1 / 21

Insider Threat

Defense Security Service. Insider Threat. Wajih Harroum CI Special Agent Defense Security Service. Overview. What is “Insider Threat ?” Why is the Insider Threat significant? How do you recognize the Insider Threat? How can you help defeat the Insider Threat?.

cchoice
Download Presentation

Insider Threat

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defense Security Service Insider Threat Wajih Harroum CI Special Agent Defense Security Service

  2. Overview • What is “Insider Threat?” • Why is the Insider Threat significant? • How do you recognize the Insider Threat? • How can you help defeat the Insider Threat?

  3. Internal and External Threats External (City of Troy) • Foreign Intelligence Services (FIS) • Cyber Attacks • Targeting of Official Travelers • Soliciting of Marketing and Services • Attempted Acquisition of Controlled Technology Internal (Trojan Horse) • Volunteers • Sleeper Agents • Co-opted Individuals

  4. Insider Threat: A CI Perspective An employee with access to a classified or controlled environment who has the opportunity, capability, and intent to purposefully compromise sensitive information and/or materials for distribution to entities who pose a risk to the security interests of the United States The “insider threat” is the most damaging

  5. Impact on National Security and Industry • Loss or compromise of classified, export controlled, or proprietary information • Weapons systems cloned, destroyed, or countered • Technological superiority at risk • Economic loss • Loss of life

  6. Recruitment Process Spotting and Assessing (See Motivators) Development Recruitment and Handling

  7. Insider Threat Motivators • Problems at work: A lack of recognition, disagreements with co-workers or managers. • Greed or Financial Need: Money can fix anything. Excessive debt or expenses. • Ideology/Identification:A desire to help the “underdog” or a particular cause. • Divided loyalty: Allegiance to another person or company, or country. • Adventure/Thrill:Want to add excitement to their life, James Bond Wannabe. • Vulnerability to blackmail: Extra-marital affairs, gambling, fraud, etc. • Anger/Revenge:Disgruntlement to the point of wanting to retaliate • Ego/Self-image: An “above the rules” attitude. • Compulsive and destructive behavior: Drug or alcohol abuse. • Family problems: Marital conflicts or separation from loved ones

  8. Potential Espionage Indicators (PEI) • Reported/unreported foreign travel and contact with foreign nationals • Routine vacations to countries of interest • Seeks to gain higher clearance/expand access • Engages in classified conversations without a need-to-know • Works hours inconsistent with job assignment/insists on working in private • Exploitable behavior traits • Adultery, drug abuse, alcohol abuse, and gambling activities • Repeated security violations • Attempts to enter areas not granted access • Concern that they are being investigated; leaves traps to detect searches of their work area or home • Remotely accessing the network while on vacation or at other odd times.

  9. Espionage Now • Trends of Individuals who have committed espionage since 1990: • 1/3of spies are naturalized U.S. citizens • More than 1/3 of spies had no security clearance • Twice as many spies volunteered as were recruited • Most recent spies have been solo actors • Nearly 85% passed information before being caught • Out of the 11 most recent cases, 90% used computers in their espionage, 2/3 used Internet • 80% received no payment for their spying and 95% went to prison

  10. Insider Threat Case Studies Technology Transfer Dongfan Chung Chi Mak Noshir Gowadia

  11. Mak Chi Mak • Illegally sent U.S. Navy information to China • FBI conducted extensive surveillance operations until Mak’sarrest

  12. Chung Dongfan “Greg” Chung • Suspected of providing China with proprietary information • U.S. Government agents found Chinese tasking documents in Chung’s home

  13. Gowadia NoshirGowadia, 61, of Haiku, HI • Principle design engineer of B-2 stealth technology • Denied TS/SCI access twice • Provided China with technology information valued at hundreds of millions of dollars for a sum of $2M

  14. Walker John Anthony Walker, Jr. • Navy Chief Warrant Officer and communications specialist • Financial issues • walked into the Soviet Embassy in Washington, D.C. and sold a Top Secret document (Codes) • Recruited family members and a friend into a spy ring

  15. Pollard • Jonathan Jay Pollard • Navy Intelligence Analyst • Volunteered to spy • provided Israel with about one million documents

  16. The List is Long… Edward Joseph Snowden (NSA Intel Analyst) Kun Shan Chun (FBI Elect Technician) Bradley Edward Manning (Chelsea Elizabeth Manning) Ana BelénMontes (DIA Senior Analyst) Robert P. Hoffman (Navy Analyst) Charles H. Eccleston (DOE Analyst) Aldrich Hazen Ames (CIA Analyst) Robert Philip Hanssen FBI Supervisor)

  17. Threat Mitigation –Roles and Responsibilities Security Manager/FSO • Training/Awareness/Briefings • Detection • Reaction/Response • Reporting • Reportable Behavior • Adverse Information • Suspicious Contact/Activity • Security/Counterintelligence Incidents • Enforcement of best security practices • Personnel Security • Physical Security • Information Security Employees • Awareness • Detection • Reporting • Enforcement of best security practices

  18. Contractor Reporting of PEI • NISPOM Guidance: • 1-302 a. Adverse Information. • Contractors shall report adverse information coming to their attention concerning any of their cleared employees. • Reports based on rumor or innuendo should not be made. • The subsequent termination of employment of an employee does not obviate the requirement to submit this report. • If the individual is employed on a Federal installation, the contractor shall furnish a copy of the report and its final disposition to the commander or head of the installation. • Becker vs. Philco and Taglia vs. Philco (389 U.S. 979): • The U.S. Court of Appeals for the 4th Circuit decided on February 6, 1967, that a contractor is not liable for defamation of an employee because of reports made to the government under requirements of this manual and its previous versions.

  19. Defense Security Service Questions?

More Related