to develop software that can detect a rogue employee even before he or she has broken bad. “When a soldier in good mental health becomes homicidal or a government employee abuses access privileges to share classified information, we often wonder why no one saw it coming,” said a Georgia Tech news release. | Working under a grant from the Defense Advanced Research Projects Agency, the Pentagon’s research arm, Georgia Tech computer scientists have worked to develop software that can detect a rogue employee even before he or she has broken bad. “When a soldier in good mental health becomes homicidal or a government employee abuses access privileges to share classified information, we often wonder why no one saw it coming,” said a Georgia Tech news release. |
| All this corporate scrutiny doesn’t necessarily bother groups that advocate for privacy protections. When it comes to using a government or corporate network, employees often do not have expectations of privacy, especially if they are dealing with classified information, said Ginger McCall, an associate director at the Electronic Privacy Information Center. | All this corporate scrutiny doesn’t necessarily bother groups that advocate for privacy protections. When it comes to using a government or corporate network, employees often do not have expectations of privacy, especially if they are dealing with classified information, said Ginger McCall, an associate director at the Electronic Privacy Information Center. |
| “I think there is an important distinction between monitoring a person’s personal e-mails and monitoring access to sensitive databases,” she said. | “I think there is an important distinction between monitoring a person’s personal e-mails and monitoring access to sensitive databases,” she said. |
| And since so much information about ordinary Americans is contained on government and corporate databases, there are benefits to making sure they are protected and under constant surveillance. | And since so much information about ordinary Americans is contained on government and corporate databases, there are benefits to making sure they are protected and under constant surveillance. |
| “We would want to know if someone at the FBI is accessing a database on a person when they shouldn’t be,” she said. | “We would want to know if someone at the FBI is accessing a database on a person when they shouldn’t be,” she said. |
| Michael Crouse, Raytheon’s director of insider threat strategies, said such programs help agencies “trust but verify.” | Michael Crouse, Raytheon’s director of insider threat strategies, said such programs help agencies “trust but verify.” |
| “We trust our privileged users,” he said. “But what we’re seeing is that you can verify that they are doing the work that is assigned to their role.” | “We trust our privileged users,” he said. “But what we’re seeing is that you can verify that they are doing the work that is assigned to their role.” |
| It’s sort of like a big factory, he said, “where the foreman is looking down on the factory floor making sure everyone is doing their job.” | It’s sort of like a big factory, he said, “where the foreman is looking down on the factory floor making sure everyone is doing their job.” |
| Related: | Related: |
| Special Report: NSA Secrets | Special Report: NSA Secrets |