Malicious Insider Pleads Guilty – After Russians Get the Data
According to the Canadian government, Canadian Navy Intelligence officer, Sub-Lt. Jeffrey Paul Delisle pleaded guilty last month to passing classified information to Russia. Is this the makings of a James Bond-like spy novel or is this becoming the norm, throughout the globe? What we are witnessing is the inherent weakness in any major government, not just Canada, at securing the data. It gets much harder when it’s accessed by trusted, yet malicious insiders.
It’s not about passing laws or creating stronger regulations – as most police tell you – all the rules in the world don’t stop criminals. It’s about consistent implementation of stringent information security policies. Classified documents can be accessed in read-only fashion and on devices such as simple monitors with the 3m security screen that don’t allow photography of the screen. This can also be done with zero-client, such as the SUNDE solution, in conjunction with a DLP strategy that blocks endpoint data leakage, such as the DeviceLock solution, which are all distributed throughout Canada by leading edge infosec distributors such as Solantus, Inc.
We’ve seen a BYOD breach at the SEC, we’ve seen the White House hacked by the Chinese and now we’ve seen Canadian Naval Intelligence dealing with a malicious insider. What’s going on, you ask? Try sever gaps in more intelligent security policies that prohibit data leakage, control data access and the right tools to setoff all the alarms during an incident, not forensically as an afterthought. With the bring your own devices, powerful computers with cameras and internet access in the guise of cell phones, USB ports, bluetooth, IR and so many more, there are just way too many data leakage ports in the name of convenience.
It’s not just that government tools are older or outdated, as we can remember the Tempest equipment from Wang Labs many years ago, used by the US federal government that could block data leakage and eavesdropping in the late 80’s and early 90’s. It’s about policy, policy, policy – first and foremost. Then, with the right tools and consistency, this kind of breach becomes more challenging for the malicious insider.
Sources (CDM, CBC News and the Canadian Government)