Posted on Dec 23, 2014
Obama Administration Aims to Create ‘Insider Threat’ Job Specialty to Plug Leaks
5.71K
23
20
3
3
0
Insider Threat. Your next job?
Certainly seems like a necessary job...
Certainly seems like a necessary job...
Obama Administration Aims to Create ‘Insider Threat’ Job Specialty to Plug Leaks
Posted from nextgov.com
Security
Cyber Security Analyst
Cybersecurity
Posted >1 y ago
Responses: 7
3
3
0
The Army had this capability for a number of years, but was never willing to actually use it. It was called Multidiscipline Counterintelligence (MDCI). The MOS was 97G. This MOS had experience as Information Security specialists, monitoring friendly radiotelephone, conventional telephone, and computer networks to determine the level of security being provided to classified or sensitive information. They were able to report disclosures of classified or sensitive information, based on the Essential Elements of Friendly Information (EEFI) to the supported Commander, for corrective action.
The 97Gs were supposed to work closely with 97Bs and others to develop pictures of the insider threats in an organization, but that seldom worked very well. The other MOSs, especially 97Bs already had a fairly well-defined mission and operational pattern developed, and the 97G MDCI mission had been something developed in a hurry to save an MOS whose mission had been cut out from under it in a hasty move by a two-star at Ft. Huachuca who had refused to listen to a host of experts. They were just never able to make this new mission work its way into the extant structure of existing operations.
Of course now they're trying it again. Somebody will think it's their brand new idea that's never been tried before. The bad part is it will focus almost exclusively on computer network use and not on the broader CI picture, because that's where all the focus (and money) is today. So it will only be a partial (half-fast) piece of the mission it ought to be. We never really learn.
The 97Gs were supposed to work closely with 97Bs and others to develop pictures of the insider threats in an organization, but that seldom worked very well. The other MOSs, especially 97Bs already had a fairly well-defined mission and operational pattern developed, and the 97G MDCI mission had been something developed in a hurry to save an MOS whose mission had been cut out from under it in a hasty move by a two-star at Ft. Huachuca who had refused to listen to a host of experts. They were just never able to make this new mission work its way into the extant structure of existing operations.
Of course now they're trying it again. Somebody will think it's their brand new idea that's never been tried before. The bad part is it will focus almost exclusively on computer network use and not on the broader CI picture, because that's where all the focus (and money) is today. So it will only be a partial (half-fast) piece of the mission it ought to be. We never really learn.
(3)
(0)
SGM (Join to see)
Having worked in this area for almost 17 years at NSA, we do know there is a weak link, we just don't always know exactly where it is. The lower in the chain you go, the less likely users or system admins are to know about the specific vulnerabilities or threats - mostly because of classification. I always suggest that any users or system admins always assume there is both a vulnerability and a threat that together create a risk with every system they use, and to take precautions accordingly. It may make things a little more challenging, but it will help you keep things more secure. Especially proper use of your encryption equipment.
(0)
(0)
CPT Jack Durish
Weak links. Now there's an interesting topic. While we focus on the technology, will we ever truly rid ourselves of the really weak links? Let me tell you a story, a true story...
We had the Navy on our necks in Vietnam one day after one of our mail trucks arrived in Dong Tam where the Mobile Riverine Force was based, and discovered that the sack of registered mail was missing. "Someone" had failed to properly secure the cargo door and the last thing loaded, the registered mail sack, was the first thing to fall out somewhere along the road. It was bad, but we didn't know how bad until a Navy communications officer informed us that they made it a habit of sending crypto materials by registered mail. Imagine that. I'm not going to describe what "crypto materials" are (I don't know how much trouble I might get into despite the fact that I'm talking about 50-year old technology), but it sounds bad, doesn't it? It is.
So which is weaker? The fool who failed to secure the door or the Navy bureaucrat who thought that shipping crypto materials in that manner was okay.
We had the Navy on our necks in Vietnam one day after one of our mail trucks arrived in Dong Tam where the Mobile Riverine Force was based, and discovered that the sack of registered mail was missing. "Someone" had failed to properly secure the cargo door and the last thing loaded, the registered mail sack, was the first thing to fall out somewhere along the road. It was bad, but we didn't know how bad until a Navy communications officer informed us that they made it a habit of sending crypto materials by registered mail. Imagine that. I'm not going to describe what "crypto materials" are (I don't know how much trouble I might get into despite the fact that I'm talking about 50-year old technology), but it sounds bad, doesn't it? It is.
So which is weaker? The fool who failed to secure the door or the Navy bureaucrat who thought that shipping crypto materials in that manner was okay.
(2)
(0)
SGM (Join to see)
Sending COMSEC material by registered mail was the normal method for everyone, so it wasn't just a Navy issue. It was a DoD policy. In fact in my later years at NSA, I became the Chief of the organization that produced, shipped, and accounted for all that crypto material to every account all around the world. Losing some of it was bad, but as long as whatever was lost was reported in time, it was easily recovered from. Definitely a mail handler's error, though.
You are right, though, that technology can't fix all the problems. At the end of the day, it's the human operator at the end of the technology that makes it work or not. That human has to make the decision to use the crypto gear or not; to do the right thing in the right way at the right time. If he or she doesn't follow the regulations or policy, or doesn't do the right thing, that's what causes the problems we all have to recover from.
You are right, though, that technology can't fix all the problems. At the end of the day, it's the human operator at the end of the technology that makes it work or not. That human has to make the decision to use the crypto gear or not; to do the right thing in the right way at the right time. If he or she doesn't follow the regulations or policy, or doesn't do the right thing, that's what causes the problems we all have to recover from.
(1)
(0)
Kris Richey
I find in any work environment I come to investigate, often while in a 'role' as a regular employee, I am dumbfounded by what people will agree too, say yes too, and not question when someone is higher on the food chain.
(1)
(0)
2
2
0
Actually, SGM (Join to see), my current job is "working" the insider threat. As the article stated, I'm in the 0132 (counterintelligence) civilian job series. And I work for a counterintelligence unit. I work mostly on the people side of things, versus the technical side. I think stopping the insider threat is tough, but not impossible. We'll probably never stop them all, but if we can stop some, that's success.
Remember how they used to say that every Soldier is an intelligence collector? Along those lines, every Soldier, civilian, and contractor working for DoD plays a role in the insider threat business. If you notice something suspicious, say something to your local counterintelligence office or the military police. If that's too much of a hassle, contact your supervisor. Or, another equally easy option is to call the Call Spy Hotline (1-800-CALLSPY).
Remember that famous politician who said it takes a village to raise a child? Well, it takes everyone's vigilance and attention (a village, if you will) to beat the insider threat.
Remember how they used to say that every Soldier is an intelligence collector? Along those lines, every Soldier, civilian, and contractor working for DoD plays a role in the insider threat business. If you notice something suspicious, say something to your local counterintelligence office or the military police. If that's too much of a hassle, contact your supervisor. Or, another equally easy option is to call the Call Spy Hotline (1-800-CALLSPY).
Remember that famous politician who said it takes a village to raise a child? Well, it takes everyone's vigilance and attention (a village, if you will) to beat the insider threat.
(2)
(0)
CW3 Eddy Vleugels
Scott, I know it's becoming one of the higher priorities at the Pentagon, and I couldn't agree more with you, that everyone is a contributor, regardless of your position or status.
(1)
(0)
2
2
0
I'm confused. It seems that the referenced article is equating "leaks" and "threats". Sadly, the author seems to have missed the class about "saying what you mean and meaning what you say". Although, I'm not sure this is actually taught in journalism schools, is it?
However, as I read the article it turned to the topic of government employees leaking classified documents (at least I think it did). This reminded me of the Daniel Ellsberg case and The Pentagon Papers. I was Operations Officer in an Army strategic communications center at that time and was delighted to see the issue come to trial. Most of the highly classified documents for which my staff and I were responsible to transmit and safeguard violated the fundamental rules of classifying information. They were classified for political rather than strategic reasons.
When everything is classified, nothing is safe. If we only classified things that needed to be safeguarded, we could do a better job of it. Thus, I waited with bated breath for the outcome.
Sadly, the Presidents Administration violated the defendant's rights and the case was thrown out of court without deciding the issue. I have long believed that they didn't want the case to come to trial for that very reason.
