GCN Reports Insider Threats Rank Among the Most Challenging Risks Governments Face

Insider Threat Intelligence

GCN is a government technology news website that delivers technology assessments to support Public Sector IT managers. According to a new GCN report, insider threats rank among the most challenging risks governments face. Trusted insiders under financial pressure, holding a grievance, or motivated by other factors, can intentionally damage an agency. The results range from information leakage and national security breaches to workplace violence and even reputational damage. Insiders' unintentional actions can be equally damaging. Clearly, a robust insider threat program that protects government resources, employees, and contractors can deliver significant value and reduce associated risks.

Because a complete picture may not always be available, organizations are increasingly turning to publicly available information -- one of the most complex and information-rich sources of data. While PAI represents a significant opportunity to deliver the exact information that investigators may need, the challenge they face is that the depth and breadth of PAI are exploding exponentially.

The massive amounts of data that must be analyzed with a zero margin of error can potentially overwhelm officials and subject employees under consideration to unwarranted scrutiny. In addition, organizations implementing a solution at scale to analyze PAI face other challenges such as false positives, errant signals, and the time and expense of corroborating information.

Sluggish adoption

Adoption of open-source information at scale to address insider threat risks has been slow for a variety of reasons.

Firstly, attribution or accuracy of information presented on social channels, as well as the deep and dark web, is a key concern. Fraudsters or nation-state and non-nation-state actors with ulterior objectives could take over legitimate social assets. For example, foreign intelligence organizations may potentially take control of government or contractor employee social media accounts and post potentially damaging information that includes both disinformation and misinformation.

Secondly, employees' privacy and freedom of speech are critical issues for agencies considering the systematic usage of open-source information.

With attribution a concern, the use of social channels' information must be consistent with privacy guidelines and include opportunities for candidates to address any concerns.

Finally, agencies must consider the effort and risk of scaling the use of PAI from the social channels of a single person to potentially millions of government and contractor personnel.

Technical assistance

Technological advancements, such as artificial intelligence and identity resolution, combined with operational best practices and training, have also made it easier to use publicly available data to better understand the authenticity and risk of a post.

AI can combine information from a variety of different sources to instantly analyze data at a volume and generate intelligent insights derived from those sources.  Identity resolution is the process of attributing a person's behavior and interactions - across multiple platforms or channels -- to a single unified profile.

Combined, AI and identity resolution can derive more accurate and meaningful insights from PAI. Potential benefits to agencies include fewer false positives and the ability to identify undisclosed information that could pose a risk to government personnel, facilities, or networks.

In addition, subject matter and operational expertise for using the deep and dark web is an integral component of any potential application dealing with open-source information. For example, any signals generated from a deep or dark web inquiry will require manual reviews and an understanding of how information is posted in these locations before it can be accurately attributed to a person. 

Making open-source work

Using open-source information at scale can be a game-changer. Success, however, will require government and industry working together strategically to update policies for collecting and using open-source data. It is also incumbent upon the industry to engage government officials and provide updates about the latest technologies and best practices. At the tactical level, government and the vendor community can work together to identify and adopt the tools and processes for including PAI into a systematic insider threat risk management program.

To do this, government agencies need an approach, ideally fortified via AI and identity resolution, for gathering large data pools and specific insights. A set of thoughtfully constructed review guidelines, supported by human oversight, will help agencies rapidly verify the data. They also need the ability to swiftly identify attribution and create intelligence-rich reports for use in cases requiring prosecution or disciplinary action.

Ultimately, the goal is to confidently match a digital communication to its owner and assess the risk represented. Success will enrich the vetting process, reduce risk -- whether intentional or from poor cyber hygiene -- deter the insider threat and reduce the overall risk to the government.

About the Author

Paul Norton is the federal sales manager at Cobwebs Technologies.
Paul.Norton@cobwebs.com

Source: GCN