Automation suggested as ‘insider threat’ solution

2017-04-07-insider-threat-ai

In the wake of high-profile leaks of government secrets in recent years such as those by Edward Snowden and Chelsea Manning, and most recently the CIA revelations from Wikileaks, the “insider threat” has become a prominent concern in national security circles. It is not surprising, then, that someone has now suggested another popular buzzword — automation — as a solution to this topical problem.

Currently, “the background investigations used to grant security clearances rely on a behavioral model developed during World War II” writes Daniel McGarvey, a counterintelligence expert at the firm Alion Science and Technology, in a recent article.

“With 21st century technology, investigators can do better, evaluating conduct and communications for signs of personality traits typical of at-risk employees,” McGarvey writes. “With current technology, they might have flagged Edward Snowden and Chelsea Manning before they had a chance to cause serious damage to national security. It is a more accurate way of predicting misconduct than the cumbersome, time-consuming, and costly process by which the government currently grants clearances.”

McGarvey goes on to profile the typical “malicious insider.”

“An initially loyal employee does not suddenly transform into a malicious insider,” he writes. “The path to a significant destructive act is marked by small infractions that grow in response to mounting personal and professional stress. Employees who engage in one type of counterproductive behavior will often engage in others. Minor misdeeds can escalate into severe transgressions.”

Manning and Snowden may fit the profile of a typical “insider threat,” as defined by McGarvey. “Chelsea Manning frequently used the word ‘lose’ in close proximity to the words ‘job’ and ‘career’ – textual relationships that linguistics software could flag,” he writes, while “Snowden’s postings to the online forum Ars Technica indicate a lack of empathy and trust, a high degree of narcissism and self-absorption, and a limited willingness to compromise – traits that suggest a tendency to justify and act on one’s beliefs regardless of the impact on others.”

Others who have allegedly taken classified documents without permission, however, do not fit the typical profile. Also, as McGarvey points out, “not everyone whose wife leaves him or is unhappy at work turns into a malicious insider.”

Nevertheless, McGarvey is in favor of a solution that involves an even greater degree of invasive surveillance of anyone cleared to handle classified information, beyond what is already in place.

“Organizations must implement ways to monitor and evaluate employees continually,” he writes. “Advanced monitoring tools that identify life stressors, strong emotions, and atypical behavior can provide early warning of potential misconduct or spot small-scale malicious acts before they become something more sinister. It’s the same technology developed by retailers to analyze customers’ social media posts and micro-target their marketing to match individual shoppers’ preferences. Software that analyzes a consumer’s sentiments about a ski jacket can also assess an intelligence officer’s frustration with his job.”

While automation could arguably help with some aspects of rooting out leakers, though, even McGarvey admits it will have its limits. “Software can find and flag language or behaviors of potential concern, but a human is needed to assess an employee’s actions in the context of that person’s life,” he notes, adding that “no single technology or technique will be a panacea.”

Indeed, in an era when automation is being heralded as the solution to everything from de-radicalizing would-be ISIS sympathizers to driving cars and living in houses, it is worth taking a step back and questioning whether it might actually be counterproductive to add counterintelligence “insider threat” detection schemes to the list.

“Only if employees believe that monitoring is designed to protect the health, safety, and well-being of the organization and its workforce can an insider program avoid alienating the very people it is designed to protect,” McGarvey notes. Indeed, as surveillance becomes ever more pervasive, and the predicament of those granted security clearances increasingly seems to resemble that of members of the fictional Outer Party in George Orwell’s 1984, indoctrinating employees into this belief system may become a correspondingly difficult task.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s