Today’s world is more interconnected than ever before. Yet, for all its advantages, increased connectivity brings increased risk of theft, fraud and abuse. As we become more reliant on technology, we also become more vulnerable to cyber-attacks, such as insider threats, spear phishing and security breaches.
Industry and government are working together to combat these threats, and on June 18, DIA’s Chief Information Officer Grant Schneider participated in a panel discussion on insider threat hosted by MeriTalk at the Newseum, says an article on DIA’s own Web site.
The panel was moderated by Lee Worthman, NetApp chief technology officer for federal civilian agencies. Schneider joined other guest panel members, Michael Buckley, chief of the Operations Analysis Group, Counterintelligence at the Defense Security Service; and Philip Quade, chief operating officer, Information Assurance Directorate, National Security Agency.
The panel discussed changes in agency cyber monitoring and reporting approaches as a result of the most recent high profile insider threat cases involving Pvt. Bradley Manning and Edward Snowden. All participants agreed that insider threat is a top challenge, and the debate over “need to know” versus “need to share” is a difficult issue that the intelligence, Department of Defense and civilian sector circles are all trying to tackle. This debate is compounded by the director of national intelligence’s push to move the intelligence community toward integrating its information technology systems.
According to Schneider, “Securing our data is a prerequisite for sharing our data. If we can’t assure other agencies that we will secure their data, whether from insider threat or other, we will never get access to their data.”
The panel members agreed that combating these threats requires a risk management approach to everything from security clearance vetting to implementing new tools and controls, the DIA article continued. Policy often can’t keep up with technology and can potentially hinder success if not implemented or updated.
According to Buckley, we have to implement more than perimeter security, “We must get human resource and physical security personnel involved in helping to look for indicators of insider threat risk.”