In 2011 President Obama launched an effort to improve the country’s ability to identify and mitigate potential risks from federal government employees and contractors. But a number of high-profile insider threat incidents in recent years, including by Edward Snowden and most recently Harold Martin III at the National Security Agency (NSA, pictured above), have left observers wondering how much has really changed.
“Most agencies are just starting” to establish programs for detecting and preventing internal threats, Haystax CEO Bryan Ware told Cory Bennett of the journal Politico. Ware noted that the intelligence community got a head start a few years ago — but even there, he said, leaders are probably now wondering: “Do we need to rethink the way we’re doing this?”
Analytic tools for uncovering risky employees hold great promise in identifying red flags, such as abnormally large data downloads or unexpected database logins, as well as personal behavior such as employees’ finances and travel plans. Many experts believe such tools could have stopped Snowden, who used flash drives to stash data unrelated to his job function.
Haystax VP Tom Read recently argued for a more risk-based approach to insider threat, one that uses a model-based approach to insider risk to “prioritize those with highest likelihood for committing an incident, which will then inform the optimal monitoring and prevention strategies.”
Martin also had personal ‘life stressors’ — such as a 2006 charge for driving under the influence (later dropped) and a 2010 divorce — that can make an employee more likely to act out, Ware told Bennett.
As for the NSA, “I wish they had used our tool,” Ware said. “This is what they were built for. What happened with [Martin] — that is not the first time.”