The federal government is implementing comprehensive and far-reaching internal threat security policies aimed at monitoring computer networks, as well as their employee’s behavior on them, with an unprecedented focus on preventing additional leaks.
While the Obama administration has been conducting a crackdown of security vulnerabilities in the federal government since 2011 with its “Insider Threat Task Force”, the Edward Snowden leaks have helped push federal agencies to create a higher level of security to prevent insider leaks. For instance, the Pentagon is writing new rules that require contractors to institute programs against insider threats, which will attempt to prevent workers of even the highest security clearance to undergo severe surveillance.
The Marines officials are looking to beef-up their Insider Threat Program, launched last year after President Obama ordered increased focus on preventing insider leaks of classified military information. Plus, Navy Secretary Ray Mabus released SECNAV Instruction 5510.37 last August, which seeks to create an “integrated set of policies and procedures to deter, detect, and mitigate insider threats.”
Defense contractors are scrambling to address this cultural change with new products designed to monitor and prevent insider threats. Raytheon, Lockheed Martin and numerous start-ups have developed insider-threat detection products.
One is SureView from Raytheon, which “captures human behaviors such as policy violations, compliance incidents and malicious acts at the endpoint that serve as warning signs leading up to a breach,” a product brochure says.
“People’s sensitivity to this has changed substantially,” said Lynn Dugle, president of Raytheon’s SureView business unit, in the Washington Post. “I can tell you five years ago, when we were talking to agencies or companies about insider threat, we would normally be talking to (chief information officers) who were under budget stress. . . . And that was a very tough sell. Now we see boards of directors and CEOs really understanding what the threat can mean to them, and the risk it poses to them.”
SureView allows agencies to create internal alerts based on a variety of behaviors and keywords. For example, when files containing the words “top secret” or “proprietary” are downloaded, e-mailed or moved from one location to another, an elaborate surveillance system is activated. An alert is displayed on a security analyst’s monitor and a digital recording of the employee’s screen is implemented that records every mouse movement and keystroke.
New security protocols might get in the way of new information sharing initiatives between federal agencies, such as the Intelligence Community IT Enterprise (ICITE) initiative, which is attempting to create a common enterprise IT environment among U.S. intelligence agencies. Loren Thompson, a defense industry consultant said there is “clearly is a trade-off in which values like efficiency and collaboration will be sacrificed in order to reduce the likelihood of internal wrongdoers from succeeding,” in the Post.