Various motives, such as greed, blackmail and revenge, have influenced federal employees and federal contractors to commit some of the most serious security breaches in the history of the United States.
While many thousands of them are dedicated to their jobs and are loyal to their country, a select few federal employees have revealed top secrets to other countries, organizations, and to the public. (Think Edward Snowden and Bradley Manning.)
Other insiders continue to pose a major threat to national security today.
Current National Security Directives
In November 2012, the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs required that federal agencies, departments and divisions:
- Monitor employee use of classified networks
- Protect the civil liberties and privacy of all personnel
- Have their own insider threat programs in place
- Appoint a program leader (U.S. citizen with appropriate clearance)
- Maintain quality HR records (i.e. personnel, polygraph tests, security)
- Provide insider threat awareness training within 30 days of hiring
The 2012 regulations not only cover what security measures must be taken, they also address how they must be implemented.
In early 2015, an updated policy is expected to result in additional regulations, causing concern for some federal organizations in the race to maintain national security compliance.
Advanced Technology for Greater National Security
Fortunately for federal organizations and businesses that employ federal contractors, today’s innovative technology solutions make it possible to achieve the country’s security objectives.
In order to identify threatening activity throughout networks and systems, federal agencies must develop and implement the appropriate security strategies.
For example, statistically analyzing network flows (NetFlow), utilizing network-based security tools, and implementing next generation firewalls can help the security operation centers (SOCs) determine and counter security issues.
These methods can tell an agency what type of data is being extracted, when irregular data usage is occurring, and what typical data trends and activities are used for regular operations.
To satisfy national rules and regulations, as well as to create an internal network security alarm system, federal organizations can use the following technologies, services, and tools:
SPAN/TAP Port Aggregation
Switch aggregators allow devices from several networks to be connected to the switch aggregator, thereby sending SPAN/TAP to a number of devices. This will assist in the management and distribution of uninterrupted data flow to a centralized switch aggregator.
SPAN/TAP Data Enrichment
The spanning or tapping of network data allows for the placement of NetFlow sensors and can assist with the NetFlow data as well as application and user identification.
With full packet capture, the capabilities of an agency or business to detect and respond to potential breaches can drastically increase. Being able to identify the compromised data and the person infiltrating greatly assists cyber security and forensic officials in their investigations.
Next Generation Firewalls
Next generation firewalls provide additional information and extra layers of protection to federal organizations. They can identify IP addresses, service ports and users, as well as determine when the user is logged in to the domain.
Among the many ways next generation firewalls can be used to combat insider threats are application identification and control, file blocking and botnet detection.
Most importantly, next generation firewalls help administrators quickly access captured data logs and generate meaningful, correlated reports.
These tools are only a small sample of the technologies that can help prevent and/or minimize insider threats and satisfy the new national security mandates.
For more information about insider threats, how to mitigate them download our new, Finding the Insider Threat, white paper here: www.guidepointsecurity.com/white-papers/.
About GuidePoint Security
GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Reston, Va., and with offices in Michigan, New Hampshire, Florida and North Carolina. GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM).