HomeFeaturesDailyBriefingsRapidReconSpecial ReportsAbout Us

Insider Threat

As a follow-up to our earlier assessment on counterintelligence problems, it is worth noting that:

Six years after arresting turncoat Robert Hanssen, the FBI remains vulnerable to espionage from within, the parent Justice Department said in a report Monday.

The reason for this, said the Justice's Office of Inspector General, is that the bureau has failed to fully adopt security measures to track suspicious behavior involving its own employees.

The danger posed by insiders cannot be over-stressed. It is one thing to keep out fairly obvious foreign agents, to trail ostensible “attachés” and fend off standard solicitations, but a talented turn-coat such as Hanssen, or more recently Montes, is a much tougher nut to crack.

By their very nature insiders have legitimate access to a wide variety of information. Their actions may seem to be entirely benign because accessing sensitive information is what they do for a living. Absent a more robust counterintelligence capability, an insider executing their mission slowly, discretely, methodically, has little worry of detection.

1 Comment

Finding a technological solution to insider threats has been on the list of "Hard Problems" for quite a few years now, and with little to show for it.

It's not really my area of interest, but it seems to me like one possible solution might be to establish baseline network behavior patterns for every classified employee, and should those patterns change (i.e., the employee starts logging in to sensitive material more frequently, or accessing new areas for no apparent reason), then that employee gets silently flagged for closer scrutiny.

You could also theoretically watch for linguistic stressors to appear in the employees email communications.

Or perhaps a combination of the two.