2 months ago



International Threat/Cyber Intelligence Arrest of ex-NSA contractor shows federal cybersecurity still faces a serious inside threat By Steve Bittenbender The latest arrest of a government contractor charged with stealing documents and illegally downloading and retaining classified data indicates that the threat of an inside attack on data remains real and, in many cases, exposes an Achilles’ heel for U.S. cybersecurity efforts. Court documents released earlier this week show the Federal Bureau of Investigation arrested Harold T. Martin III at his Maryland residence in late August. In searching his house and car, investigators found numerous documents – both in hard-copy and digital formats – marked as highly classified that contained sensitive information vital to national security. In at least six cases, the documents date back to 2014. Martin worked for Booz Allen Hamilton, which performs work for several agencies involved with federal security and defense. Most recently, he was working within the Department of Defense, but documents found date back to at least 2014. At that time, Martin was a Booz contractor holding cleared position within the National Security Agency. “The disclosure of the documents would reveal those sensitive sources, methods, and capabilities,” said F.B.I. Special Agent Jeremy Bucalo in an affidavit filed with Martin’s criminal complaint. The NSA monitors and collects information regarding foreign intelligence matters. It’s also responsible for securing federal communications and computer networks. Booz Allen Hamilton is the same firm that employed Edward Snowden, who released without authorization classified NSA material three years ago. Most of the attention placed on cybersecurity focuses on efforts to stop hackers trying to penetrate systems from abroad. However, a survey conducted by cybersecurity software provider Imperva revealed that 1 in 50 employees (or 2 percent of the work- 36 force) can be considered a threat for an inside breach. In addition, 36 percent of companies surveyed said insider incidents took place on their systems within the past year. “The insider threat is real and reinforces the fact that the biggest threat to enterprise security is the people already on the payroll,” said Terry Ray, a chief strategist for Imperva. “The unfortunate reality is that insiders can do far more damage than external attackers because they have legitimate access and vast opportunity.” Amichai Shulman, Imperva’s chief technology officer, said current cybersecurity solutions target malware and other tools used by hackers. Those solutions do not work properly and because of that expose government and other vital systems to substantial risk. Solutions must be focused on protecting the target of the attack, the data, Shul- More on page 49

Intelligent Automation Inc discusses cyber attacks and tools of analysis and mitigation Cyber security is a critical issue as networks are consistently attacked and compromised. Due to the evergrowing dependency on computer systems and networks for business transactions, systems face growing cyber threats from both inside and outside. IAI has in-depth knowledge, advanced technology and extensive hands-on experience in providing cyber-attack analysis and mitigation strategies and solutions. IAI is focused on cyber defense through prevention, attack detection and mitigation, and reliability and trustworthiness. Examples of IAI’s cyber attack analysis and mitigation solutions include: Self-shielding Dynamic Network Architecture (SDNA) changes the nature of the network by introducing cryptographically strong dynamics. SDNA provides an IPv6-based integrated security architecture allowing multiple types of dynamics to be constructively combined. Various network-level dynamics like addressing, naming, routing, availability, etc. are incorporated into SDNA’s design. SDNA’s dynamics operate before, during, and after an attack and place the burden on the attacker, creating an environment where the network is secured by default. This approach significantly reduces the reliance on detection to defend against attacks. NIRVANA is cyber situational awareness tool that leverages efficient graphical models and inference/analysis algorithms to assist system administrators in enterprise network security analysis and dynamic situation awareness. We decouple the abstract knowledge from the particular network information like topology settings, roll out the instance network attack graph as needed, use efficient matching algorithms for situation awareness, 37 and apply inference algorithms under uncertainty to facilitate what-if analysis and action planning. IAI’s graphical models capture the inherence dependency relationships of applications on networks/systems, and of missions on applications. Our method enables independent graphic model development at different levels while ensuring interoperability. NetBEAM is an integrated tool for enterprise network monitoring and cyber behavior anomaly detection based upon the unique features and characteristics of typical cyber threats. JANASSURE is an automated network mapping tool to detect the existence of IPv6 transition mechanisms and evaluate the potential risk caused by IPv6 transition mechanisms in networks. Smart AppShield is a virtualization-based approach to application protection which employs an outof-the-box approach to monitor the information flow among applications and enforce the security polic- More on page 50

Government Security News July 2016 Digital Edition