Rustic American Flag Gunny's Job Board

Category Archives: threats

The Threat from Within

By Carlos F. Parter, FCC/C10F Office of the Navy Authorizing Official

When we consider cybersecurity threats and vulnerabilities, we often think of external actors. Indeed, external actors work hard to get into our information technology infrastructure. Surprisingly, they are not our primary threat. When external actors successfully exploit a vulnerability, you must consider how and why. More often than not, the exploit was because of failures from within.

One of the biggest threats to the security of our information systems and networks is the insider threat. Internal actors are responsible for 75% of security breach incidents. Do the math. Three-quarters of successful attacks on our information systems come from within our infrastructure. The bad guys are working hard to get in, but the internal actors already have the keys to the kingdom.

What is an insider threat? The 2017 National Defense Authorization Act defined an insider threat as, with respect to the Department of Defense, a threat presented by a person who has, or once had, authorized access to information, a facility, a network, a person, or a resource of the Department; and wittingly, or unwittingly, commits an act in contravention of law or policy that resulted in, or might result in, harm through the loss or degradation of government or company information, resources, or capabilities; or a destructive act, which may include physical harm to another in the workplace. 

Simply put, an insider threat can be characterized as a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.

The insider threat is like a cancer that keeps eating away at our cybersecurity controls. The central purpose of cybersecurity is to ensure the confidentiality, integrity, and availability of our information. In other words, only authorized users should have access to the information, the information should be unaltered, and the information should be available to authorized personnel on request. The threat from within circumvents our ability to effectively secure our information resources from unauthorized access.

So, who is the insider? The insider could be anybody. Some examples of insiders are disgruntled employees, careless users or system administrators, those who are seeking financial gain (cyber/industrial espionage), untrained users, untrained system administrators, an employee with an internal sense of loyalty to a cause, etc. Any of us, or those who we work alongside (we are all “insiders”), could be the malicious insider at any given time if we do not take cybersecurity seriously. It only takes one person to open the door and allow bad actors unauthorized access.

People are the weakest link to any robust cybersecurity program. In contrast, people are also our greatest asset and our first line of defense. We are the eyes and ears of information security. If you see something, say something. Vigilance is essential to ensure that our sensitive information is protected from unauthorized access. We have to familiarize ourselves with the indicators of the insider threat and act accordingly.

Indicators of an Insider Threat

What are some indicators of the insider threat? The following is a list of some possible indicators of which we should be mindful:

  • Poor performance reviews. An employee may take a poor performance review personally and seek to get even with the company or organization.
  • Strong disagreements over policies and standards. An employee may circumvent a policy that he or she does not support.
  • Financial distress. Employees may feel overwhelmed regarding their financial status and make a rash decision to share sensitive information with external actors for personal gain.
  • Financial windfall. A shipmate has a new car, new house, or other tangible assets that are unexplained/unusual for his or her household income.
  • Unreasonable disagreements with co-workers/senior management. Violent behavior should be observed and reported to the chain of command.
  • Seeking information about projects or information to which they are not assigned or have access. Be cautious of individuals who are overly interested in sensitive projects in which they do not have a need-to-know.
  • Unusual/unreported overseas travel. Foreign travel to spots that are not frequented by tourists, not required for work, or have no personal ties to the individual could be an indicator of espionage. Also any routine but unreported travel outside the United States.
  • Secrecy. We should be careful with the sensitive information we are responsible for safeguarding, but we are not the owners of the information. Be aware of personnel who are overly secretive about their job.
  • Odd working hours. Be mindful of personnel who do not have a need to work outside of normal working hours and have access to sensitive information.
  • Inattentive work habits. Careless or inattentive work habits could result in an inadvertent spillage of sensitive information.

Fighting the Threat

We must create a culture of acceptable user behavior. The culture begins at home. Be cognizant of what you post to social media. Think twice before posting information about work. If the information is regarding a sensitive project or could lead to aggregated information that could become sensitive, do not post it to your social media accounts. Better yet, do not share sensitive information (part or whole) outside of work. Keep your operating systems updated, secure your Wi-Fi, monitor your browsing habits, avoid clickbait, do not install software from unverified sources, and keep your antivirus up to date.

