Biden must address insider security threat first

by Joseph K. Clark

Last year went out with a bang infosec-wise with the SolarWinds and FireEye breaches, and 2021 has come in with a bang given the attack on the Capitol in Washington DC and the inauguration of a new president of the US. What do these events presage for the information and IT security industries and professionals in the US and internationally?

Although it is still too early in the new US administration to garner firm ideas on what the administration will do vis-a-vis cyber security and international cooperation, the initial signs are positive.

address insider

However, there is much to do within the US government itself, given the accepted assumption that there are bad actors within its infrastructure and that there is no currently available official assessment of what was compromised during the invasion of the Capitol.

My expectation is that there will be a primary focus on identifying and recovering from any breaches, followed by work to improve the underlying infrastructure security. There will also be a necessary focus on the US-led cyber industry, particularly given the previous events concerning SolarWinds and FireEye.

Other than the Five Eyes surveillance alliance, I believe that security cooperation with international cyber companies will be a lesser focus, particularly given the US cyber industry’s role outside the US.

However, there are other lessons to be learned, mainly because of the attack on the Capitol. Firstly, there is evidence of insider assistance to those attacking the Capitol. Simply stated, there were insider threat sources and insider threat actors. No cyber professional or anyone in the role of a human resource should ignore this.

For the new administration, this will necessitate a root-and-branch overhaul of the security vetting procedures for all administration staff and contractors and all elected officials and their staff. There will be opposition, particularly from the elected representatives, but given the scale of the Capitol breach, it needs doing and doing urgently.

Because the attackers actually got into the Capitol and some items, including laptops, were stolen, plus the building’s IT infrastructure could have been breached under cover of the attack, that raises the issue of physical security and how staff should react in such a situation.

A complete physical security investigation needs to be undertaken and develop a comprehensive inventory of what assets were taken, including data and informational assets, not just hardware items.

Social media, both mainstream and private social groupings, played a significant role in organizing and coordinating the attack on the Capitol. This might indicate that the new US administration will try to put more effort into monitoring these channels.

However, such monitoring raises the question of how social media should be regarded. Is it a common carrier, or is the definition only applies to the underlying internet path that social media communication travels over?

Another aspect of monitoring is the area of freedom of speech and Big Brother-style monitoring. This is a fraught area and one I will not comment on, save to say that some companies offer reputation monitoring services to the commercial sector. However, care has to be taken concerning country-specific regulations and legal obligations including, but not limited to, the Data Protection Act 2018 in the UK, the Investigatory Powers Act 2020 in the UK (similar powers exist under the Patriot and USA Freedom Act), the General Data Protection Regulation across the EU, and, of course, the US First Amendment. Time will tell what happens next.

Related Posts

Leave a Comment