Magazine article National Defense

Industry Prepares for New Insider Threat Regulation

Magazine article National Defense

Industry Prepares for New Insider Threat Regulation

Article excerpt

Even as the Defense Department prepares to implement a new regulation to help mitigate insider threats, security breaches are continuing. Experts say more needs to be done to address the situation.

Years after the Edward Snowden and National Security Agency scandal, the Department of Justice announced that yet another NSA contractor had allegedly stolen classified information.

Harold Thomas Martin III was charged with the "theft of government property and unauthorized removal and retention of classified materials by a government employee or contractor," a Justice statement released in October alleged.

Martin--a 51 -year old contractor from Glen Burnie, Maryland--had a top-secret security clearance and was arrested in August, according to Justice.

The announcement came less than two months before the Defense Department intends to implement a new policy that would require companies to establish individual programs to detect, deter and mitigate insider threats.

Under guidance from the department's defense security service, companies doing business with the Pentagon will soon be required to stand up a program to "gather, integrate and report relevant and available information indicative of a potential or actual insider threat."

The requirement--which has a Nov. 30 deadline--is part of a change to the Defense Department's "National Industrial Security Operating Manual," and was announced in a letter released in May.

The new rule, while basic, is a step in the right direction, said Bryan Ware, CEO of Haystax Technology, a security analytics company.

"Is it enough? I don't think so," he said. "To get to the place where industry really has good insider threat programs is not going to come from this change and it's not going to come quickly."

Though not particularly onerous, in general, industry does not want to be compelled to follow more regulations, he said.

"What I would love to see would be that having a strong insider threat program was a strategic advantage for winning government business, particularly sensitive government business," he said. "When it's just a security check-in-the-box, that's not going to happen. But when instead it gives you an advantage over a competitor winning a contract ... then I think we'll see real, serious programs emerge that become the best practices."

Most defense companies don't have any kind of insider threat program, Ware said.

"Certainly when you look at... the largest defense contractors, the Lockheed Martins and such, they do have programs ... but when you look at the whole defense contracting [industry] you have lots of companies that are $100 million revenue companies that don't even have a chief security officer," he said. "Those companies are not likely to have insider threat programs, and this conforming change will probably be the first time in which they do."

Satisfying the rule can be met with minimal internal training and assigning a high-level employee within the organization the responsibility of managing an insider threat program, he said.

"Therefore, you can comply without having to do a whole lot, and because of that I think most organizations will comply. ... But is that enough? No. That's not having a real insider threat program," he said.

Even with a good system in place, many companies don't have a great handle on data classification, said Scott Montgomery, chief technical strategist at Intel Security.

"What makes insider activity so damaging is that the insider is typically using the credentials he has to do activities that are allowed by policy--what the insider is doing looks like his day job," he said in an email. "Sorting out the parts of it that are for malicious purposes is really, really, really tricky."

Companies need to think harder about which employees have access to certain pieces of data and what they are allowed to do with it, he said. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.