WikiLeaks Breach – Trusted Insiders Not Hackers

Wednesday, January 05, 2011

Contributed By:
Danny Lieberman

With a delay of almost 10 years – SCIAM has published an article on the insider threat – WikiLeaks Breach Highlights Insider Security

As one of the pioneers in the DLP space (data loss prevention) and an active data security consultant in the field since 2003 – I am not surprised when civilians like the authors of the article and the current US administration claim discovery of America, once they discover that the emperor is naked.  

Of course there is an insider threat and of course it is immune to anti-virus and firewalls and of course the US Federal government is way behind the curve on data security – installing host based security which was state of the art 7 years ago.

My Dad, who worked in the US and Israeli Defense industry for over 50 years is a PhD in systems science. He asked me how it happened that Wikileaks was able to hack into the US State Department cables.  

I explained that this was not an external attack but a trusted insider leaking information because of a bribe or anger at Obama or Clinton or a combination of the 4 factors. My Dad just couldn’t get it.  

I said look – you know that there is a sense of entitlement with people who are 20-30 something, that permits them to cross almost any line.  My Dad couldn’t get that either and I doubt that the US Federal bureaucrats are in a better place of understanding the problem.

Data leakage by trusted insiders is a complex phenomenon and without doubt, soft data security countermeasures like accepted usage policies have their place alongside hard core content interception technologies like Data loss prevention.

As Andy Grove once said – “a little fear in the workplace is not a bad thing”. The  set of data security countermeasures adopted and implemented must be a good fit to the organization culture, operation and network topology.

BUT, most of all – and this is of supreme importance – it is crucial for the head of the management pyramid to be personally committed by example and leadership to data protection.

The second key success factor is measuring the damage in financial terms. It can be argued that the Wikileaks disclosures via a trusted insider did little substantive damage to the US government and it’s allies and opponents alike.

If anything – there is ample evidence that the disclosure has helped to clear the air of some of the urban legends surrounding US foreign policy – like the Israelis and the Palestinians being key to Middle East peace when in fact it is clear beyond doubt that the Iranians and Saudi financing are the key threats that need to be mitigated, not a handful of Israelis building homes in Judea and Samaria.

As an afternote to my comments on the SCIAM article, consider that after the discovery of America, almost 300 years went by before Jefferson and the founding fathers wrote the Declaration of Independence.  

I would therefore expect that in the compressed 10:1 time of Internet years, it will be 30 years before organizations like the US government get their hands around the trusted insider threat.

Cross-posted from Israeli Software

via infosecisland.com

Posted via email from Whistleblower