|
||||
|
11 May 2014 Insider Threat Warfare Prospects This traces the rise of global insider threat warfare prospects generated by unauthorized disclosures. This rise among global governments indicates that unauthorized disclosures, especially online, by insiders and their media outlets, are considered to be espionage and thereby subject to prosecution and punishment as harmful to national security. In preparation (contributions welcome -- cryptome[at]earthink.net:
Part 1: US Governmental
Part 1: US Governmental
The White House Presidential Memorandum -- National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES SUBJECT: National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs This Presidential Memorandum transmits the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Minimum Standards) to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the Nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems. The Minimum Standards provide departments and agencies with the minimum elements necessary to establish effective insider threat programs. These elements include the capability to gather, integrate, and centrally analyze and respond to key threat-related information; monitor employee use of classified networks; provide the workforce with insider threat awareness training; and protect the civil liberties and privacy of all personnel. The resulting insider threat capabilities will strengthen the protection of classified information across the executive branch and reinforce our defenses against both adversaries and insiders who misuse their access and endanger our national security. BARACK OBAMA
http://www.ncix.gov/issues/ithreat/index.php Insider Threat An insider threat arises when a person with authorized access to U.S. Government resources, to include personnel, facilities, information, equipment, networks, and systems, uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage. They enable the enemy to plant boots behind our lines and can compromise our nation's most important endeavors. Over the past century, the most damaging U.S. counterintelligence failures were perpetrated by a trusted insider with ulterior motives. In each case, the compromised individual exhibited the identifiable signs of a traitor – but the signs went unreported for years due to the unwillingness or inability of colleagues to accept the possibility of treason. Insiders convicted of espionage have, on average, been active for a number of years before being caught. Today more information can be carried out the door on removable media in a matter of minutes than the sum total of what was given to our enemies in hard copy throughout U.S. history. Consequently, the damage caused by malicious insiders will likely continue to increase unless we have effective insider threat detection programs that can proactively identify and mitigate the threats before they fully mature. Relevant Reports, Briefings & Reading Material: CERT: Common Sense Guide to the Prevention & Detection of Insider Threat 4th edition FBI:The Insider Threat: An introduction to detecting and deterring an insider spy David L. Charney, M.D.: True Psychology of the Insider Spy Insider Threat Websites www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat
http://www.ncix.gov/issues/cyber/index.php Cybersecurity The United States is increasingly the target of foreign-based cyber operations. The United States relies on its cyber infrastructure for everything from communications, to the management of critical infrastructure, to the command and control of our military. This dependence on technology, along with the rapid rate of technological innovation, creates numerous vulnerabilities that our adversaries seek to exploit. Foreign adversaries can conduct cyber operations to collect intelligence or to disrupt and degrade the effectiveness of the technologies on which we depend. Cyber operations are very attractive to foreign intelligence organizations, non-state actors, criminals, and terrorists because they can be conducted relatively cheaply and easily and offer high returns with a low degree of risk. The risk of exposure is low because cyber operations can be carried out remotely and with a high degree of anonymity. In addition, cyber operations are comparatively inexpensive, and can be conducted rapidly. For all of these reasons, state and non-state actors are increasingly turning to the cyber domain to augment and bolster their respective intelligence activities against the United States in an effort to gain advantage. Counterintelligence can play a critical role in reversing the benefits that cyber operations afford our adversaries. Insider threat detection programs can increase the likelihood of identifying insider threat activities on our networks. CI collection and analysis increases our understanding of cyber threats and how to defend against them. For these reasons, counterintelligence plays a critical role in enhancing the cybersecurity posture of the United States in an increasingly connected world. Relevant Reports, Briefings & Reading Material: Internet Social Networking Risks Common Sense Guide to the Prevention & Detection of Insider Threat Best Practices for Keeping Your Home Network Secure Provides an indispensable series of basic steps every American can take to safeguard their home networks from cyber intrusions
