Whistleblower (will be prosecuted):
Whistleblower (won’t be prosecuted):
I am in awe of his courage, and sense of morality. In awe.
Once the ‘ red mist’ lifts, there might be a wider debate about the risk of ‘insiders’ – those who exploit their legitimate access to an organisation’s assets for unauthorised purposes.
There are two very serious breaches being debated in the public domain at present; Manning & Snowden. Despite the latter having been identified as a contractor, recent (UK) evidence reveals that the majority (88%) of insider acts are actually carried out by permanent staff. Only 7% of cases involve contractors and 5% agency/temp staff. That said, there seem to be an enormous number of contractors working in the US intelligence community.
Back in the UK, other factors seem more closely aligned with these recent US cases. Most insiders have been male (82%), aged between 31-45 years and most take place within 5 years of employment (and extend over a period of around 6 months). The most frequent type of insider activity is unauthorised disclosure of sensitive information.
The US has been quite slow to address the threat of ‘insiders’, at least in the public domain. Further insight is needed: to examine personality types, behaviours and organisational factors associated with this level of activity. Like Snowden and Manning, ideology and desire for recognition are closely linked to unauthorised disclosure of sensitive information (as opposed to financial gain, which is most closely linked to corruption). Motivation remains a key issue, Manning & Snowden were not ‘deliberate insiders’ – they appear not to have set out to obtain employment with the intent to abuse their access (but who knows where Hong Kong might take us). Neither do they appear to have been ‘recruited’ (by a hostile party) whilst in the job (caveat as above). Based on currently available information, both seem to have been ‘self-initiated’, deciding at some point to abuse their access (though not at the outset). Enquiries will no doubt focus on their primary motivation; though this seems to be some form of disaffection.
Individual level factors influencing insider activity include personality traits, lifestyle/circumstantial vulnerabilities and workplace behaviours – these, set in a proper context, might be predictive behaviours.
The overwhelming failure here though is poor organisational management. A number of weaknesses with the US intelligence community are already apparent (and have been exploited) e.g. failures around management practices, auditing controls, security culture, background screening, having a robust role-based personnel security risk assessment, poor communication & security awareness.
These current cases underline some key implications for personnel security in terms of helping to reduce vulnerability to the insider threat. The ‘predictors’ of such activity mentioned above are not always present or observable at recruitment. There is enormous complacency about personnel security – and an over reliance on ‘technical’ security measures. As the first line of defence, security aware managers will often be best placed to identify potential problems.
It is difficult, but only robust/on-going protective security measures and effective line management will reduce this vulnerability – some might argue that good management (of those in such sensitive employment) will not be a priority after the function has been outsourced.
The USA is looking more and more like the old Soviet Union.
That comparison is way over the top and I am not sure if that helps the debate. It must be possible to criticize something without referring to the Soviet Union or Nazi Germany.
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of follow-up comments via email.
Notify me of new posts via email.
Click here to subscribe by e-mail.
Join 2,263 other followers
Get every new post delivered to your Inbox.