Insider threat problem topic of a GovSec panel
facility in plastic bags.
The two were eventually caught in a sting operation by local law enforcement officials as they tried to sell twenty four of the bags, which contained an estimated 370 pounds of yellowcake. 550 pounds were not intercepted and police believe they were sold to other smugglers.
Sokova said that the material is a “long way’ from being used as an operational component in an atomic device, but it highlights insider threats at nuclear facilities because the two individuals successfully exploited weaknesses in the plant’s security measures.
A cable released last November indicated that U.S. officials in Pakistan shared similar fears that an employee working in one of Pakistan’s nuclear facilities could “gradually smuggle enough material out to eventually make a weapon.”
Bunn said that the leaked cables were a “continuing reminder” of the seriousness that insider threats pose and there was an immediate need “to secure all weapons usable nuclear material around the world and make sure that it cannot be stolen and fall into the hands of terrorists.”
The problem of insider threat and measures that can be taken to minimize it will the subject discussed on a panel — “Insider threat: challenges and responses” — at the GovSec event which will be held in Washington, D.C. from 29 to 31 March.
The speakers on the panel agree that securing both facilities and data has typically been considered to involve two levels: physical/perimeter security (fences, gates, locks, firewalls, etc.) and identification/authorization (making sure, through biometric and other means, that people are who they say they are, and that only authorized people are allowed into a facility, a secure area, or gain access to data)s).
The increasing problem of insider threat, however, now necessitates a third layer of security: making sure that known and identified personnel — prison guards (but also prisoners), scientists in national labs, employees of the NSA, etc. — do not bring illegal or unauthorized materials or gear with them into the facility to perform illegal activities. The panel will address this third layer of facilities and data security by assessing the scope of the problem and discussing the technologies available to address it.
Speakers will discuss different vulnerabilities and exploits, and the means to deal with them. Among the topics: impersonation; forged credentials; virus-laden CD and/or USB flash drive and/or floppy; smuggling out USB flash device or other media(exfiltration); smuggling in contraband, prohibited gear (infiltration); extra copy of DB backups; wireless transmissions; cell phone/PDA/voice recorder in classified meeting; wireless telephone cameras to capture information; telephone tape recording onto removable media, and more.
The panel will be chaired by Ben Frankel, editor of the Homeland Security Newswire, and speakers will include Scott Schober of Berkeley Varitronics Systems, Dennis Wolfe of Canon, Jena Baker-McNeill of the Heritage Foundation, and Amanda Wood of the staff of the Senate Committee on Homeland Security and Governmental Affairs.