13 Nov 2013

Identifying “Insider” Threats in Information Security

Introduction The threat of “insiders” in positions of trust with access to critical aspects of an organization’s Information Technology (IT) infrastructure, whether government, military, or private sector, to intentionally compromise and sabotage their secrets or proprietary information has become one of the paramount threats facing national security and critical infrastructure since the rise of the internet in the mid-1980s. One reason for the increase in this threat is the massive and exponential explosion of availability of proprietary or classified information within organizations. A second key risk factor is the relative ease of access by “trusted” IT professionals who operate in these “secure” environments, ranging from data entry clerks to IT network administrators. To further exacerbate these risk factors, there is an emerging extremist ideology that all information, including an organization’s most secret and proprietary information, should be free and accessible to everyone. Julian Assange of WikiLeaks is perhaps the most prominent exponent of this ideological mantra. Like many others sharing this ideology, he is considered a genius software programmer and cryptographer.(1) This mantra of complete openness insists that government authority should be questioned and transparency maintained even during periods of national emergency when states are threatened by terrorist groups that are intent on launching catastrophic attacks against their infrastructure and populations. “Secrets sustain corruption,” they argue.(2) This was his motivation for creating WikiLeaks in 2006 as the byproduct of “insiders” downloading secret and proprietary information and where the senders’ identities were encrypted to protect them from potential disclosure and prosecution. Certain governments – notably China’s offensive cyber-espionage program – have long engaged in Internet espionage against their Western adversaries in order to exploit their IT systems for secret and proprietary information. In this new development of “Insider Threat in Information Technology” (ITIT), what are often self-radicalized individuals within Western countries are now contributing to the illegal activities of militant websites such as Wikileaks, which intentionally expose Western governments’ secret documents (while not exposing any potentially damaging Chinese or Russian government official documents, even though these are highly authoritarian and surveillance-intensive regimes), and hacktivist groups such as “Anonymous” that engage in cyber-warfare operations against Western targets (although they attack foreign targets, as well, including North Korea and Mexican drug cartels).(3) Defining the “Insider Threat” An “insider threat” is a betrayal of trust by individuals who are employed within organizations who are granted access to their critical IT components and intentionally compromise them in order to sabotage their ability to accomplish their mission. Such acts of betrayal include, but are not limited to, espionage on behalf of a foreign government or business competitor, unauthorized disclosure of secret or proprietary information to a media organization, and any other activity that would degrade an organization’s resources or capabilities. An “insider” might be an individual acting alone or in collusion with others either inside or outside the organization. In this framework, the “insider” threat is categorized as distinct from a whistleblower threat. Within a government organization, for example, a whistleblower may complain about some of its activities that he or she considers as unjust or inefficient, but the complaint would be transmitted to “proper” bureaucratic channels, with the overall intent to reform, but not destroy the organization, and any secret information at one’s disposal would not be released that might endanger an intelligence agency’s covert agents, or reveal national security-type sensitive information about its covert programs or the location of its covert facilities. Types of “Insider Threats” In the realm of information technology, there are three general types of possible insider threats. The first threat involves the theft of secrets or intellectual property, thefts that

Read More