Some of the mitigations to minimize the insider threat in the work place are as follows:

  • Company/Organization Policy. Users should be informed of expected behavior and the consequences of failure to comply.
  • User Awareness Training. We cannot overemphasize the need and importance of an effective user training program. Include spot checks, bulletin board postings, and other ongoing awareness activities to ensure insider threat awareness is ingrained as a central part of an organization’s culture. Include our individual responsibilities to report suspicious activity.
  • Network Monitoring. Monitor and baseline normal behavior and set alerts on deviations from normal behavior.
  • Separation of Duties. This requires dividing functions among multiple personnel to make it difficult for one individual to cause damage to an organization without a co-conspirator. It should take two to tango.
  • Job Rotation. When possible, create a work culture that fosters the sharing of ideas, but relies on the basics of cybersecurity to ensure you have a means to identify possible unusual user behavior. Job rotation is a great countermeasure to the insider threat. Job rotation improves your workforce skills and minimizes complacency from repeating the same tasks day in and day out.
  • Onboarding/Offboarding. An effective tool in defending against the insider is a command’s Onboarding/Offboarding process. When you onboard a new hire, you have the opportunity to share the organization’s vision, mission, and expected behavior. When using offboarding, you can see what the organization is doing right, ensure a smooth transition, and ensure that the former employee no longer has access to vital information technology resources.

Fight the Good Fight

There is no guarantee to rid our networks of the insider threat, but we can minimize the damage. We can all work together and do our part to ensure the damage done by the insider does not result in grave harm to our information systems and networks. Take user awareness training seriously, do not be afraid to speak up, govern your network hygiene, and be a part of the solution. The insider threat not only affects our cybersecurity posture, but the malicious insider degrades our operations security and counter intelligence activities. Our network depends on you — the users and administrators. For news and information from Commander, U.S. Fleet Cyber Command/U.S. 10th Fleet, visit or follow us on twitter @USFLEETCYBERCOM.

Graphic illustration by Defense Media Activity poyrazdogany

Cybersecurity: More than a Buzzword

By Chief of Naval Operations Adm. Mike Gilday

Cybersecurity has my full attention… and it should have yours too.

From personal mobile phone apps to our classified systems, cyber is intertwined with everything we do, both in our professional and personal lives. 

No doubt, cyber has enriched our lives in unimaginable ways. 

But we are also in a cyberfight 24/7, 365-days-a-year, at home and on the job, where the enemy is often unseen. Cyberthreats are all around us and we must be prepared to defend against them.

Information has become the cornerstone of how the Navy functions in the 21st century. Nothing the Navy does, or will do, can exist without it.

October, which is National Cybersecurity Awareness Month, should not just be a time to complete our annual cyber training. Rather, we must take time to recognize wherever you are, whatever system you’re operating, every time you log in, you are in a cyberbattle.

We, as a Navy, are also under attack every day. Our adversaries, who are technologically advanced, well-resourced and relentless, are focused on eroding our warfighting advantage by stealing our data, and compromising our networks and systems, including those that control our ships, aircraft, weapons and infrastructure. And they launch full-scale attacks with little or no warning.

Make no mistake. You play an important part in keeping the Navy secure. And we must ensure going forward that our Sailors, civilians, contractors, industry partners, and family members, have a comprehensive understanding of cyberthreats and actions that increase Navy’s cybersecurity readiness.

A successful cyberattack in one part of our network can jeopardize other systems and data because attackers move across the network to other targets once they are inside it – at network speed.

When attackers have this capability, one mistake by an individual can put others at risk. Because these stakes are so high, adhering to cybersecurity policies and best practices requires an “All Hands” approach to keep the Navy and our nation safe.

Throughout the month of October, our N2N6 Team will post resources here. There will be specific information on ways you can protect your home information systems from cyberattacks, and information specific to our cyber professionals.

While the Navy has made strides in our cybersecurity practices, including the creation of four new directorates that work for the Department of the Navy’s Chief Information Officer, there is still more work to be done.

For the Navy to compete, fight and win across the spectrum of our operations – I need you to understand the gravity of the cyberthreats we face. Be vigilant, and know our ability to prevail depends on what you do in cyberspace.

The Navy must dominate the information and cybersphere as we have dominated the maritime environment for the past half-century.

See you in the Fleet. poyrazdogany