Designing an Effective Insider Threat Program

By Mark Kelton

Kelton retired from CIA as a senior executive with 34 years of experience in intelligence operations. He is a partner at the FiveEyes Group; a member of the Board of Trustees of Valley Forge Military Academy and College; member of the National Security Advisory Board of the MITRE Corp.; member of the Day & Zimmermann Government Services Advisory Board; member of the Siemens Government Technologies Federal Advisory Board; and a member of the Board of BigMediaTV.

“But what is new is that the small fry also have the power of betrayal…Science, adding to our armoury, continually demands more mechanics and more clerks and with every demand makes the problem of security more difficult to solve.” – Rebecca West, The New Meaning of Treason (1966)

When West wrote that passage, she was describing treasonous banalities, citizens of western democracies who had betrayed their countries in service of Soviet tyranny.  Her words, however, have a quality of prescient timelessness in that they are as applicable today as they were almost 50 years ago.  In the Cold War era, the damage even the most proficient and motivated spy could inflict was constrained by the relative inaccessibility of sensitive information in comparison with access afforded by today’s IT systems.  The murders of heroic CIA Soviet agents ascribable to the treachery of Ames, Hanssen, and their ilk aside, the damage such turn-coats could inflict, albeit great, was bounded both by compartmentation and by the fact that much of the data to which they had access was retained in paper form.  That reality imposed operational constraints on those seeking to fully exploit the traitors’ access.  The time, effort, and potentially alerting nature of copying, photographing, or carrying documents out of the workplace forced the spy and his handler to consider the risk inherent in any such activity, a calculus that almost invariably served to limit the scale of damage they might otherwise have inflicted.  That is no longer necessarily the case.

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Sign Up Log In


Related Articles

Search

Close