Their judgments flew in the face of this accepted wisdom. Research results suggested that the terrorist attacker targeting institutions such as stewards of critical infrastructure would more likely use an infiltrator than a disgruntled insider already in place. The same careerist, given time and inclination to plan, is in the best position to develop and carry out a devastating attack that circumvents defenses. However, the disgruntled insider is potentially unstable and difficult to control. According to the Delphi experts, this employee is not a joiner and is likely to be too egocentric to accept direction readily Volatility makes this person an operational risk who may compromise details of an attack out of disagreement with the particulars or out of spite at not being consulted on every move.
Additionally, in the age of the Internet and with critical infrastructure targets that have traditionally operated openly without the security precautions of the national security sector, targets and their employees remain highly accessible. Their critical assets are often immobile. Thus, in contrast to weapons classified for reasons of national security, critical infrastructure cannot be relocated or concealed once its location and operating details have been compromised.
In this context, the targeting information necessary for mounting an infrastructure attack need not be so esoteric as to be available exclusively to a career insider with very detailed knowledge. Instead, as the Delphi experts reasoned, an infiltrator who gets through the door, even at a relatively low level for a limited time, should be able to accumulate enough details to enable an attack without having to spend years masquerading as an innocuous employee.
We also need to remember that many infrastructures and institutions are desperate for talent and have aging work forces with few systemic arrangements for recruiting, training, and deploying successors. Thus, as one expert noted, infrastructure employers are prone to welcome any skilled workers without criminal convictions who show an interest in accepting entry-level positions.
The same employers make frequent use of contractors who soon gain unfettered access to their systems. This situation gives an infiltrator two paths of entry: as a direct employee or as a contractor. Infiltrators may even try the two approaches concurrently without fear of one rejection influencing the possibility of another. In this milieu, if the remaining defenses described below are also flawed, the chances for a successful attack begin to tilt more in favor of an infiltrator than a disgruntled insider.
- The Fathers Almanac: From Pregnancy to Pre-school, Baby Care to Behavior, the Complete and Indispensable Book of Practical Advice and Ideas for Every ... the Fun and Challenge of Fatherhood;
- Johnny Depp.
- Securing an organisation against insider threats.
- "Managing the Insider Threat: No Dark Corners. By Nick Catranzos. Boca " by Mark J. Roberts.
The infiltrator may not have quite so much access, but he can definitely be better controlled, focused, and more disciplined about concealing telltale indicators of an impending attack to avoid compromising the attack. The weaknesses of traditional defenses against this insider threat appear more evident if depicted in the context of the mutual challenges of infiltrator and defender, as Figure 1 illustrates. Figure 1 depicts the situation in which infiltrator and infrastructure find themselves when these countermeasures and their limitations impinge upon each other in the traditional scheme of penetration and defense.
It falls to the infiltrator to pass the background check and then enter and pass a probationary period during which, or at least after which, the infiltrator anticipates having sufficient freedom of maneuver to gather information unimpeded by any close scrutiny or interference. The infiltrator eluding detection or interference is free to operate in the dark corners of insufficient oversight and management, as long as his behavior and work performance do not deviate so much from the norm as to invite attention.
The standard screening, or pre-employment, background investigation presents a low hurdle to the prepared.
As long as the infiltrator does not have a record of criminal convictions or obvious disqualifications like inability to lift twenty-five pounds in a job whose essential functions require some manual labor he or she has little to fear from the third party consumer reporting agency performing the background check. Nor is it feasible to demand the same level of scrutiny for a maintenance mechanic as for an intelligence analyst.
They will also be showing no signs of the kind of debt indicative of financial hardship that would make them targets for bribery or ostensible candidates for selling out their employers to relieve financial distress. Similarly, an infiltrator sent into an infrastructure employer to attack it will be unlikely to draw attention by amassing bad debts that set off financial responsibility alarms, assuming a credit report is even requested as part of the background investigation.
