Countering insider threats: Part One of a series
Christopher Williams, former Department of Defense
Since July 2010, the WikiLeaks website has disclosed hundreds of thousands of secret U.S. government documents and files on the wars in Iraq and Afghanistan, as well as classified State Department cables and reports. Most of these secrets were disclosed, they say, by U.S. Army PFC Bradley Manning, a low-level intelligence analyst deployed to Iraq.
Manning has now been charged with 22 criminal counts, including “aiding the enemy,” and his court-martial trial is now underway. Manning's alleged actions put his case in the same company as other notorious espionage cases involving U.S. government employees, including Ronald Pelton, Aldrich Ames, Robert Hanssen, Ana Montes and, unfortunately, many others. His alleged disclosures are said to have caused significant harm to national security and diplomatic relations.
Meanwhile, the U.S. National Counterintelligence Executive, in a report released in February, cites examples of billions of dollars worth of losses as part of a widespread and sophisticated economic and industrial espionage campaign being carried out by the People's Republic of China and other countries and actors against the U.S. government and American private sector companies.
While not all of these losses involve classified information or traditional espionage, they are no less damaging to national security. “It's the greatest transfer of wealth in history,” General Keith Alexander, director of the National Security Agency, said in January at a security conference.
Many of these illicit transfers of information – whether of sensitive diplomatic cables, classified military secrets or invaluable corporate intellectual property – have been carried out by trusted insiders willing to betray their nation and/or their company for greed, ideology or other reasons. They used their access to computer networks to exploit weak or non-existent security features to read, copy, transfer and remove massive amounts of data.
The WikiLeaks disclosures clearly served as a wake-up call for some in government and as a catalyst for new policies and direction to federal departments and agencies to implement effective insider threat detection and mitigation solutions. For example:
- In October 2011, President Barack Obama issued Executive Order 13587 that created two new interagency oversight bodies, and called for a series of measures to strengthen U.S. government and defense industry capabilities to protect classified information on computer networks.
- Senior Department of Defense (DoD) and intelligence community officials have issued numerous technical and programmatic directives and instructions aimed at ensuring that federal departments and agencies, as well as U.S. defense industrial base companies, adopt appropriate standards and capabilities for monitoring government and private sector computer networks and reporting on suspicious and anomalous behavior.
- Congress passed legislation requiring the Secretary of Defense and the Director of National Intelligence to establish counter-insider threat programs across their respective organizations, and to achieve initial operating capability no later than Oct. 1, 2012, and full operating capability no later than Oct. 1, 2013.