By Val LeTellier
Despite having taken place years ago, data breaches affecting the Office of Personnel Management (OPM), Anthem Health, Equifax, Yahoo, Marriott, and United Airlines continue to help foreign adversaries recruit insider sources from government agencies, businesses, and universities. Government and industry leaders must act now to fortify their organizations.
China and other nations are working aggressively to steal U.S. technology and information in fields ranging from quantum computing to vaccination research. Advances in machine learning, artificial intelligence, and 5G networks are making data collection more ubiquitous and data aggregation and analysis more capable. By hardening themselves to advanced insider attacks, organizations can protect American intelligence and technological advancement, strengthen national security, enhance government and industry effectiveness, and minimize the negative impact of future breaches.
The Office of the Director of National Intelligence (ODNI)’s National Counterintelligence and Security Center (NCSC) recently advised that foreign adversaries’ intelligence services “have an increasingly sophisticated set of intelligence capabilities at their disposal and are employing them in new ways to target the United States.” These intelligence capabilities include increased commercial collection of personal data and advanced data analytics, which, combined, offer a gold mine of personal insights that enable them to target American citizens with access to valuable information.
With security clearance, travel, health, financial and other personal data stolen in the last five years, our adversaries have a far more comprehensive picture of those trusted by our government than ever before. Importantly, the information from these large breaches can now be aggregated and analyzed with more current personal data to quickly identify Americans with access to sensitive national security information, technology research, and valuable intellectual property (IP). Once an adversary confirms a potential target’s access, it can use stolen data revealing behavioral, financial, and medical issues to develop a comprehensive picture of an individual’s vulnerability to a clandestine approach.
Recent high-profile arrests of former U.S. intelligence officers, academics, and foreign operatives reflect the power of this type of refined targeting. These arrests should serve as a reminder to Department of Defense and Intelligence Community leaders, technology executives, research facility directors, enterprise risk managers, and insider threat program managers that their people, facilities, and IP continue to be at risk.
Regrettably, most U.S. institutions are unprepared for this threat; they lack awareness of how adversaries can use stolen information to target their employees and are ill-equipped with countermeasures to detect and mitigate attacks. That said, resiliency is attainable.
Organizations Can Resist Adversaries
Organizations can help their workforces resist adversaries’ targeting through a multi-faceted strategic approach. Three steps make it possible for employees and security officers to protect the organization. First, an organization’s leaders must establish effective governance structures – clear policies on employee behavior, reporting requirements, and training; explicit rules and expectations empower managers and employees to address insider threats proactively. Second, once employees’ responsibilities are clearly defined, security awareness training teaches employees how to execute them, teaching them to identify different forms of insider threats and how to report concerns about adversaries’ outreach or co-worker’s behavior. Third, the organization’s security staff should implement a continuous evaluation program to identify a troubling situation before it becomes critical. By compiling and analyzing publicly available data regarding potentially concerning developments like arrests, rising personal debt, and unreported foreign travel, an organization can flag indicators of potential personal risk and assess them in greater depth.
Organizations must also take steps to support their workforce. First, they must demonstrate through team-building activities and effective communications that they care for their employees. Such steps improve job satisfaction, morale, and productivity while enhancing organizational resiliency to insider attacks. These dynamics are particularly critical as more employees work remotely, which increases their isolation and undermines a sense of community among team members. Second, drawing on insights from Human Resources and co-workers, organizations must identify and assist distressed employees before adversaries can exploit deteriorating personal or professional situations; counseling and other resources offered through Employee Assistance Programs (EAPs) can keep an employee from becoming vulnerable.
As adversaries continue working to steal U.S. government and commercial secrets, both public and private sector organizations must enhance their employees’ resiliency to exploitation. A comprehensive approach that incorporates clear policies and standards, employee training, review of publicly available information, and proactive engagement of the workforce can mitigate employees’ vulnerabilities before they contribute to a loss of sensitive data or property.
Val LeTellier, MBA, MS, CISSP, CEH, ITVA, PMP, has 30 years of risk management experience in the public and private sector. He is a member of the Insider Threat Subcommittee of the Intelligence and National Security Alliance (INSA), a nonpartisan association that advocates for public-private collaboration on intelligence. Val ran security operations as a State Department Diplomatic Security Special Agent and then intelligence and counterintelligence operations as a CIA operations officer and station chief. Twenty years recruiting foreign sources and penetrating intelligence targets provided a deep understanding of how insiders are created, managed, protected and discovered. Subsequently, he co-founded a cybersecurity firm that combined CIA human source and NSA technical expertise. He continues to support the intelligence community and provides pro-bono insider risk advisement to Washington DC charities and nonprofits.