Insider threat: cybersecurity considerations when the walls will never be thick enough
Five technology experts collaborated to discuss cybersecurity in the federal government with a focus on insider threat. Members of the panel included Kerry Long, program manager at Intelligence Advanced Research Projects Activity (IARPA) in the Office of the Director of National Intelligence; Deborah Pierre-Louis, chief information security officer and director of the Policy, Liaison and Training Oversight Office, Directorate of the Deputy CIO for Information Assurance at the Department of State; Melinda Rogers, chief information security officer at the Department of Justice; and Tim Estes, founder and CEO of Digital Reasoning.
The discussion began with an analogy to protecting agencies with strong walls. Each panelist commented on the weakness of focusing solely on endpoint security. When dealing with an insider threat, the size of the wall is not an issue. Encryption may not even be the solution because the insiders may have the encryption keys. The panelists opined on a variety of terms including “breach,” “hack,” and “cyber intrusion.”
The cybersecurity experts then included the role of automation in the discussion. Several examples were given where an automatic response of a threat was appropriate, but there was a much more nuanced response. This is because each threat varies and a patterned response could lead to unintended consequences.
Finally, the panelists gave opinions on the amount of data that has to be analyzed and the approach that can be used to understand that amount. The difficulty is that no analyst can possibly be expected to understand the amount of information thrown at them every day. If machines are producing that much information then, perhaps, the solution is in machines being able to interpret what the data means.
To watch panel, click here.