Nor will this individual invite negative scrutiny through drunk driving or criminal convictions that the average background investigation detects through a standard check of superior court records in counties of residence and of employment. Thus, the infiltrator is seeking infrastructure employment not so much for monetary or professional reward as for access to an assigned target.
Meanwhile, the attacker coaches the infiltrator to avoid actions that would raise eyebrows. Fidelity to America is seldom called out as a hiring criterion for work at a utility that operates critical infrastructure. In the broader context of employment law, anti-discrimination protections, and limitations on the extent to which employers may practically scrutinize applicants for work at critical infrastructure sites, background investigations are unlikely to unmask any but the most unsophisticated of infiltrators.
Update investigations, if performed at all, typically come after seven years because this is the standard limit that many states and the Fair Credit Reporting Act recognize as the maximum period for making criminal history available for retrieval for employment purposes.
Is your company and customer data being sold on the darknet? - CIO
An infiltrator requiring more than seven years to gather insider information to support an infrastructure attack would have aged enough to cast doubt on his or her motivational zeal and to be suspected of beginning to identify too closely with the target. Corporate sentinels, whether security staff, auditors, information systems guardians of the computer network, human resources recruiters, attorneys, or others with assigned responsibility for various monitoring functions, rarely interact with the new employee.
Unless the neophyte does something egregious to excite remark, he or she is unlikely to face a random audit or active monitoring of computer key strokes, or time and duration of access into a given work space. As one of the experts pointed out, the astute observer sees them coming. Moreover, many audits are perfunctory, particularly if auditors consider themselves overextended and loathe taking on the extra work of sustaining a negative finding.
In many, if not most critical infrastructure environments, audits are by definition adversarial. They are, therefore, regarded as a necessary evil perpetrated by individuals who are more tolerated than esteemed. To the extent that auditors are aloof, disdainful, or menacing, they struggle to obtain active cooperation. However, until the moment of attack, the infiltrator targeting critical infrastructure is unassociated with any loss-producing events that would invite such scrutiny.
In such circumstances, it is the rare audit that will identify and focus sufficient attention on an infiltrator to elicit anything more than an oral warning or mild rebuke. Consequently, the traditional audit poses no threat to the infiltrator operating with a modicum of training and sophistication.
Technology exists to remotely monitor every keystroke an employee makes whether operating a desktop computer or a supervisory control and data acquisition SCADA system — the principal means of controlling valves and distribution of signals, power, or water when handling a critical infrastructure component. It is possible to configure control room access so that no one individual may enter a critical area alone.
It is also possible to monitor such areas remotely through video surveillance. These capabilities can theoretically prevent all but the most astute from carrying out undetected acts of mischief. However, when applied to the challenge of detecting and thwarting an infiltrator bent on attacking critical infrastructure, technology alone falls short for several reasons.
First, for every device capable of tracking activity, there must exist somewhere in the institution a means of discriminating untoward activity from acceptable routine. Such a determination requires human judgment.
True, some automated tools can approximate a level of human judgment, if given precise details and parameters of what kind or number of transactions become suspect once they exceed a certain frequency in a given time period or take up significantly more time than necessary. However, the effort needed to establish these boundaries and the resources necessary to automate associated triggers exceed the capacity of the average financially-strapped employer. Nor is this investment in proportion to the expected benefit. The same caution applies to the labor-intensive alternative to this technology-based solution: invasive snooping by a designated monitoring force.
Delphi experts with career experience as line managers in critical infrastructures opined that such snooping negatively affects productivity and morale, while often leading to an unintended consequence. It sparks the creativity of aggrieved operators to find new ways to elude or defeat monitoring systems because they dislike being watched like wayward children.
Thwarting such corporate sentinels, whether human overseers or automated devices, soon becomes part game, part badge of honor. Operators then transfer this knowledge of how to bypass what they regard as invasive monitoring to peers and newcomers alike — including the potential infiltrator — because they know that if all the workers are defeating Big Brother, then management will be unable to single out any one employee for punishment. At this point in the penetration effort, if the infiltrator has managed to survive the screening process and stay under the radar of corporate sentinels, inertia and initiative are on his side.
The more he blends, the less he stands out, and the more likely he is to gain the unwitting support of co-workers and management alike, particularly if seen to be a competent team player who gets along well with others. One contradiction in defensive strategy highlights how traditional measures can be self-undermining. The common thread that unravels the foregoing defenses when exploited by an infiltrator or any hostile insider is a lack of active involvement on the part of the workforce on the one hand, tied with what infrastructure workers perceive as the offensiveness of too much oversight on the other hand.
In this context, the institution comes to rely excessively on its corporate sentinels, viz. Meanwhile, the capacity of these sentinels, to focus limited resources on discovering a needle-in-the-haystack level of visibility of an insider threat is constrained by infrastructure operator resistance to draconian security measures that are too costly and impede operations.
Into the space between general employee indifference and constraints on corporate sentinels, the infiltrator and any insider threat can create a dark corner to carry out hostile activity with impunity.
Managing the Insider Threat
Figure 2 shows such an alternative end-state. What has changed? First, the screening process no longer relies excessively on a search for indicators that uncover neither an infiltrator nor other hostile insider. As one executive who studied trust betrayal for an entire career pointed out, many experts find that personnel investigations do not prevent espionage or detect those who may commit such a crime. It takes advantage of government resources through a program that U.
- Fancy Nancy: Just My Luck! (I Can Read Level 1).
- Aware's Human Behavior Risk Analysis?
- No Dark Corners: A Different Answer to Insider Threats.
- Eiskalt verführt. Erotik-Story (Shocking Sex Series 2) (German Edition).
- Managing the Insider Threat: No Dark Corners?
- The Fair Folk of Doon Hill.
For a fraction of the resources necessary to conduct update investigations of utility employees every seven years, 21 infrastructure employers can instead devote more attention to verifying basic identity and right-to-work authorizations of new hires in order to defend against potential infiltrators. They improve their internal capacity via a federally-funded program that trains human resources recruiters to check credentials and gives access to Social Security and immigration databases to facilitate verification of employment eligibility.
The new screening program will not necessarily catch all infiltrators any more than it will defeat individuals who enter the institution benevolently and only later develop hostility and a propensity to betray or destroy.
However, the program will reduce the ability of terrorist organizations to infiltrate their agents with falsified credentials which, absent increased scrutiny, receive only token examination from the most junior clerk assigned to processing employment applications. The new screening program complicates the challenge for the infiltrator, but does not eliminate it altogether. More importantly, however, the biggest change from the Figure 1 traditional approach to the Figure 2 alternative is the active engagement of the general employee population.
Employees now support the screening process by at least verifying credentials through their own professional and trade networks. The immediate supervisor monitors the employee closely throughout the probationary period.
During this interval, the new default expectation is not that all newcomers pass probation absent egregious incidents, but that all are released from employment unless they demonstrate talent worth keeping. This demonstration must satisfy not only the supervisor but teammates as well, which forces close interaction on a daily basis. Moreover, during probation, new hires are treated like student pilots who are not ready for solo flight — never left alone in the cockpit. Only, in the case of critical infrastructure, the student is a new employee and the cockpit is any critical asset or control system.
At the same time, this alternative approach requires a culture of constant team interaction and self-monitoring that reduces opportunities for probing and undermining the institution clandestinely. Advertise with Us.
- DIABOLIK (126): Luomo senza legge (Italian Edition);
- 1st Edition?
- Technology Partner.
- The Darya-E-Noor is in The Sonali Bank Vault!
- Cadete del espacio (Solaris ficción) (Spanish Edition).
Related Managing the Insider Threat: No Dark Corners
Copyright 2019 - All Right Reserved