Last year, Bradly Manning allegedly downloaded over two hundred thousand Department of State diplomatic cables and other material from the Secret Internet Protocol Router Network (SIPRNet), the network used by agencies to transmit classified material. He is accused to passing the classified material to Wikileaks, an international group dedicated to the public release of secret information. “Cablegate” as the event has been called, was by far the largest reported leak of secret material in the history of the United States and launched an international uproar as the world read American diplomats’ private thoughts about many world events and leaders.
Now the intelligence community is deploying new software to catch and prevent future leaks. In the Daily Beast, national security journalist Eli Lake reports on the intelligence community’s efforts to install new software on its computer networks designed detect trusted users attempting to access or steal restricted materials.
According to Raytheon, the software is designed to focus “not only on the behaviors of malicious code inside the network”, something already done by traditional security software, “but also capturing human behavior such as policy violations, compliance incidents or malicious acts.” To do this, the software monitors web browsing, instant messages, email, files, portable hard drives, prints, typing and host of other user activities in order to detect users that are using their access in suspicious ways. Examples could include downloading, transferring, or printing large numbers of classified documents that have little relationship to a user’s assignment.
When the software detects suspicious activity, a human auditor can remotely watch that user’s activity like a video in near real-time by monitoring their “including keys typed, mouse movements, documents opened or websites visited.” Raytheon claims the software is “capable of capturing intentional and unintentional insider threats,” thereby making it possible for the intelligence community officials to “capture of sensitive documents before encryption or deletion.” In other words, it is designed to catch the next leaker.
Federal investments in software like that made by Raytheon is part of a boom in cybersecurity spending that is expected to continue for the next few years as governments invest in upgrading their IT infrastructure and defending it from external, and in this case internal, threats.
Mike Jones is a researcher, writer, and analyst on national and international security. He lives in the DC area.