Why insider threats pose unique risks to national security

Insiders have always posed a unique threat to national security. From Benedict Arnold’s treacherous turn to Robert Hanson’s dramatic betrayal, America’s own have caused grievous damage to the nation. The evolution of the internet, the relative ease of transferring data and the ability to send/receive anonymous money transfers have opened new holes in America’s defenses, dramatically increasing the risk of insider attacks. America needs to adapt current policies to combat the growing insider threat to critical networks.

The modern internet has become socialized. Online social networking is changing the way people view their relationships. Sites like TikTok, Facebook, LinkedIn, Nextdoor and Twitter allow individuals to escape into a virtual world. For some, online relationships become more important than physical ones and virtual personas become more significant than reality. Online communication allows people around the globe to interact and bond in a new way, creating friendships and forming alliances. For example, TikTok, a popular video platform where users create short videos for likes and interactions, boasts over 1 billion monthly active users. Due to the anonymity that a person can assume, these hidden relationships could be easily exploited to provide incentives for insiders to attack network systems and exfiltrate data including that which is essential to our national defense. Additionally, in a world where people live online as much as they do in the physical world, allegiance to a country, company, political affiliation or cause may diminish over time due to the pressure and influences they see on a daily basis based on their multiple social networking feeds.

Virtual worlds, with their own systems of law and working economies, provide new means to reward insiders willing to pass sensitive information. In 2021, Metaverse’s revenue was over $117 billion. That’s more than the annual GDP of the state of Arkansas. With currency exchange and facilitated peer-to-peer transactions, the anonymous aspects of virtual gaming dramatically multiply the possibilities for anyone seeking to covertly transfer money. It is easier today for insiders to transfer large amounts of information than ever before. The data tools available to insiders are incredibly widespread and have all sorts of completely legal and legitimate uses for everyday life. Exchanging information through Direct Messages (DMs) or in virtual worlds is now commonplace. This presents a huge problem — it is difficult to determine what information is being transmitted, and there are very few methods to monitor or control the communications flowing through these environments.

Although the government is already working hard to protect its networks from outsiders, as seen in the Insider Threat bill passed by the House in 2015, it is essential to realize the scope of the insider threat. Insiders can cause extensive damage to national security and are difficult to detect because, by nature, they have trusted access to vital information. We must update and adapt current practices to prevent at-risk applicants from gaining access to vital information and limit the possibility of current employees attacking the system.

Most routine security background checks today do not take into account an individual’s extensive cyber activity. Most applicants would not even think to list online screen names as aliases or online friends as personal references. However, a person may have more friends in an online neighborhood than they have in their own local community. Contact with foreign nationals, another part of the background check process, is also less clear with regards to online conversations. There is no easy way to tell if you’re conversing with a person across the street or halfway around the world. Investigators will also need the right tools and authority to follow up and validate cyber information within the background process. It is vitally important to update the background check process to sufficiently include both the physical and virtual worlds.

Developing new technology and radically changing policies is not the best way to defend current vulnerabilities. Policies and procedures need to be carefully tweaked and strongly implemented. Administrators and security need to utilize the tools currently employed to monitor the health of the network and ensure access only to areas required for work. Improved awareness through training and exercises will allow for better preparation of security and network managers to counter evolving vulnerabilities. Proper personnel oversight is key to any successful threat-prevention program. Since technology can’t identify which employees are potential insider threats, supervisors must take an active interest in the lives of their subordinates. Historically, common characteristics of insiders are those with a drastic downturn in their life, such as financial, work or family issues. Interpersonal signals are the best indicators of a potential insider threat, which technology cannot detect.

The cyber environment is changing society in ways that have a significant impact on national security. Even events such as elections pose a strong chance for the possibility of insider threats. Increased online activity presents both new reasons and easier means to betray one’s country or employer. The U.S. government and companies must adapt to actively defend and thwart the evolving insider threat.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.