http://www.ncix.gov/issues/economic/index.php Economic Espionage America's adversaries throughout history have routinely taken their competitive efforts beyond the battlefield. They frequently avoid using standing armies, shirk traditional spy circles, and go after the heart of what drives American prosperity and fuels American might. Nazi spies during World War II tried to penetrate the secrets behind our aviation technology, just as Soviet spies in the Cold War targeted our nuclear and other military secrets. Today, foreign intelligence services, criminals, and private sector spies are focused on American industry and the private sector. These adversaries use traditional intelligence tradecraft against vulnerable American companies, and they increasingly view the cyber environment—where nearly all important business and technology information now resides—as a fast, efficient, and safe way to penetrate the foundations of our economy. Their efforts compromise intellectual property, trade secrets, and technological developments that are critical to national security. Espionage against the private sector increases the danger to long-term U.S. prosperity. Without corrective action that mobilizes the expertise of both the Federal Government and the private sector, the technologies cultivated by American minds and within American universities are at risk of becoming the plunder of competing nations at the expense of long-term U.S. security. The private sector alone lacks the resources and expertise to thwart foreign efforts to steal critical American know-how. This is in large part because counterintelligence is not a typical corporate function, even for well-trained and well–staffed security professionals. Counterintelligence is a challenge for corporations for two reasons. Cost is the first reason. CI measures absorb company resources that would otherwise be used for growth. The second CI challenge is tied to the nature of public corporations. American companies are driven into developing markets by shareholders, growth ambitions, and the desire to beat Wall Street's quarterly earnings expectations. The requirement to move quickly and unabashedly leaves American companies vulnerable as they flock into spy-rich developing nations. China and Russia are our most aggressive and capable adversaries using economic espionage. China and Russia are not the only perpetrators of espionage against sensitive US economic information and technology. Some US allies abuse the access they have been granted to try to clandestinely collect critical information that they can use for their own economic or political advantage. Relevant Reports, Briefings & Reading Material: Foreign Spies Stealing US Economic Secrets in Cyberspace, 2011: http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf Protecting Key Assets: A Corporate Counterintelligence Guide http://www.ncix.gov/publications/reports/fecie_all/ProtectingKeyAssets_CorporateCIGuide.pdf
http://www.ncix.gov/issues/supplychain/index.php Supply Chain Threats The globalization of the world economy has placed critical links in the manufacturing supply chain under the direct control of U.S. adversaries. Existing supply chain vulnerabilities cross both the military and commercial domains. Fittingly, just as the economies of nations become interwoven, the competition for natural resources, global influence and military superiority has escalated – leaving the probability of a serious supply chain compromise a near statistical certainty. Today, companies have less control over their supply chains. Identifying compromises when they occur is exceedingly difficult, unearthing the culprits is a long-shot, and true attribution pivots on a scale of the “rare” to the “unheard-of.” As a result, not only do U.S. adversaries use access to the supply chain to pursue technologies and gain access to sensitive systems, foreign manufacturers can also, simply and effectively, insert counterfeit parts into products destined for the United States and degrade the performance of U.S. systems. This is poised to create many challenges for the U.S. government – especially in the intelligence and defense communities. As more and more links in the supply chain globalize, the reliable suppliers and “trusted” manufacturers will become increasingly scarce.
