Cris Inglis, the NSA Deputy Director at the time of the Snowden leak, answers CBR’s questions about insider attacks.
There is a scene in the Snowden movie where the Deputy Director of the NSA, played by Patrick Joseph Byrnes, sends Joseph Gordon-Levitt’s Snowden on a mission to Hawaii. The man portrayed by Patrick Joseph Byrnes is Chris Inglis, the now ex-Deputy Director of the NSA who disputes ever meeting Edward Snowden and questions whether the Oliver Stone biopic is more fabrication than dramatisation.
For Inglis, the film was yet another extension of Snowden’s ability to spin a story which continues to vilify the NSA. This story, wherever your allegiances lie on the patriot/traitor argument, starts with Snowden as the ultimate insider threat. The first lesson taught by Snowden is to never underestimate the insider threat – a point which Inglis readily acknowledges happening at the NSA.
At an exclusive media Q&A hosted by Securonix, CBR’s Ellie Burns followed up with Inglis about how the insider threat has evolved since Snowden. Inglis told CBR that insider threats have greatly increased in scope and scale – which is an opinion that aligns with what many experts in the industry say. The former NSA Deputy Director admitted that it was hard to say if insider threats had changed in character, from stealing data to destroying data or taking systems online, due to a lack of data points available.
Inglis did, however, use Snowden as an example of the different kinds of impact an insider attack can have on an organisation.
“Snowden is an interesting case in point, with the malice of forethought he stole data and then he kind of conducted an information operations campaign to essentially take that data and to craft a story – which I would assertively allege is untrue,” Inglis told CBR.
“It was a very successful campaign because a large body of the people that were listening to him believed what he said to be true. He carefully selected the material that he released and in many cases possibly misinterpreted the data he had, but none the less was hugely successful in getting a large body of the American public to say, the NSA is in the wrong place.”
Strip back the politics and the Hollywood portrayals – Snowden was the archetypal insider threat. Whatever your ethical stance concerning his actions, businesses and government must learn from this leak. However, that it is easier said than done when the current cyber landscape is dominated by news of state-sponsored and external cyber attacks – it’s hard to look inside, when you are so busy looking outside.
Both business and government have no easy task – from managing privileged identities to shadow IT, phishing and so on, it is becoming ever harder to protect both externally and internally.
For Inglis, part of the solution lies in behavioural analytics that analyse and monitor patterns of user behaviour in order to spot threats. User & Entity Behaviour Analytics (UEBA) technology can distinguish between a trusted employee with privileged access and one that has gone rouge. Of course, UEBA technology is just one part of the solution – Inglis also advised businesses to ‘enforce discipline’ at all levels of the business, as well as ensure a level of transparency across the organisation.
However, the one piece of advice which resonates the most is to never underestimate the insider threat – as Snowden proved to the NSA.