Insider threat / GovSec 2011Safeguarding the private and public sector from insider threats
While most discussion of insider threats have focused on cyber security concerns, a recent panel at the Government Security Convention and Expo in Washington, D.C. discussed the potential physical threats posed by insiders;businesses, government agencies, and other organizations are vulnerable to a host of threats from insiders including corporate espionage, workplace violence, and the loss of sensitive materials or data; panelists discussed efforts to reform the Federal Protection Services, which is charged with securing roughly 9,000 federal facilities, the latest technologies in detecting cell phones in secure areas, new body scanners, as well as the legality of stepped up security measures
While most discussion of insider threats have focused on cyber security concerns, a recent panel at the Government Security Convention and Expo in Washington, D.C. dealt with the full range of threats posed by insiders.
These types of threats are often the most difficult to detect as they originate from individuals who have already been screened and given access to an organization’s critical resources.
For instance, a recent batch of leaked cables from the State Department revealed that the world’s nuclear facilities were most vulnerable to insiders who sought to procure radioactive material to build weapons of mass destruction.
In one incident, in September 2009, two employees at the Rossing Uranium Mine in Namibia smuggled nearly half a ton of uranium concrete powder, or “yellowcake,” out of the facility in plastic bags.
Highlighting the danger that insider threats pose, Matthew Bunn, author of the Nuclear Threat Initiative’s “Securing the Bomb,” said, “The biggest concern of major production, to my mind, is theft from the places where the [nuclear] material is being handled in bulk.”
“All but one of the real thefts” of weapons-grade uranium or plutonium “were insider thefts from bulk-handling facilities—that’s where you can squirrel a little bit away without the loss being detected,” he explained.
Aside from nuclear plants, businesses, government agencies, and other organizations are vulnerable to a host of threats from insiders including corporate espionage, workplace violence, and the loss of data.
Speaking on the panel, Amanda Wood, the deputy general counsel to the U.S. Senate Homeland Security Committee, described the legislative push to secure federal facilities.
Currently the Federal Protective Service (FPS) is charged with overseeing security at 9,000 federal facilities across the nation, but the organization has proven unable to effectively protect employees and prevent illegal materials from being smuggled into buildings.
According to Wood, Government Accountability Office (GAO) reports and independent investigations by the DHS Inspector General “have documented serious and systematic flaws within the operations of FPS.”
“These lapses place federal employees and private citizens at risk every day,” she said.
As evidence she cited an undercover investigation by GAO in June 2009, where investigators successfully smuggled bomb making materials into ten federal facilities and were not detected, even as they assembled the parts.
“Every single building that GAO targeted was breached, which is a perfect record of security failure,” Wood said.
Wood also cited a recent incident that occurred in late February at a federal office in Detroit where a suspicious bag