Director of National Intelligence Director, James Clapper, has a proposal to prevent malevolent insiders with access to top secret material and threaten our national security. Appearing before the Senate Armed Services Committee hearing on Tuesday, he explained how he was changing practices within his office and across the intelligence community to prevent another Snowden-scale data breach.
One key step that Clapper outlined: our nation’s top intelligence folks will become subject to much more surveillance in the future.
Clapper said he wanted to put more intelligence community communication into a single, massive (enterprise-sized) cloud environment in order to, as he described it, ‘take advantage of cloud computing and the necessary security enhancements’ therein. There are plenty of good reasons for any department head to want that, but chief among them for Clapper is that moving to the cloud will allow monitors to better ‘tag the data, [and] tag the people, so that you can monitor where the data is and who has access to it on a real-time basis.’
Mark Nehmer, associate deputy director of cybersecurity and counterintelligence for the Defense Department, described some types of incidents that could trigger a signal such as change in marital status, travel abroad, unusual online activity and other changes in pattern of activity. One change will not put up a red flag but statistics of human behavior past and future determine the future of insider threat.
Recommendations have already been made at the Department of Defense. These include ensuring that more people with top secret clearance have at least one person sign off on work assignments involving sensitive information; stricter punishments for minor infractions involving data loss, glitches and ‘spillage;’ mandating that all software fixes comply with a single new standard; and the creation of a joint information environment (JIE) allowing all of the services to share information in one secure cloud setting and far more effective monitoring of employee communication and activity.
We have all these titanium silos of excellence and we replicate all these services and people. That’s not getting us very far,’ Nehmer said, regarding the importance of the JIE. ‘We need to build architecture so that a whole department can use enterprise services.’ The Pentagon already has a JIE in place for email, said Nehmer. This will be extended across other military branches soon.
Oliver Brdiczka, a researcher at PARC, Palo Alta Research Center, and several of his colleagues have set up a number of experiments to observe potential insider threat behavior in closed online environments.
Snowden leaks revealed that the NSA had been listening in on chat room conversations between World of Warcraft players in the hopes of catching potential terrorists.
Brdiczka and his colleagues were after a more ambitious prize that of a scientific understanding of how insider threats actually develop in real time. Players hunting dragons and orcs wind up collaborating with team mates, applying for positions and earning rewards in somewhat the same way that work teams go about attacking big projects. The game thus served as a suitable proxy for a real world work environment.
A player who quits her guild has the potential to damage it, perhaps even absconding with goods in much the same way that Edward Snowden defected with flash drives of classified information. In Brdiczka’s experiment, quitting served as a useful stand in for insider-threat behavior.
Brdiczka’s work is currently being funded by a grant from the Defense Advanced Research Projects Agency, or DARPA.
The US Cyber Command, which manages military cyberspace operations and ensures the security of Department Of Defense (DOD) information networks, will receive $447 million, more than double its 2013 funding of $191 million.
Director Clapper is moving toward the most sophisticated technology available which poses the interesting question: How much more privacy will Americans lose due to the Snowden incident? Did not Snowden take action because of his concern for a loss of privacy? He may have turned the tide in the opposite direction.
To view other related articles see the list below in Author’s suggestions and view the video atop this article on Microsoft CEO Nadella's vision for the Cloud technology.