Insider Threat: Learning from the Edward Snowden case

Edward Snowden, a 36 years old American whistleblower who came to the world community's attention by leaking highly classified NSA documents in 2013 (Szoldra, 2016). While working for CIA and NSA, through sub-contractors, he raised few ethical concerns through internal channels and was ignored. Finally, he decided to handover huge documents of global surveillance programs run by NSA and other affiliates. This made him a Federal wanted criminal to the US government or a hero to freedom of expression activists. Whatever the case, Snowden’s action was mostly facilitated by his internal knowledge of NSA while working for them as a sub-contracted of Dell or Booz Allen.

Lessons learned from Edward Snowden Case

NSA or Dell are very well known to have many security controls inside the organization, but still, Edward Snowden could copy millions of documents and leaked them. It proved the ineffectiveness of a few of the security controls. Key learnings are:

• Proper awareness of sharing credentials. NSA identified that Snowden tricked one of the employees to type his password in his own computer terminal and share his encryption certification to gain more access to the NSA computer system (Nicks, 2014).
• Hiring employees despite concerns about resume discrepancies. Reuters reported that NSA contractors Booz Allen found some discrepancies while screening Snowden’s resume. It’s not clear yet what was the main concern of the discrepancies and how Mr. Edward convinced them (Hosenball, 2013).
• The internal platform for whistleblowers. Before Snowden, another whistleblower, Mr. Thomas, tried to raise his concern inside NSA and failed. Same fate for Snowden, who tried internally to get attention to the privacy issues. As his concern was not addressed, he decided to make them public (Tucker & One, 2016).
• Encryption and masking of sensitive information. He could retrieve any files that were just not protected by encryption or access control.
• Let the employee be mature to handle the information. Edward Snowden himself was surprised how NSA trust an employee of 18 to 22 years old with extraordinary responsibility of handling critical and classified documents (Rusbridger & MacAskill, 2014).  

How to prevent another case like Snowden to happen again

Whether heroic or patriotic, no organization will want a Snowden inside. They will want to put all sorts of security controls to stop leaking documents either by their own employees or contractors like Snowden in Dell. But the question is what an organization can do to stop such leakage. Cluley (2014) studied the Snowden case and tried to put his thought in his article in the Intralink. He focused on basic security controls like Antivirus, firewall, access control, and patching, which must ensure fundamental security hygiene. The organization should also put controls on document movement, either copying to HDD or USB or sending over email.

To manage insider threats, the organization can take a few steps suggested by Tagg (2014). He prioritized a) system and asset inventories, b) deployment of Data Leakage Prevention (DLP) system and c) putting internal HoneyPots.

• If an organization doesn’t have proper inventories, they may lose focus on cornered and unattended systems used by insider threat actors to use as a landing station and roam around.
• DLP is an industry-standard solution to protect company intellectual properties from an external or internal attacker. It works based on a policy set by the information owner. It can detect the movement of internal documents, emails, files, etc. and act accordingly to set policies. Thus it can prevent copying or transfer of sensitive documents to any portable storage or over email.
• Honeypots are normally used to attract and detect external threats. But it can be also put internally to derail insider attacks and catch them. This is an excellent security tool to save real crown jewels.

Another aspect of creating a new Edward Snowden inside the organization is not having the process for whistleblowers. Snowden was inspired by Thomas Drakes, who attempted to blow the whistle on what he believed as an abuse of power at the NSA and they never listened to him, rather charged him with violating the Espionage Act. If there had a real avenue to disclose information in the public interest, Thomas could have used it and the matter might have been solved earlier – no Edward Snowden would have been on the public agenda. (Tucker & One, 2016)

Final Note

Whatever control we put, if someone determined to be like Edward Snowden to blow the whistle outside the organization, there’s nothing much the organization can do (Cluley, 2014) – the company can make it a bit difficult by putting some security and legal controls along with cultural changes inside the organization.

?References                                                                              

Cluley, G. (2014, February 3). Stopping the Edward Snowden in your Organisation. Retrieved from Intralinks: https://www.intralinks.com/blog/2014/02/stopping-edward-snowden-in-your-organisation

Hosenball, M. (2013, June 21). Exclusive: NSA contractor hired Snowden despite concerns about resume discrepancies. Retrieved from The Reuters: https://www.reuters.com/article/us-usa-security-snowden-idUSBRE95K01J20130621

Nicks, D. (2014, February 13). NSA Memo Says Snowden Tricked Colleague to Get Password. Retrieved from The Time: https://swampland.time.com/2014/02/13/nsa-leaks-edward-snowden-password/

Rusbridger, A., & MacAskill, E. (2014, July 19). I, spy: Edward Snowden in exile. Retrieved from The Guardian: https://www.theguardian.com/world/2014/jul/18/-sp-edward-snowden-interview-rusbridger-macaskill

Szoldra, P. (2016, September 16). A timeline of Edward Snowden leaks. Retrieved from Business Insider: https://www.businessinsider.com/snowden-leaks-timeline-2016-9

Tagg, G. L. (2014). THE INSIDER THREAT. In S. Bosworth, M. Kabay, & E. Whyne, Computer Security Handbook, 6th Edition (pp. 13.1-13-2). New Jersey: John Wiley & Sons, Inc., Hoboken.

Tucker, P., & One, D. (2016, September 18). Can the NSA Stop the Next Snowden? How the intelligence community learned to spy on itself. Retrieved from The Atlantic: https://www.theatlantic.com/international/archive/2016/09/nsa-snowden/500345/