How New Technology Can Help Federal Agencies Comply With National Insider Threat Policies

Various motives, such as greed, blackmail and revenge, have influenced federal employees and federal contractors to commit some of the most serious security breaches in the history of the United States.

While many thousands of them are dedicated to their jobs and are loyal to their country, a select few federal employees have revealed top secrets to other countries, organizations, and to the public. (Think Edward Snowden and Bradley Manning.)

Other insiders continue to pose a major threat to national security today.

Current National Security Directives

In November 2012, the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs required that federal agencies, departments and divisions:

  • Monitor employee use of classified networks
  • Protect the civil liberties and privacy of all personnel
  • Have their own insider threat programs in place
  • Appoint a program leader (U.S. citizen with appropriate clearance)
  • Maintain quality HR records (i.e. personnel, polygraph tests, security)
  • Provide insider threat awareness training within 30 days of hiring

The 2012 regulations not only cover what security measures must be taken, they also address how they must be implemented.

In early 2015, an updated policy is expected to result in additional regulations, causing concern for some federal organizations in the race to maintain national security compliance.

Advanced Technology for Greater National Security

Fortunately for federal organizations and businesses that employ federal contractors, today’s innovative technology solutions make it possible to achieve the country’s security objectives.

Identification

In order to identify threatening activity throughout networks and systems, federal agencies must develop and implement the appropriate security strategies.

For example, statistically analyzing network flows (NetFlow), utilizing network-based security tools, and implementing next generation firewalls can help the security operation centers (SOCs) determine and counter security issues.

These methods can tell an agency what type of data is being extracted, when irregular data usage is occurring, and what typical data trends and activities are used for regular operations.

Remediation

To satisfy national rules and regulations, as well as to create an internal network security alarm system, federal organizations can use the following technologies, services, and tools:

SPAN/TAP Port Aggregation

Switch aggregators allow devices from several networks to be connected to the switch aggregator, thereby sending SPAN/TAP to a number of devices. This will assist in the management and distribution of uninterrupted data flow to a centralized switch aggregator.

SPAN/TAP Data Enrichment

The spanning or tapping of network data allows for the placement of NetFlow sensors and can assist with the NetFlow data as well as application and user identification.

Packet Capture

With full packet capture, the capabilities of an agency or business to detect and respond to potential breaches can drastically increase. Being able to identify the compromised data and the person infiltrating greatly assists cyber security and forensic officials in their investigations.

Next Generation Firewalls

Next generation firewalls provide additional information and extra layers of protection to federal organizations. They can identify IP addresses, service ports and users, as well as determine when the user is logged in to the domain.

Among the many ways next generation firewalls can be used to combat insider threats are application identification and control, file blocking and botnet detection.

Most importantly, next generation firewalls help administrators quickly access captured data logs and generate meaningful, correlated reports.

These tools are only a small sample of the technologies that can help prevent and/or minimize insider threats and satisfy the new national security mandates.

For more information about insider threats, how to mitigate them download our new, Finding the Insider Threat, white paper here: www.guidepointsecurity.com/white-papers/.

About GuidePoint Security

GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Reston, Va., and with offices in Michigan, New Hampshire, Florida and North Carolina. GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM).

GuidePoint Founder & Principal Contributes to Consumers Council of Canada’s Report on Cyber Threats on Mobile Devices

Justin Morehouse, GuidePoint’s Founder & Principal served as a key resource for the development of the newly released report on Cyber Threats on Mobile Devices by the Consumers Council of Canada. Their press release is below.

Consumers can do more to reduce threats posed by mobile devices

Toronto – Manufacturers and retailers of smartphones and mobile Internet devices can and should do more to keep their customers safe, research by the Consumers Council of Canada has found.

“Most consumers don’t understand the risks they take and often fail to take simple, inexpensive actions to prevent the loss and exposure of their private information,” Council President Aubrey LeBlanc said. “Retailers, in particular, can help consumers protect themselves better.”
The Council advises consumers to do the following:

  • Lock the smartphone (or other mobile device) with a password.
  • Buy a sturdy case.
  • Backup regularly.
  • Don’t connect to unfamiliar public Wi-Fi sites.
  • “Think before you click” on a link or an e-mail that “doesn’t smell right.”
  • Scare yourself.  Pretend you’ve lost your smartphone. What will nosy people find? What would your parents or your kids say if they found it?
  • Check carefully that the device you buy will let you avoid risks you cannot accept. (e.g., How sturdy does the device need to be? Can you afford all the costs if the device is lost, stolen or broken? Are the security features easily understood?)

Focus groups of consumers who participated in the research said wireless carriers and device retailers are in a key position to help them avoid the risks of using smartphones.
The report advises that device manufacturers need to make “on” and not “off” the default setup for security features. Also, wireless carriers, manufacturers and software platform providers should distribute software updates faster and for more years of device ownership to protect against new, malicious activity.
Regulators should ensure systems get put in place that make it easy to secure and disable stolen and lost devices, so they are less attractive to thieves.
Dennis Hogarth and Howard Deane, who specialize in data governance, knowledge management, information risk management and personal data privacy, authored the report for the Council. Research House, a division of Environics, conducted focus groups for the research.

The Council received funding from Industry Canada’s Contributions Program for Non-profit Consumer and Voluntary Organizations to conduct the research. The views expressed in the report are not necessarily those of Industry Canada or the Government of Canada.

The research report can be downloaded at:
http://www.consumerscouncil.com/cyberthreats