Insider Threat and Security Clearance, US Interagencies, Goal Leader(s): James Clapper, Director of National Intelligence, Katherine Archuleta, Director of the Office of Personnel Management, Michael Daniel, Senior Advisor to the President and Coordinator for Cybersecurity, 2014: http://cryptome.org/2014/05/insider-industry/performance-insider-threat.pdf Insider Threat Industry Day, General Services Administration, May 7, 2014: http://cryptome.org/2014/05/insider-industry/insider-threat-industry-day.pdf National Insider Threat Policy, National Counterintelligence Executive, July 12, 2013: http://cryptome.org/2014/05/insider-industry/national-insider-threat-policy.pdf National Insider Threat Task Force, National Counterintelligence Executive, October, 2011: http://cryptome.org/2014/05/insider-industry/national-insider-threat-task-force.pdf The Insider Threat: An introduction to detecting and deterring an insider spy, Federal Bureau of Investigation, 2014: http://cryptome.org/2014/05/insider-industry/fbi-insider-threat.pdf Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors, US Secret Service, May 2005: http://cryptome.org/2014/05/insider-industry/usss-insider-threat.pdf Insider Threat, Department of Homeland Security, 2014: http://cryptome.org/2014/05/insider-industry/dhs-insider-threat.pdf Monitoring Database Management System (DBMS) Activity for Detecting Data Exfiltration by Insiders, Northrop Grumman Information Systems, 17 September 2013: http://cryptome.org/2014/05/insider-industry/northrup-insider-threat.pdf Insider Threat Detection Using Lightweight Media Forensics, DHS Cyber Security Division, October 10, 2012: http://cryptome.org/2014/05/insider-industry/dhs-insider-cyber-threat.pdf Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector, Software Engineering Institute, Carnegie Mellon, July 2012: http://cryptome.org/2014/05/insider-industry/sei-insider-cyber-threat.pdf Insider Threat to Homeland Security, Office of Personnel Management, November 13, 2013: http://cryptome.org/2014/05/insider-industry/opm-insider-threat.pdf Insider Threat to Homeland Security, Department of Homeland Security, November 13, 2013: http://cryptome.org/2014/05/insider-industry/dhs-insider-threat-2.pdf Insider Threat to Homeland Security, National Counterintellignece Executive, November 13, 2013: http://cryptome.org/2014/05/insider-industry/ncix-insider-threat.pdf Insider Threat to Homeland Security, Government Accountability Office, November 13, 2013: http://cryptome.org/2014/05/insider-industry/gao-insider-threat.pdf Insider Threat Program Support, US Marine Corps, February 12, 2014: http://cryptome.org/2014/05/insider-industry/usmc-insider-threat.pdf Insider Threat Software, Department of Homeland Security, June 20, 2012: http://cryptome.org/2014/05/insider-industry/dhs-insider-threat-3.pdf Treason 101, US Department of Agriculture, 2014: http://cryptome.org/2014/05/insider-industry/usda-insider-threat.pdf Combating the Insider Threat, Computer Emergency Readiness Team, May 06, 2014: http://cryptome.org/2014/05/insider-industry/cert-insider-threat.pdf Insider Threat program, Department of Energy, December 12, 2013: http://cryptome.org/2014/05/insider-industry/doe-insider-threat.pdf A Preliminary Examination of the Insider Threat Programs in the U.S. Private Sector, September 2013: http://cryptome.org/2014/05/insider-industry/insa-insider-threat.pdf Digital Communication Analysis for Insider Threat, Combatting Terrorism Technical Support Office, 2014: http://cryptome.org/2014/05/insider-industry/cttso-insider-threat.pdf Mitigating the Insider Threat (and Other Security Issues), Argonne National Laboratory, May 9, 2011: http://cryptome.org/2014/05/insider-industry/anl-insider-threat.pdf IS-915: Protecting Critical Infrastructure Against Insider Threats, Federal Emergency Management Administration, July 10, 2013: http://cryptome.org/2014/05/insider-industry/fema-insider-threat.pdf Predictive Modeling for Insider Threat Mitigation, Pacific Northwest National Laboratory, 2014: http://cryptome.org/2014/05/insider-industry/pnnl-insider-threat.pdf Towards Insider Threat Detection using Web Server Logs, US Air Force, April 10, 2009: http://cryptome.org/2014/05/insider-industry/usaf-insider-threat.pdf More in preparation Google site:.gov "Insider Threat" About 20,400 results
Part 2: CommercialIn preparation Insider Threat Defense, 2014: http://www.insiderthreatdefense.com/index.html Google site:.com "Insider Threat" About 229,000 results About 736,000 results NYTimes.com About 330,000 results Amazon.com About 479,000 results
Part 3: AcademicIn preparation Google site:.edu "Insider Threat" MIT.edu About 368,000 results Columbia.edu About 367,000 results Harvard.edu About 269,000 results Stanford.edu About 219,000 results Princeton.edu About 124,000 results Yale.edu About 79,600 results USNA.edu (Naval Academy) About 47,500 results USMA.edu (West Point) About 32,300 results
Part 4: NGOIn preparation https://www.google.com/search?q=site%3A.org+%22Insider+Threat About 33,400 results
Part 5: Social MediaIn preparation Google site: [sm].com "Insider Threat" About 800,000 results About 784,000 results About 602,000 results YouTube About 454,000 results
Part 6: Wild CardsIn preparation Tor Blacknet Disclosure sites Leak sites Pastebins Dropboxes Anonymizers Anonymouses Chats Mail lists Honeypots Entrapment fakes of the Wild Cards
Part 7: Other GovernmentalIn preparation All governments at all levels, individually and collectively All rebellions and revolutions at all levels, individually and collectively Entrapment fakes of the Other Governmental.
|
