The fed goes hunting for malcontents

In wake of WikiLeaks, Office of Management and Budget asks government agencies about practices for identifying potential insider threats

Last week, the Office of Management and Budget asked government agencies to spell out their strategies for minimizing insider risk. The memo, published by MSNBC, asked agencies to assess their security efforts and compliance to federal standards following the release of a trove of government documents, including classified State Department memos, by Wikileaks.

It's likely that federal contractors and government suppliers will also find themselves responding to this list of questions [PDF] and the central issue of preventing the unauthorized disclosure of sensitive and classified materials. In a key section of the memo, the OMB requests information on whether organizations are measuring the "trustworthiness" of their employees and whether they use a psychiatrist or sociologist to measure the unhappiness of an employee as a measure of trustworthiness.

In an effort to prevent the leak of the crown jewels, government agencies and companies with significant intellectual property may be moving to stricter management of employees, says Ken Ammon, chief strategy officer for network access control firm Xceedium.

"Historically, policy and training have been the way (organizations) have handled insiders," Ammon says. "But if you talk with the DOD (Department of Defense), their most significant threat is an intelligent and motivated insider system administrator."

Privileged insiders are not responsible for the loss of great quantities of data, but they steal the more valuable data, according to Verizon Business's Data Breach Investigations Report, which it released last year.

"In general, we find that employees are granted more privileges than they need to perform their job duties and the activities of those that do require higher privileges are usually not monitored in any real way," the report states.

Xceedium focuses its efforts on monitoring and auditing the access of such privileged insiders, blocking any attempts to access data and resources outside of explicit policy.

With privileged insiders, "you have to go with the zero-trust model," says Ammon.

The Department of Defense is doing just that. Last year, the research arm of the Pentagon, known as DARPA (Defense Advanced Research Projects Agency), tasked researchers with finding better methods of detecting government employees and soldiers who may be planning to go rogue. The program, dubbed ADAMS (Anomaly Detection at Multiple Scales), aims to detect changes in behavior that could suggest a decision to attack. In another proposal, issued in August, DARPA asked for technological solutions to better detect enemies already present in networks.

The WikiLeaks memo and the ADAMS project seem to indicate that the government will be looking more closely at the people with access to critical assets and data. With the government focusing on increasing the security of government contractors, it's likely that corporate America will take a greater interest in the happiness and trustworthiness of its IT staff as well.

It's time to grit your teeth and be happy, folks.

This article, "The fed goes hunting for malcontents," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog, and for the latest in business technology news, follow on Twitter.