Protectors of Critical Networks Look Within For Vulnerabilities

July 12, 2011
Cyber Security, FedCyber Wire
No Comment

via National Defense Magazine

The hacker is only one ingredient in a network intrusion. While leaders are rightly concerned about outsiders breaking into their networks, they also realize that their own employees may have as much to do with the next breach as an outsider.

In the rush to defend critical public and private networks, organizations are seeking to give cybersecurity professionals the tools they need to track and defeat a multitude of threats on a daily basis, including those that come from inside an agency.

Organizations must keep an eye on those who misbehave on internal networks, intentionally or not. The problem of “the insider” can’t be overlooked, said Steven Chabinsky, deputy assistant director of the FBI’s Cyber Division.

“The insider is a phenomenal issue,” he said. “We’ve got insiders that are purposely sent to companies to do espionage . . . And then you have well-meaning employees who simply by opening up an email or doing something else” can compromise network security.

Hackers have been successful against firms with solid security frameworks by analyzing their employees and going after them with cleverly worded emails, also known as “spear-phishing.” Companies have begun training all employees on cybersecurity fundamentals. No amount of technology can prevent attacks if employees are not educated, said executives at the Air Force Association’s “CyberFutures” conference.

SAIC uses a game – which has now been given to the Defense Department – that teaches employees that they all have crosshairs on their backs when it comes to network security. Northrop Grumman sends workers through an internal Cyber Academy and requires everyone on its staff to have a basic understanding of network security issues. Company officials say that the nation needs a “broadly-based” work force with a certain amount of digital literacy across the board and specialists in the right spots.

But more challenges arise as technology advances.

The government’s increasing use of wireless technologies can create vulnerabilities for hackers and makes the problem even trickier to solve. While these devices can make life easier for the government worker, they also can make it more difficult to defend against intrusions.

The Government Accountability Office first took a look at wireless networks at six federal agencies back in 2005. It found unauthorized activity and broadband signals being broadcast beyond the perimeter of certain buildings, which increased susceptibility to an attack. At one agency, more than 90 laptops were being used to connect wirelessly to the Internet while they were physically wired to internal networks. This is a continuing problem that allows outsiders to gain access to sensitive data, said Naba Barkakati, chief technologist at GAO.

Continued here.