Last fall, just three years after the massive Edward Snowden leak, Harold Martin III – another government contractor – was charged with allegedly stealing highly classified documents from the National Security Agency (NSA). Despite added layers of security post-Snowden, Leone Lakhani of The Cipher Brief notes that Martin had no trouble pilfering what federal prosecutors called a “breathtaking” amount of information in one of the longest-running examples of insider threat damage.
As government work continues to be outsourced to the private sector, there’s growing unease that contractors aren’t doing enough to mitigate risks from insider threats. On November 30, however, the Department of Defense required contractors to establish and maintain an insider threat program (NISPOM Change 2), a small but necessary step forward.
But how much will these new requirements help? Haystax CEO Bryan Ware tells The Cipher Brief that NISPOM 2 requires “a bit of paperwork” but is “pretty easy to meet.” Ware maintains that “…the requirements they’ve imposed to date would not have material impact in any of the insider threat cases that we’ve seen in the news. It seems to me that more needs to be done.” (We’ve detailed why in several prior blog posts, including this one.)
As a smaller company, Ware believes, Haystax has an advantage in terms of monitoring employee activity. “We have very close interaction with all of our employees. I see every employee pretty much every week as a CEO and that’s certainly not the case at a large business,” he says. “Those close quarters and close contact enable us to be very hands on and aware of what we’re doing.”
And for more information on Haystax Technology’s unique approach to insider threat, please visit www.haystax.com/insiderthreat.