The WikiLeaks situation sparks conversations about mitigating insider threats.
At the center of the WikiLeaks controversy is U.S. Army Private First Class
Bradley Manning, the man suspected of having passed
the whistle-blower Website
a massive collection of U.S.
Manning has been in military custody for the past several months with
charges of transferring classified information to his personal
computer and passing it on to an unauthorized source hanging over his head. But
it was not monitoring software that exposed Manning; in fact it was an
informant, former hacker Adrian Lamo, who Manning allegedly bragged to via
The situation underscores the problems surrounding access controls and
malicious insiders, and it has prompted the U.S. Office of Management and
Budget (OMB) to issue a
to the heads of the country's executive departments
and agencies requiring them to review "the agency's configuration of
classified government systems to ensure that users do not have broader access
than is necessary to do their jobs effectively, as well as implementation of
restrictions on usage of, and removable media capabilities from, classified
government computer networks."
In a chat log between Lamo and Manning published by
, Manning reportedly wrote that he would come in with a CD
labeled "with something like 'Lady Gaga' ... erase the music ... then write a
compressed split file."
The OMB memo was not the first time government officials have taken a hard
look at removable media. For example, the military banned USB
in 2008 i
n response to malware attacks. But banning removable media and
storage devices will not deter someone from using them if that policy is not
enforceable, said Michael Maloof, CTO at
TriGeo Network Security.
"Real-time monitoring and blocking is not only possible, it's
essential, and it's the only way to ensure that sensitive data is never
transferred to an unauthorized device," he said.
From an attack perspective, personal, portable devices are far too easy to
hide in a bag or pocket, noted Hugh Garber, product marketing specialist at
Ipswitch File Transfer.
"Portable devices increase risk," he said. "Easily lost or
stolen USB drives, external hard drives,
smartphones and even using personal e-mail accounts can increase security risk,
compliance risk and data breach risk. Portable personal devices relinquish
visibility, [the ability to be audited] and compliance because they aren't
being integrated into overall file transfer monitoring or reporting."
Controlling data leaks also means managing access.
"Simply put, organizations must ask, 'What does this
person need to accomplish their stated mandate, and nothing more?' and then
again deploy the right management tools to ensure they have what they need
while adhering to the organization's policies. Identity is again the key to
making this work well," said Grant Ho, director of solutions and product
marketing for End User Computing Solutions at Novell.
In its latest data
, Verizon reported that roughly 48 percent of data breaches
during 2009 involved someone internal maliciously abusing his or her
right to access corporate information. Technology aside, identifying
in an organization who may leak or steal confidential data is far
from an exact science.
"This is one of the biggest problems ... there isn't a profile or
common traits [of malicious insiders]," said Ho. "In fact,
sometimes people gain access to information without knowing that they
shouldn't. There are times when you should be more careful, such as if an
employee is laid off or fired. Disgruntled employees will look for ways to
compromise data. [But] profiling this is incredibly difficult."
"There's a fine line between trusted insider and malicious insider,"
added Jack Hembrough, CEO of VaporStream. "System
Administrator is a powerful position, and someone's got to occupy it. Rather
than trying to identify who might 'go bad,' I think it's more productive to
help honest people stay honest by managing what the System Administrator can