Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
71 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings • Establish a baseline of normal network device behavior. • Be especially vigilant regarding social media. • Close the door to unauthorized data exfltration. By educating your workforce on the signs of potential weak- nesses, the insider threat vulnerability can be shrunk sig- nifcantly. Action Plan Insider threat is a real and serious problem; never assume that an organization is well protected or immune to insider threats. Insiders, with their authorized access, pose a sig- nifcant risk. It is vital that organizations have the ability to detect external threats and create systems to protect the organization's information and information systems from unauthorized insider threats. "Leaks related to national security can put people at risk. They can put men and women in uniform that I've sent into the battlefield at risk. They can put some of our intelligence officers, who are in various, dangerous situ- ations that are easily compromised, at risk … So I make no apologies, and I don't think the American people would expect me as com- mander in chief not to be concerned about information that might compromise their missions or might get them killed." — President Barack Obama As the cyber domain continues to grow and organizations' dependency on it expands, the threat vectors associated grow exponentially. It is recommended all organizations be proactive in getting information about insider threats to their workforce, assess their current defenses, and plan actions to improve and increase organizations' systems. While insider threats can never be completely eradicated, a proactive stance can signifcantly reduce their organiza- tional impact. The threat is real, the problem is complex, but with a layered strategy of policies and procedures, organi- zational culture, and technical controls, insider threats can be contained. About the author: Mr. Greg Smith is the Intelligence Specialist Chief, Intel Division Senior Watch Offcer, at the U.S. Coast Guard Cyber Command. Bibliography: Defense Security Service, Counterintelligence Directorate. Insider Threats. FBI. The Insider Threat; An Introduction to Detecting and Deterring an Insider Spy. Grimes, R. A., Insider Threat Deep Dive; Defend Your Network from Rogue Employees. InfoWorld. Information assurance Technology Analysis Center. The Insider Threat to Information Systems, October 10, 2006. Software Engineering Institute, Carnegie Mellon, Insider Threat Study: Computer system Sabotage in Critical Infrastructure Sectors, May 2005. Software Engineering Institute, Carnegie Mellon, Common Sense Guide to Mitigating Insider Threats, 4 th Edition, Dec. 2012. ra2studio / iStock / Thinkstock