CENTRA T ECHNOLOGY, I NC. 1 5 Steps To Protect Your Company Katherine D. Mills CENTRA Technology, Inc. Insider Threat:
CENTRA T ECHNOLOGY, I NC. 2 Introduction 5 Step Process –Creating a plan for your company Best Practices –Transforming your company –CI Indicators
CENTRA T ECHNOLOGY, I NC. 3 Threat is Now: Recent Malicious Insiders Major Nidal Hassan – Responsible for shooting at Fort Hood Texas Aaron Alexis – Responsible for shooting at the Washington Navy Yard Bradley “Chelsea” Manning – Unauthorized disclosure to WikiLeaks Edward Snowden – Unauthorized disclosure of NSA surveillance programs
CENTRA T ECHNOLOGY, I NC. 4 Other Malicious Insiders Telecommunications employee Aerospace engineer Software engineer Chemical contractor Search insider threat –Hundreds of examples, costing the Government and companies millions
CENTRA T ECHNOLOGY, I NC. 5 Why Consider Insider Threat? Protect national security and corporate assets –We don’t want to be in the news Will be required by Government –Changes to NISPOM –Required by Sponsors Want to ensure we are taking positive steps to protect our company and assets
CENTRA T ECHNOLOGY, I NC. 6 How to Begin… Do your research: Tons of free resources available –CERT Common Sense Guide to Mitigating Insider Threats –DSS Insider threat video and brochures –FBI website and movie “Betrayed” –ONCIX website –ASIS “Confronting the Insider Threat,” October 2013
CENTRA T ECHNOLOGY, I NC. 7 CERT Common Sense Guide to Mitigating Insider Threats
CENTRA T ECHNOLOGY, I NC. 8 Defense Security Service Insider Threat videos and Brochures
CENTRA T ECHNOLOGY, I NC. 9 Federal Bureau of Investigation The Insider Threat Page –An Introduction to Detecting and Deterring an Insider Spy Betrayed: The Trusted Insider
CENTRA T ECHNOLOGY, I NC. 10 ONCIX National Insider Threat Task Force (NITTF) National Insider Threat Policy and the Minimal Standards
CENTRA T ECHNOLOGY, I NC. 11 ASIS International: Security Management Confronting the Insider Threat –By Laura Spadanuta, October 2013 of Security Management
CENTRA T ECHNOLOGY, I NC. 12 Steps to Building a Plan Team Assets Procedures Awareness Document plan
CENTRA T ECHNOLOGY, I NC. 13 Step 1: Identify the Team Identify team members who understand and can contribute to the mission: –COO –HR –Security –IT Who will be responsible for: –Drafting the plan –Regular meetings –Budget approval –Reporting to sponsors and Government –Conducting an Investigation
CENTRA T ECHNOLOGY, I NC. 14 Step 2: Understand Your Assets Conduct a risk assessment Talk to management about assets: –What are the corporate jewels? –How well are they currently protected? –How sensitive are they? What is the risk if they are leaked? –Who has access to the information?
CENTRA T ECHNOLOGY, I NC. 15 Step 3: Tighten Up Procedures Tighten procedures –Termination procedures –Unclassified data handling and access –IT system access Document expectations to staff Violation policy
CENTRA T ECHNOLOGY, I NC. 16 Step 4: Security Education Free cartoons, brochures, articles available –No need to reinvent the wheel! Incorporate insider threat into annual refresher training Monthly security news item on reporting Update current policies and publicize Ensure staff understand reporting; make it easy for staff to report confidentially
CENTRA T ECHNOLOGY, I NC. 17 Step 5: Draft a Plan Document what you have learned Steps 1-4: –Team –What are assets and overall risk –What procedures have been impacted –Security education program Work-in-progress
CENTRA T ECHNOLOGY, I NC. 18 Confronting the Insider Threat “It is important for each company to identify what an insider threat is and to set a policy in place on how to deal with insider threats. The policies must outline certain types of behavior that warrant scrutiny, disciplinary action, or even termination so that companies have a basis from which to work when they do identify potential threats.” ASIS: Confronting the Insider Threat by Laura Spadanuta, October 2013
CENTRA T ECHNOLOGY, I NC. 19 Encourage Reporting Encourage employees to report Provide confidential means of reporting Staff holding security clearance are required to report adverse information, including potential threats Trust your instincts, if you see something, say something! It is better to report something that turns out to be nothing than to not report a serious security issue
CENTRA T ECHNOLOGY, I NC. 20 Detecting the Insider Post incident investigations reveal family, friends, or coworkers notice a suspect’s indicators, but they fail to report concerns “ Subjects often tell people close to them what they are doing, and sometimes even engage associates in the process. Former intimates (spouses, lovers, close friends – people with whom they spent a good deal of time) are a potentially important source of information in all investigations.”* * Source: Declassified Director of Central Intelligence Memorandum of 12 April 1990; Subject: Project Slammer Interim Report
CENTRA T ECHNOLOGY, I NC. 21 Threat Indicators Apparent unexplained affluence or excessive indebtedness Efforts to conceal foreign contacts, travel, or foreign interests Access to information or IT systems without need-to-know Exploitable behavior –criminal activity –excessive gambling –drug or alcohol abuse –problems at work Questionable judgment or untrustworthiness
CENTRA T ECHNOLOGY, I NC. 22 Threat Indicators, cont. Apparent mental, emotional or personality disorders(s) Disgruntled Working odd or late hours Unreported foreign travel Suspicious foreign contacts Requesting access to information outside of official job duties including sensitive or classified information
CENTRA T ECHNOLOGY, I NC. 23 Summary of Best Practices Know your people; recognize concerning behaviors as potential indicators Protect your “crown jewels” Pay close attention at termination Monitor ingress and egress points (IT systems and physical security) Baseline normal activity and look for anomalies Work together across organization Educate employees regarding potential recruitment
CENTRA T ECHNOLOGY, I NC. 24 Sources