Recently, an Executive Memo was released addressing the vexing issue of insider threat within departments and agencies of the federal government. This presidential memorandum,“National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs,” was issued on Nov. 21, 2012. The text of the memo is captured below:

This Presidential Memorandum transmits the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Minimum Standards) to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the Nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems.

The Minimum Standards provide departments and agencies with the minimum elements necessary to establish effective insider threat programs. These elements include the capability to gather, integrate, and centrally analyze and respond to key threat-related information; monitor employee use of classified networks; provide the workforce with insider threat awareness training; and protect the civil liberties and privacy of all personnel.

The resulting insider threat capabilities will strengthen the protection of classified information across the executive branch and reinforce our defenses against both adversaries and insiders who misuse their access and endanger our national security.

SIGNED: BARACK OBAMA

For such a brief memo, it has not been without controversy. Some pundits have stated that it will put a chill on whistleblowers while others have argued that such a statement indicates that “Big Brother” has landed. I just don’t see it that way.

The ability to monitor employee interactions with company data has long been available in the private sector. Organizations regularly monitor access to critical or protected information–and if they aren’t, they should be. Insider threats, abuse and misuse of data, and malfeasance are common in companies all around the globe. Why should we expect the same is not true in our federal, state, and local governments. I, for one, feel safer with a “trust but verify” approach for the data we all share with federal agencies.

Government agencies around the globe are at risk from within. Just as in the private sector, more error and misuse occurs from internal employees and partners and suppliers than from anyone else. A recent study from Price Waterhouse Coopers indicates that the problem may be getting worse. According to the consultancy’s latest Global Economic Crime Survey, nearly half of organizations in the public sector have been hit by economic crime in the past 12 months. Cyber crime, employee and supplier fraud in particular are on the rise. The survey also found 46 per cent of respondents had experienced one or more incidents of such crime in the past year. That’s quite a jump from 37 percent in 2009 and considerably higher than the average of 34 per cent across all sectors.
Some of the other key findings from the survey are equally alarming:
• More than two-thirds of the crimes experienced in the past 12 months were committed by public sector employees, compared with just over half in 2009.
• Supplier fraud jumped from 13 per cent to 32 per cent over the same period.
• Over 50% of those surveyed said they had the resources to detect cyber crime, but most lack the forensic capabilities needed to investigate such incidents.
Source: 2011 Global Economic Crime Survey, PWC: http://www.pwc.com/en_GX/gx/economic-crime-survey/assets/GECS_GLOBAL_REPORT.pdf
Further, the study links this rise in activity to the cuts in public sector spending—a trend that is likely to continue and deepen if the current economic reality remains unchanged.
Government agencies are clearly struggling to address internal fraud. Their efforts are complicated by shifting compliance requirements, impaired visibility into user activity, legacy systems that house mission-critical processes, and the limited effectiveness of existing controls and traditional logging capabilities.

Technorarti Verification code: 4T9PS7PC3FNV
Recent reports of sophisticated phishing attacks against natural gas pipeline operators in the United States are highly disturbing. There are approximately 200,000 miles of interstate natural gas pipelines, which supply 25% of the nation’s energy and all of these are potentially at risk. The US Department of Homeland Security has recently disclosed that they have been helping US firms with incidents since March 2012. Commenting on the incidents DHS spokesman Peter Boogaard told CNET on Tuesday, “DHS’s Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies.”

Boogaard continued to share high-level details regarding the events stating, “The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats.” This active series of cyber intrusions targeting natural gas pipeline sector companies appears to have started in late December 2011 and remains active today.

While the origins of these attacks remain unknown and no negative consequences of the breaches have been disclosed to date, this alarming result raises the importance of continuous monitoring and alerting on changes within the enterprise environment. The specter of malicious activity is real, the potential for damage is high and the ability for an attacker or motivated insider to do damage to critical infrastructure is a risk that should be actively guarded against.

Organizations, governments, utilities and critical business sectors alike should seek out ways to monitor their vital systems from within, alert on change and move immediately to put continuous monitoring systems in place. By following strong security practices, base lining the current environment, and using predictive analytics to identify areas of vulnerability and change, we can all reduce risk across the organization.

These tools exist today. The time to deploy them is now.

The National Institute of Standards and Technology (NIST) released its update to Special Publication 800-53 Revision 4 earlier today at the 2012 RSA Conference. The update included two new sections pertaining to insider threat and privacy.

As NIST cited, it is a fundamental responsibility of federal agencies to secure information systems and safeguard against unauthorized access and use of private information. Without a solid foundation of information security, it is impossible to protect the privacy of personally identifiable information (PII).

This revision includes a number of privacy controls to provide transparency, accountability and risk management to mitigate the unauthorized access to PII by those inside and outside the organization.

There often is no way to enforce policies. However, with this update, NIST has demonstrated a maturity in thinking about the issues and provided guidance to make the protection of privacy actionable for government. The new guidance requires federal agencies to evaluate and report on the effectiveness of their information system privacy practices, and should enhance public confidence in the government’s ability to protect and ensure the integrity of PII.

To mitigate the risk of insider threat and potential privacy breaches, agencies should conduct a gap analysis to identify areas for improvement. Then, using technology – such as Attachmate Luminet – agencies should address weaknesses to ensure compliance.

Earlier this month, we noted three actions organizations can take to start securing their information systems. Attachmate makes it easy to mitigate insider threat and privacy issues while becoming compliant with information security policies. Learn more about our enterprise fraud management solution.

-Christine Meyers, senior product marketing manager, Attachmate Luminet