Dr. Kim Miller
Adjunct Professor of Criminal Justice, School of Security and Global Studies, American Military University
There probably is no one software solution to counter all insider threats. The battle against insider threats requires a combination of personnel security, computer security and information security. However, new software, hardware and maybe wearable technology can help slow the insider threat and might be a part of a workable solution.
Security Professionals Have New Software Aids to Add to Their Toolkits
Senior political advisers and corporate executives who use the simple password of “password” hurt computer systems and make them vulnerable to threats, even as security technology continues to improve. New software tools are available that security professionals need to explore and perhaps add to their cyber defense toolkits.
On June 30, 2000, Forbes reported that “President Bill Clinton used a smart card encrypted with his digital signature to ‘e-sign’ the Electronic Signatures in Global and National Commerce Act into law.” Law 360 states, “Since 2000, 47 states (and the District of Columbia) have adopted UETA, which also embraces e-signatures, e-delivery and e-record retention very similarly to ESIGN, and thus, UETA is the prevailing law governing these matters.”
Since then, the technology of encrypted signatures has improved and could be part of a solution to identify our actions. Much of Asia, including China, uses a physical chop, a special invoice stamp registered with the courts, to authenticate legal documents. Perhaps in the future, we will have a physical electronic “chop” as a part of our signature, passwords and computer access controls.
Bluetooth Technology Improves Distance Security
Password storage and wireless logins based on proximity and the strength of a Bluetooth signal could be useful for improving security. The proximity device could be a fob-type device, which is already being used in place of the old ignition key in late-model automobiles. The fob could provide a second factor of authentication.
Having the fob and a personal identification number (PIN) prevents someone from gaining access to an unattended computer or a stolen laptop. For additional security, the fob would work only within a geo-fenced area and allow access only when the owner was at work or at home.
The idea of a physical device with a geo-fence is an interesting possibility for use with unclassified information or for documents classified ”For Official Use Only.“ Unlocking a computer with a device based on proximity and measured by the strength of the Bluetooth signal would add some security and provide a verification element for a tracking audit.
Hideez Offers Two Personal Security Devices
Hideez, a provider of electronic security keys, is on a mission to protect personal and digital security. The company’s top products are Hideez Key and Hideez 2.
Many government departments and federal laws, including the Health Insurance Portability and Accountability Act (HIPAA) have this same difficult mission of protecting digital information. Previous physical devices to protect personal data were tried and failed. Now with newer, improved products, it will be possible to create more rings of defensive security.
Many organizations use a radio frequency ID (RFID) system to provide access control to systems and shipments. The same RFID device might also be compatible with a physical access system.
Wearable security devices come in many forms and are becoming thinner and faster than earlier devices. Examples include keychain fobs, wristbands, pendants and clip-on devices that attach to a belt, pocket or purse.
Hideez could increase the defensive rings of security, especially with its Hideez Key 2. This wearable key is thinner, faster and water-resistant. It also comes with a rechargeable battery. Its dynamic RFID allows users to open as many as 1,000 doors with one key.
The company also has enterprise servers that can replace third-party security assistance for customers with a self-running system.
Organizations Must Improve Control of Their Intellectual Property and Secrets
Every organization must control its security system because there are times when management will have to withdraw access to the system. Employees who are very ill, hospitalized or away for an extended time should have their offices locked and the contents of their computers digitally locked.
A company also must exercise control of its intellectual property when an employee is terminated. On such occasions, companies and government agencies must be able to quickly conduct a remote lockdown of the departing worker’s office equipment.
Lastly, the theft or loss of a device is perhaps the most common reason for remote security technology. In such cases, it is important to locate a device, lock it remotely and decide whether its hard drive needs to be deleted with a remote wipe.
Accountability Is Critical to Detecting and Thwarting Insider Threats
Accountability is critical to detect and apprehend insiders who pose a threat to intellectual property, customer privacy and financial information. The use of Bluetooth to remotely authenticate the holder of a controlled device can improve security and auditing. It is also a physical reminder that an inside attacker will be held accountable.
Passwords are often obtained via social engineering or by hacking or theft. A device that does not rely solely on a password decreases its vulnerability. Nothing will completely prevent hacking, but corporations and government organizations must build in-depth security to increase the protection of intellectual property and personal information.
Steps to Secure Your Data
- Learn to control physical access to your computer. Turn off all interfaces, including Wi-Fi and Bluetooth, when they are not needed.
- Keep any transmitting devices, including a wireless mouse, separate from your computer.
- Consider using the Tor Browser Bundle, which is a secure, anonymous browser. Tor is as close as possible to an anonymous presence online.
- Don’t stay logged in when browsing, run antivirus system protection programs between sessions and be careful of the sites you visit.
The cybersecurity tools landscape is evolving. But sometimes new defenses are introduced on the market before organizations recognize the need for them. Cyber defenders must learn about new security offerings to better protect their systems. They must constantly look for ways to make it increasingly difficult for attackers to penetrate computer systems.
About the Authors
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea, supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous U.S. locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, “Secrets to Getting a Federal Government Job.”
Dr. Kim Miller is an adjunct professor of criminal justice in the School of Security and Global Studies at AMU. Her academic credentials include a B.S. in Criminal Justice and an M.S. in Criminal Justice from Kaplan University, as well as a Ph.D. in Public Safety-Criminal Justice from Capella University. She is also a Certified Fraud Examiner, a New Jersey Licensed Private Detective and an investigative analyst.