CSIOS Corporation: The Cyber Insider Threat

An Interview with Mr. Cesar Pie, President and CEO of CSIOS Corporation

CSIOS Corporation: The Cyber Insider Threat

An Interview with Mr. Cesar Pie, President and CEO of CSIOS Corporation

Our cyber defenders are unable to generate information with a level of confidence that’s high enough to know when someone is committing an insider attack until it is too late to intervene.

 

As it relates to the Department of Defense (DoD), an insider could be anyone who is, or who has been, authorized access to a DoD’s information system and/or network, whether military service member or family member, DoD civilian employee, employee of another Federal agency, or a private contractor.  The following interview with Mr. Cesar Pie, President of CSIOS Corporation discusses CSIOS Corporation’s view of the cyber insider threat in the DoD.

How does the insider threat arise?

In the DoD for example, an insider threat arises when a person with authorized access to DoD resources, to include personnel, facilities, information, equipment, networks, and/or systems, uses that access to harm the security of the U.S.

What is the risk malicious insiders pose to the U.S.?

While the vast majority of insiders in the DoD are hardworking, dedicated to their respective professions, and are firmly loyal to the U.S., the risk malicious insiders pose remains high and could potentially reduce or compromise our military effectiveness, and jeopardize the lives of our military men and women. In fact, over the past century, the most damaging events against the U.S. were perpetrated by trusted malicious insiders with ulterior motives.  Malicious insiders can inflict incalculable damage, to include enabling the enemy to plant boots behind friendlylines and potentially compromise our nation's most important endeavors.In point of fact, today for example, more information can be carried out the door on removable media in a matter of minutes than the sum total of what was given our enemies in hard copy throughout U.S. history. 

Why is an insider different than an outsider?

The insider is different from an outsider because he or she hasalready beengranted certain authorities and trust.  Insiders have superior knowledge of asset value, giving them the capability to disrupt interconnected DoD information systems, to deny the use of information systems and data to other insiders, and to remove, alter and/or destroy information. Consequently, the insider who betrays the authorities, trust and privileges granted to them may be aided in their malicious activity by the very information systems upon which the Department depends. When aided by a team of highly sophisticated and well–resourced outsiders, the severity of insider malicious activity may be significantly amplified. 

As it relates to the cyber insider, what is the main challenge faced by DoD cyber defenders? 

The cyber insider threat represents the greatest challenge for our DoD cyber defenders, as proven by the great majority of damaging past compromises which have involved cleared personnel with authorized access to our information systems and networks.  DoD organizations do not have the capability to categorize the precise nature of the insider threat as existential, or its origin, until the damage has been sustained.  In fact, our nation's history of cyber insider threat is replete with warning signs that, for one reason or another, often go unnoticed until disclosures of classified information by insiders have already damaged national security and placed the lives of military service members at risk.

In your opinion, is this the main challenge faced by DoD cyber defenders?

Yes - as stated by the DoD Cyber Strategy, today, our DoD cyber defenders are inhibited by the lack of Tactics, Techniques, and Procedures (TTPs) to anticipate, detect, analyze, and diagnose the cyber insider threat.  Our cyber defenders are unable to generate information with a level of confidence that’s high enough to know when someone is committing an insider attack until it is too late to intervene.

What policy driven actions have been taken by the U.S. and the DoD to prevent unauthorized disclosures of classified information by insiders?

Disclosures by an Army service member in 2010 and a National Security Agency contractor in 2013 are among the largest known leaks of classified information in U.S. history. Since the 2010 disclosures, the President and Congress have taken actions to try to prevent additional unauthorized disclosures of classified information by insiders. Those can be summarized as follows:

·         In 2011, Congress—citing damage to national security, the effect on military operations, and harm to the reputation and credibility of the United States resulting from the 2010 disclosures—called for DoD to establish an insider–threat program.Also, in 2011, the President issued Executive Order 13587 (E.O. 13587) that directed structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks consistent with appropriate protections for privacy and civil liberties.

·         In 2012, the President issued the national insider–threat policy that required agencies to implement insider–threat programs by May 2013.  Thus defines insider threat as the threat that an individual with authorized access will use that access, wittingly or unwittingly, to harm the security of the United States).  The President also directed each agency’s insider–threat program to include six minimum standards: (1) designation of senior official(s); (2) information integration, analysis, and response; (3) insider–threat program personnel; (4) access to information; (5) monitoring user activity on networks; and (6) employee training and awareness.

·         In 2015, the DoD issued its Cyber Strategy stressing the importance of mitigating insider threats, emphasizing the importance of anticipating, detecting, and responding to the insider threat before they have an impact.

·         In 2017, the DoD’s Director of Operational Test and Evaluation, Joint Test and Evaluation Program, approved a Joint Test to develop TTPs to help anticipate, detect, analyze, and diagnose the cyber insider threat before there is an impact on military operations.

About CSIOS Corporation

CSIOS Corporation or CSIOS (www.csioscorp.com) is a Maryland–based veteran–owned and small–disadvantaged business provider of full–spectrum cyberspace operations (offensive, defensive, and information network operations) and cybersecurity services to U.S. Federal customers worldwide.  CSIOS is certified under ISO 9001:2015 (Quality Management System), ISO/IEC 20000–1: 2011 (Information Technology Service Management System), ISO 22301: 2012 (Business Continuity Management System), and ISO/IEC 27001: 2013 (Information Security Management System) standards under the scope: The "Provision of Cyberspace Operations (Defensive, Offensive, and Information Network Operations) and Cybersecurity services to U.S. Federal customers worldwide."

About Mr. Cesar Pie

A veteran of the U.S. Marine Corps, Mr. Pie is an established corporate officer with a demonstrated record of success and unyielding commitment to teamwork, honesty, integrity, excellence, and dedication to employees and the U.S. Federal government customers he serves. He holds a Master of Science degree in Computer System Management and Information Assurance from the University of Maryland University College and a myriad of professional certifications to include Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Information Systems Security Engineering Professional (ISSEP), and Project Management Professional (PMP).

Date Of Update: 10 August 2018, 15:18