Russian hackers might get all the attention these days, but the Department of Defense (DoD) hasn’t forgotten about WikiLeaks and Edward Snowden.
The DoD Inspector General’s (IG) list of the department’s top 10 challenges for 2018 has cybersecurity fourth on its list, and it devotes a lot of attention to insider threats. Regardless of what anyone thinks of the outcomes, the WikiLeaks and Snowden disclosures were classic examples of what organizations mean by insider threats.
The report takes note of steps DoD has taken including the insider threat detection and prevention program instituted in 2011 and the creation of the DoD Insider Threat Management and Analysis Center and the Component Insider Threat Records System, but points out recent insider breaches at the National Security Agency and other weaknesses found in DoD systems. The IG recommends that DoD take stock of its networks, prioritize the systems and data it most needs to protect, continually asses and fixes vulnerabilities, and improves its cyber hygiene programs. The IG has made other recommendations too, including more than 100 included in a Compendium of Open Recommendations published last summer. “These are not easy or short-term tasks, but they are critical to many aspects of the DoD’s mission,” the report says.
The inside nature of the threats makes them a difficult problem to solve, because “whether the threat originates from an unwitting insider or a bad actor with malicious intent, these threats originate from a trusted environment and therefore are more difficult to identify and prevent,” Chris Townsend, a vice president of Federal for Symantec, said via email.
The size and scope of the information involved also makes securing it difficult, but the information where protections against insider threats start, Townsend said. “The first step to securing insider threats is the same as securing outside threats–identify high value assets and data–and lock them down using sound policy and tools,” he said. That applies whether it’s source code, health records, weapons design, or other intellectual property. “I know this seems obvious, but this isn’t so easy, as data is increasingly deployed in the cloud and accessed using mobile devices, making it difficult to pin down.”
Machine learning and artificial intelligence (AI) systems can help, by automating the analysis of massive volumes of data collected by threat detection systems, employing pattern recognition, visualization, and other techniques to identify red flags. The Pacific Northwest National Laboratory, the National Institutes of Health, and Defense Technical Information Center have all researched applying machine learning and AI to the problem.
Advanced analytical algorithms can support cybersecurity best practices such as data loss prevention (DLP) and cloud access security brokers (CASB), which keep track of data, and encryption and multi-factor authentication (MFA), according to Townsend. “Going forward, we will see AI and machine learning augment the use of DLP, encryption, and MFA, to dynamically respond to bad actors trying to subvert these systems,” he said.
As with any element of cybersecurity, it still comes down to diligence with keeping security as a top priority while making use of the tools at hand.
“AI and machine learning will help, but there are no silver bullets,” Townsend said. “There are many agencies not using technologies available today that would considerably help reduce insider threat risk.”