Federal agencies scour for enemies within

Computer networks monitored with unusual scrutiny

Share with others:

Print Email Read Later

WASHINGTON -- After years of focusing on outside threats, the federal government and its contractors are turning inward, aiming a range of new technologies and counterintelligence strategies at their own employees to root out spies, terrorists or leakers.

Agencies are now monitoring their computer networks with unprecedented scrutiny, in some cases down to the keystroke, and tracking employee behavior for signs of deviation from routine.

At the Pentagon, new rules are being written requiring contractors to institute programs against "insider threats," a remarkable cultural change in which even workers with the highest security clearances face increased surveillance.

The "if you see something, say something" mind-set of the post-9/11 world has fully arrived in the workplace, with new urgency following high-profile leaks such as the revelations of former National Security Agency contractor Edward Snowden.

"People's sensitivity to this has changed substantially," said Lynn Dugle, president of a Raytheon business unit that markets an insider-threat detection system called SureView.

"I can tell you five years ago, when we were talking to agencies or companies about insider threat, we would normally be talking to [chief information officers] who were under budget stress. ... And that was a very tough sell. Now, we see boards of directors and CEOs really understanding what the threat can mean to them, and the risk it poses to them."

In response to the breach by former Army intelligence analyst Pfc. Bradley Manning, President Barack Obama in 2011 issued an executive order that established a National Insider Threat Task Force and required all federal agencies that handle classified material to institute programs to seek out saboteurs and spies.

While corporate security has long been part of the culture among Washington-area companies and federal agencies, the heightened focus and emergence of new monitoring technology touched off a burgeoning industry. In addition to Raytheon, Lockheed Martin has developed an insider-threat detection service, as have several startups in the Washington region.

Even Booz Allen Hamilton, which faced national embarrassment when Mr. Snowden, one of its employees, walked off with some of the nation's most guarded secrets, counsels its clients on how to detect rogue employees.

A recent job posting said Booz Allen was looking for an "insider-threat analyst," which required a security clearance and more than five years of experience in counterintelligence. The posting spread on the Web and sparked ridicule over the notion that the company that employed Mr. Snowden was now looking to help turn the historic breach into a profitable lesson learned.

Raytheon's SureView program lets agencies create all sorts of internal alerts indicating when something may be amiss. A company could, for example, program the software to detect whenever a file with the words "top secret" or "proprietary" is downloaded, emailed or moved from one location on the system to another.

Once that wire is tripped, an alert almost immediately pops up on a security analyst's monitor, along with a digital recording of the employee's screen. All the employee's actions -- the cursor scrolling over to open the secure file, the file being copied and renamed -- can be watched and replayed, even in slow motion.

Lockheed Martin provides a service called Wisdom, which acts as "your eyes and ears on the Web," said a company official. At its broadest use, the service can monitor mountains of data on the Web. But it can also be turned inward, at employees' online habits, to predict who within the organization might go rogue.

But all this corporate scrutiny doesn't necessarily bother groups that advocate for privacy protections. When it comes to using a government or corporate network, employees shouldn't have expectations of privacy, especially if they are dealing with classified information, said Ginger McCall, an associate director at the Electronic Privacy Information Center. "I think there is an important distinction between monitoring a person's personal emails and monitoring access to sensitive databases," she said.

Join the conversation:

Commenting policy | How to report abuse
To report inappropriate comments, abuse and/or repeat offenders, please send an email to socialmedia@post-gazette.com and include a link to the article and a copy of the comment. Your report will be reviewed in a timely manner. Thank you.
Commenting policy | How to report abuse


Create a free PG account.
Already have an account?