September 2, 2013

Spy agencies hunt for insider threats

The government spends millions to uncover suspicious staff activity, but the scrutiny is uneven and possibly wasteful.

By CAROL D. LEONNIG, JULIE TATE and BARTON GELLMAN The Washington Post

(Continued from page 1)

Pfc. Bradley Manning
click image to enlarge

After former Army Pfc. Bradley Manning, above, leaked hundreds of thousands of documents in 2010, the intelligence community became more focused on insider threats. But the spy agencies’ systems failed to notice that Edward Snowden, below, was copying classified documents from NSA networks.

The Associated Press

Edward Snowden
click image to enlarge

An intelligence official knowledgeable about insider-threat programs said government agencies may need to better calibrate their software and reassess their criteria for what constitutes a realistic or likely threat.

But he added, "Insider-threat detection is an important security tool that needs to be put in place."

NSA spokeswoman Vanee Vines said the investigations are part of an effort to try to reduce risks, not investigate known threats.

"In FY 2013, NSA planned to initiate 4,000 re-investigations on civilian employees to reduce the potential of an insider compromise of sensitive information and missions," Vines said in a statement. "Periodic re-investigations are conducted as one due-diligence component of our multifaceted insider threat program."

President Obama issued a national insider-threat policy in November 2012 that defines the problem as any risk that insiders will use their access to government secrets, knowingly or unknowingly, in a way that hurts U.S. security. The damage can come through "espionage, terrorism, [or] unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities."

The policy puts leakers of classified information on par with terrorists and double agents, an equivalency that critics of government secrecy find worrisome.

"It's disturbing, because they are not the same," Aftergood said. "There are such things as a good leak. Some classified things should be public. The official policy does not admit that distinction."

MASSIVE NEW DATABASE

The newly obtained budget records also reveal what some consider a new security risk in the making. The NSA is creating a massive new database, code-named WILDSAGE, to facilitate the use of sensitive intelligence. The system "provides a mechanism for cybersecurity centers to share signatures at the SECRET classification level," the budget document said.

The NSA had not fully implemented WILDSAGE, according to the budget document. But the intelligence community also reported that it "made significant progress in FY 2011 in increasing collaboration" across cybersecurity centers and in creating architecture to share important information on risks."

Such shared databases give government employees information they may need to track and disrupt terrorist or cyber plots, officials said.

The investigation of a 2009 plot by al-Qaida's affiliate in Yemen to bring down a civilian aircraft over Detroit found that government agencies failed to share information that could have flagged the would-be bomber and put him on a terrorist watch list.

A report by the Senate Intelligence Committee identified 14 failure points, including that the CIA did not disseminate some its reporting, which allowed bomber Umar Farouk Abdulmutallab to board a U.S.-bound flight from Amsterdam.

But the new NSA system has stoked fears about insiders' access after Manning downloaded the entire contents of a similarly shared State Department database.

"It's a valid concern," said one intelligence official. "But the other side of this is the need to share information."

In the case of Manning's leak, the State Department maintained a shared Net Centric diplomacy database where all secret-level cables were deposited and available to all intelligence agencies to access and search. Manning reviewed the database while creating analytic intelligence products in Iraq.

Manning was convicted last month of leaking classified information and subsequently sentenced to 35 years in prison.

The prosecutor in Manning's case said the U.S. government ultimately has to entrust its secrets to its employees -- even low-level ones.

"Military intelligence professionals go to work every day and use the information available to them to do their jobs," said prosecutor Capt. Joe Morrow. "We can take all the mitigation steps in the world, but the bottom line is that there is no step we can take as a nation, as a military, that's going to stop the determined insider."

 

Were you interviewed for this story? If so, please fill out our accuracy form

Send question/comment to the editors




Further Discussion

Here at PressHerald.com we value our readers and are committed to growing our community by encouraging you to add to the discussion. To ensure conscientious dialogue we have implemented a strict no-bullying policy. To participate, you must follow our Terms of Use.

Questions about the article? Add them below and we’ll try to answer them or do a follow-up post as soon as we can. Technical problems? Email them to us with an exact description of the problem. Make sure to include:
  • Type of computer or mobile device your are using
  • Exact operating system and browser you are viewing the site on (TIP: You can easily determine your operating system here.)