Have I missed the boat? Does any of this relate to the referenced article? Sorry, as I said at the beginning, I'm confused. However, if the author is equating "threats" and "leaks", I think that they are even more confused...
However, as I read the article it turned to the topic of government employees leaking classified documents (at least I think it did). This reminded me of the Daniel Ellsberg case and The Pentagon Papers. I was Operations Officer in an Army strategic communications center at that time and was delighted to see the issue come to trial. Most of the highly classified documents for which my staff and I were responsible to transmit and safeguard violated the fundamental rules of classifying information. They were classified for political rather than strategic reasons.
When everything is classified, nothing is safe. If we only classified things that needed to be safeguarded, we could do a better job of it. Thus, I waited with bated breath for the outcome.
Sadly, the Presidents Administration violated the defendant's rights and the case was thrown out of court without deciding the issue. I have long believed that they didn't want the case to come to trial for that very reason.
Have I missed the boat? Does any of this relate to the referenced article? Sorry, as I said at the beginning, I'm confused. However, if the author is equating "threats" and "leaks", I think that they are even more confused...
(2)
(0)
PV2 Abbott Shaull
Sadly, many of the leaks, come from the people in the Administration itself. There was no reason why the 'World' needed to know who killed Bin Laden. Same when we capture Saddam. Everyone knew which type of units we had operating in those theaters with the capabilities, and those who watching the particular bases, knew who they were watching. So why given them free 'intel', much like that complex located on certain base in N.C. that has that certain Special Force Detachment. That on the web everywhere, but suppose to be hush hush secret. No we try to keep Opsec, and the leadership in the Civilian side can't hold up their end of it. Lead to large number of the members of the same team being killed not very long after.
Every Administration has had issues with "threats" and various "leaks", even inside Government at every level, and the Military it a fact of live. What happens when people get caught selling information to Foreign Operatives, or say WikiLeaks, is really no damn different of the nameless source giving information to Media Outlet Report. In general it is putting someone ass in danger.
Every Administration has had issues with "threats" and various "leaks", even inside Government at every level, and the Military it a fact of live. What happens when people get caught selling information to Foreign Operatives, or say WikiLeaks, is really no damn different of the nameless source giving information to Media Outlet Report. In general it is putting someone ass in danger.
(2)
(0)
SGM (Join to see)
CPT Durish, the term "leaks" does have a different meaning today in the computer and network security world. A loss of data, when it's intentional, is a leak; when it's unintentional is usually called "spillage." So someone like Snowden copying files and taking them outside the controlled environment would be a leak, for example. Someone accidentally posting a classified document on an unclassified website available to the public would be spillage. Both the person who caused the leak and the person who caused the spillage are insider threats to the network, though, because they both have authorized access to the network (although Snowden didn't really have access to all the information he obtained).
Both threats took advantage of different vulnerabilities in the systems, and both vulnerabilities could have been reduced or eliminated through combinations of different internal management and system controls. That's really the purpose of risk assessment and risk management for our network systems in the DoD.
Both threats took advantage of different vulnerabilities in the systems, and both vulnerabilities could have been reduced or eliminated through combinations of different internal management and system controls. That's really the purpose of risk assessment and risk management for our network systems in the DoD.
(1)
(0)
CPT Jack Durish
Thank you, SGM Hatfield, for the clarification. Then the Ellsberg case also would have been classified as a "leak". Indeed, I think the word "leak" was employed even in those distant times. Interesting. I wonder if the Snowden case is a repeat of the Ellsberg case thus raising the same issue. What do you think?
(1)
(0)
SGM (Join to see)
I'd say they are very similar, both in intent and in practice. Ellsberg photocopied the McNamara study (the Pentagon Papers) over about a 20-month period and shopped them to a number of newspapers. Snowden copied his information to disks or thumb drives and just walked out with them, and later started sharing them with Greenwald at The Guardian. So they are pretty similar, just different technologies. Both intentional, both by insiders. Ellsberg knew what he was releasing because he helped do the study and write the report. Snowden didn't know the background of any of the material he copied, just that it was highly classified and controlled. He's been guessing at the meaning of it ever since.
(1)
(0)
Read This Next
Continue with Facebook 
Continue with Google