The Pentagon seems to be experiencing a resurgence in leaks of sensitive information comparable to the devastating disclosure of nuclear details to Russia that Manhattan Project insiders perpetrated. Like those Cold War traitors, people such as Bradley Manning and Edward Snowden have muddled motives for stealing sensitive information that make them hard to profile. Unlike earlier generations, though, today’s insiders have a host of methods for exfiltrating their data. As the defense department comes to grips with the reality that some of its worst cyber threats may originate internally rather than in Beijing or St. Petersberg, it is stepping up efforts to guard against further security breaches. The department needs to license whatever off-the-shelf solutions are available that can prevent the conveyance of sensitive data to unauthorized users or unregistered devices, but it also needs to listen to other federal agencies like the FBI and TSA that have come up with sophisticated ways of detecting suspicious behavior. Private-sector companies figured out years ago that if you are going to hire hackers to defeat “advanced persistent threats,” you’d better have ways of keeping tabs on them. Rather than reinventing the wheel, Pentagon policymakers ought to look closely at how other agencies and organizations have dealt with cyber threats originating within their ranks. I have written a commentary for Forbes here.
Find Archived Articles: