A Reuters article entitled, “U.S. agencies moving slowly to tighten data security, despite major leaks” reports that the US government is over budget and over schedule on implementing a software solution to detect insider threats and whistle-blowing. On top of that, the software itself is buggy, reports false positives, and places a heavy burden on agency infrastructure. With all of that, and with the basic nature of the government’s problem, I can only imagine that if / when the software solution is implemented, it will be grossly obsolete and will not perform as desired.
This is a common problem in counter-intelligence efforts within an asymmetrical environment, and it is commonly given a bad solution. Any time you have an asymmetrical conflict (i.e. a large organization versus a small team or individual), both sides have strengths and weaknesses that need to be conscientiously identified and considered. The large organization has a lot of assets that can be brought to bear but is slow to implement change. The smaller party is severely limited in their actions but is very agile. In both cases, each party attempts to use their strengths but needs to, concurrently, address their weaknesses.
The situation presented in the article is a perfect example of this classic situation, and, while the US Govt is definitely attempting to utilize its strengths, it is not considering or addressing its weaknesses. The US Government has a lot of assets (money, time, manpower) but is slow to bring change (political process, bureaucracy, lack of technical knowledge). The adversary here is interesting, though. It is the technically adept whistleblower / hacktivist. In this situation, the smaller party has both agility AND greater technical knowledge that the large party. On top of that, the hacktivist generally acts on his own, without ties to a greater group. (Note: We’ve progressed from nation-state vs nation-state, to nation-state vs cellular-grouped stateless actors, to nation-state vs individuals. The US Govt is still stuck in the first mode).
What does this tell us about the US Govt’s plan to use a “technical umbrella solution?” They’re definitely using their strengths (teams of coders, lots of money, etc.), but they’re not addressing their weakness (hard, costly, and time consuming to implement, once implemented the software is obsolete), Furthermore, this solution would not have prevented the very technical hacktivist, who often has Sys Admin and global privileges and could bypass the surveillance, that it seeks to contain. Another thing to consider – what happens if the implementers of the detection software are, themselves, hacktivists? See the dilemma?
What should the US Govt do in order to prevent these kinds of leaks? Focus on the small group, limit privileges, increase teamwork and build from there. Specifically, limit access and roles to need to know (something the US Govt is implementing now), focus on team behavior (simple things like, get rid of cubicles, have daily stand up meetings with many collaborators on the small team helping / looking out at each other, etc.), and have defined chain of commands with specific vertical roles. Stay away from the “technical” / software solutions.
In the end, the hacktivist’s greatest strength is his greatest weakness. While he acts independently and cannot be sniffed out through traditional communications surveillance, he is, in fact, alone. Prevent this. Prevent people, even in their daily activities, from physically being alone while performing work. Implement paired-programming / buddy systems (two people sitting at a desk, each who can look at the other’s monitors and are encouraged to help each other). The more people who are involved with each other’s work, the more eyes you have on activity, and the harder it is to hide any nefarious activity.
This is already implemented in Agile / Scrum development shops. Adopting these tried and true industry methodologies will actually improve government efficiency and agility, and will help disperse paranoia (a huge problem in any counter-intelligence operation).
tl;dr: The government should stay away from technical / software solutions and should instead focus on behavioral / production methodologies to increase eyes on activity, increase team efficiency, and prevent lone actors from having the privacy needed to carry out whistle blowing and hacktivism.
Tinkerer 