WikiLeaks Prosecutor Charts Rise of Insider-Threat Boom
By ADAM KLASFELD In this exclusive three-part series, a former military prosecutor breaks his silence about the U.S. government’s biggest leak conviction to date, and the growing industry surrounding “insider-threat” detection.
MANHATTAN (CN) – June has been a tough month for the federal government’s czars of cybersecurity.
Just two days after a congressional watchdog warned on June 2 that the Pentagon is underprepared to keep its classified information safe from “insider threats,” OPM, short for the Office of Personnel Management, announced that a record-breaking attack exposed the personal information of 4 million federal employees.
The scope of that breach escalated Friday when OPM confirmed that a separate intrusion compromised a different system and set of data.
U.S. officials are privately blaming China for the attack, but the Department of Defense still faces pressure to improve its focus on breaches by its staffers.
The 55-page report from the Government Accountability Office makes only veiled reference to Chelsea Manning and Edward Snowden in discussing the “grave damage to national security … due to unauthorized disclosures of classified information by individuals with authorized access to defense information systems.”
In his first public interview, the former military prosecutor who put Manning away for what was then the biggest intelligence leak in U.S. history offers a unique perspective on how Washington and corporate America view the insider-threat phenomenon.
Former Army Maj. Ashden Fein spent more than three years on the Manning court-martial before entering the private sector at the Washington-based law firm Covington & Burling, with a team providing cybersecurity advice to an elite list of confidential clients.
Fein, 36, said most people see Manning as a national-security leaker.
While that label “is absolutely true,” there is less recognition of the fact that this “case was the largest cyber-security investigation in the history of the Department of the Army,” Fein added.
When President Barack Obama created the National Insider-Threat Task Force on Oct. 7, 2011, with the objective of forestalling future leaks, Manning was roughly two months shy of her first public hearing.
The same month her trial began, June 2013, the White House saw the other shoe drop in the form of Snowden’s leak to The Guardian.
Federal employees told the McClatchy news wire at the time that the clampdown on insider threats stifled public debate by casting spies, leakers, whistle-blowers and ordinary workers under the same cloud of suspicion.
One tool that the Department of Homeland Security uses is a psychological profile of the typical inside threat, derived from the work of Michael Gelles, a consultant with Deloitte Consulting LLP who formerly headed the Naval Criminal Investigative Service.
With 16 years under his belt with the NCIS as its chief forensic psychologist, Gelles said in a phone interview that his portrait draws largely from dozens of convicted spies the CIA interviewed in “Project Slammer.”
Fein opined that Manning’s personality traits match several of the department’s flagged “characteristics” – among them rebelliousness, narcissism, destructiveness and intolerance of criticism.
Both Fein and Gelles commented, however, that the insider-threat-detection field has evolved beyond a checklist.
“Today, as we now are able to capture behavior in different ways, we can look at what a person’s doing and how they’re performing,” Gelles said.
For some companies, this involves monitoring workers.
Now a booming practice, major military contractors like Lockheed Martin, Northrop Grumman, Raytheon and FireEye introduced insider-treat detection software last year. The programs scoop up employee information to detect abnormalities in the average worker’s data usage.
Fein, who remains in the military as a reservist, said he helps his clients navigate the legal implications of these measures.
“With a few exceptions, the Fourth Amendment does not generally apply to private-sector companies monitoring their employees,” Fein said. “So, acknowledging that, no matter what, even if you are talking about private-sector-versus-public-sector, there’s always a balance between privacy and security.”
For Fein, effective monitoring comes down to transparency.
“If employees understand that their employer is monitoring their activity, it would provide a deterrent conceivably to those that might want to be bad actors,” he said. “I think the notice provides everyone with understanding of how their information is being used in a privacy context.”
Whether working for the Pentagon or a soft-drink factory, employees closer to the organization’s “crown jewels” will have a tighter leash, Fein noted.
“If it’s an entire company surrounding a certain type of intellectual property – the formula of a soda that has been very successful or the code of software that’s so unique that if a competitor is to receive it, then it could potentially annihilate a company’s net worth – then I think they’re going to have controls in place that are more draconian and possibly much more similar to the type of classified information control that DOD has,” he said.
Of course, no single program can keep every secret under wraps.
Drawing lessons from the Manning court-martial, Fein quoted an online chat in which Manning bragged about exfiltrating data.
“No-one has a clue,” bradass87 wrote, “because 95% of efforts are on physical security of classified networks … and managing OPSEC [operations security] on unclassified networks.”
Fein interpreted the other 5 percent as “information security.”
Manning “identified a weakness and exploited it,” Fein said, “and I think that scenario will hold true in the future no matter what program or what agency. And I think that includes the U.S. government and that includes corporate America.”
Click the hyperlinked text to visit Part II of this series, “Manning Prosecutor Breaks Silence on WikiLeaks Case,” or Part III, “Corporate America Enters the Cyber War Room.”