{"id":7093,"date":"2017-03-23T10:30:15","date_gmt":"2017-03-23T18:30:15","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/23\/news-884\/"},"modified":"2017-03-23T10:30:15","modified_gmt":"2017-03-23T18:30:15","slug":"news-884","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/23\/news-884\/","title":{"rendered":"Snowden&#039;s ex-boss offers advice on stopping insider threats"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt0.staticworld.net\/images\/idgnsImport\/2015\/08\/id-2958269-150515-nsa-sign-100601668-medium.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Thu, 23 Mar 2017 10:10:00 -0700<\/strong><\/p>\n<p> Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. National Security Agency. <\/p>\n<p> Recalling the day he learned Snowden had been behind the <a target=\"_blank\" href=\"https:\/\/www.theguardian.com\/world\/2013\/jun\/09\/nsa-secret-surveillance-lawmakers-live\">NSA leaks<\/a> back in June 2013, Bay said he received texts about the breaking news while in a leadership meeting at a church. The first text said &#8220;Sorry man, looks like your worst nightmare came true.&#8221; <\/p>\n<p> Bay was crushed: &#8220;I went out into an empty room of the church and I just melted down crying.&#8221; <\/p>\n<p> &#8220;Every negative thought you can have, I had,&#8221; he said. &#8220;I thought I was going to get fired. I thought I was going to go to jail. I\u2019m going to lose my family\u2026 undercover CIA agents are going to get whacked.&#8221; <\/p>\n<p> Fortunately, Bay &#8212; who was Snowden&#8217;s manager at the time of the NSA hack &#8212; wasn\u2019t jailed. But the whole incident did teach him the dangers about insider data theft, and that all companies must take it seriously. <\/p>\n<p> &#8220;When we look at Snowden, it\u2019s a very divisive issue,&#8221; he said. &#8220;But there are also a lot of lessons we can learn here.&#8221; <\/p>\n<p> Bay spoke Tuesday at the <a target=\"_blank\" href=\"http:\/\/techignite.computer.org\/venue-hotel\/\">TechIgnite<\/a> event, hosted by the IEEE Computer Society, where he explained tips that companies can use to guard against insider threats. He previously worked at the consulting firm Booz Allen Hamilton, which does work for the NSA. In February 2013, Bay interviewed Snowden for a job at the firm. <\/p>\n<p> Snowden has said to the press that he actually sought employment at Booz Allen to gain access to NSA\u2019s surveillance program data. <\/p>\n<p> Bay calls Snowden a &#8220;malicious insider&#8221; who should be jailed. But stopping someone like him can be tricky. <\/p>\n<p> In an interview, Bay said Snowden didn\u2019t exhibit any blatant red flags that exposed his intentions in the two months he was employed at Booz Allen as an intelligence analyst. But he did show a couple &#8220;yellow flags&#8221; that in retrospect hinted something was off. <\/p>\n<p> Former defense contractor Steven Bay speaks at TechIgnite on March 21, 2017. <\/p>\n<p> For instance, Snowden had early on asked for access to NSA\u2019s classified <a target=\"_blank\" href=\"http:\/\/www.pcworld.com\/article\/2040991\/report-nsa-prism-program-spied-on-americans-emails-searches.html\">PRISM<\/a> surveillance program. Two weeks later, he asked for it again, explaining that the data would help him in his NSA-related work. After he got access to the information, he ended up leaking it to the press. <\/p>\n<p> Snowden also claimed he had epilepsy and had to take a leave of absence from Booz Allen because of it. Normally, employees will file short-term disability with human resources so they can still receive their wages, Bay said. But Snowden didn\u2019t care to. <\/p>\n<p> &#8220;Wanting leave without pay, instead of short-term disability, was weird,&#8221; he said. However, none of these actions were unreasonable either. <\/p>\n<p> &#8220;I had no reason not to trust him,&#8221; said Bay, who recalls being \u201cblown away\u201d by Snowden\u2019s technical knowledge when he interviewed him for the job at Booz Allen. <\/p>\n<p> That\u2019s why it\u2019s important for any organization to have protective measures in place when insiders do strike, he said. <\/p>\n<p> Snowden ended up successfully stealing a massive number of files about NSA programs. But better technological controls, like system alerts that detect when sensitive data is being moved, could have been used to stop that, Bay said. <\/p>\n<p> &#8220;Perhaps an alert for when a thumb drive gets plugged in,&#8221; he added. &#8220;Alerting when a thumb drive gets turned on.&#8221; <\/p>\n<p> Or, in a low-tech solution, USB drive ports from the most sensitive computing systems should be removed. <\/p>\n<p> Companies can consider <a target=\"_blank\" href=\"http:\/\/www.csoonline.com\/article\/2134517\/it-strategy\/strategic-planning-erm-7-strategies-for-a-successful-dlp-strategy.html\">data loss prevention<\/a> services, which specialize in the monitoring and the protection of sensitive files, Bay said. But another way to guard against insider threats is properly segregating who has access to what. <\/p>\n<p> For example, staffers who leave a company should have their computer access immediately terminated. In addition, a company\u2019s accounting department shouldn\u2019t have access to the R&amp;D team\u2019s research, and vice-versa.\u00a0 <\/p>\n<p> &#8220;Unless your insider has the keys to the kingdom, they can do damage, but they\u2019ll be limited to whatever they have access to,&#8221; he said.\u00a0 <\/p>\n<p> Following the NSA leaks, Bay was pulled off from his NSA-related work at Booz Allen Hamilton, and he left the firm last year. He now works as an independent cybersecurity consultant, after serving as a CISO at a medical devices maker. <\/p>\n<p> Looking back at his time at Booz Allen, Bay joked in his talk at TechIgnite: &#8220;I don\u2019t know why I was the one guy out of billions of people who got stuck being Snowden\u2019s boss. But I was.&#8221; <\/p>\n<p> He added that insider hackers like Snowden are rare, so it\u2019s important for companies to focus on more common cybersecurity threats too, like those that come from <a href=\"http:\/\/www.computerworld.com\/article\/2939513\/security0\/phishers-target-middle-management.html\">phishing emails<\/a>, he said. <\/p>\n<p> But that doesn\u2019t mean companies should ignore the insider risk either. <\/p>\n<p> &#8220;These malicious insiders, in my mind, they can do more damage than any other threat you have out there,&#8221; he said. \u00a0 <\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3184411\/security\/snowdens-ex-boss-offers-advice-on-stopping-insider-threats.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt0.staticworld.net\/images\/idgnsImport\/2015\/08\/id-2958269-150515-nsa-sign-100601668-medium.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Thu, 23 Mar 2017 10:10:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p> Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. National Security Agency.<\/p>\n<p> Recalling the day he learned Snowden had been behind the <a target=\"_blank\" href=\"https:\/\/www.theguardian.com\/world\/2013\/jun\/09\/nsa-secret-surveillance-lawmakers-live\">NSA leaks<\/a> back in June 2013, Bay said he received texts about the breaking news while in a leadership meeting at a church. The first text said &#8220;Sorry man, looks like your worst nightmare came true.&#8221;<\/p>\n<p> Bay was crushed: &#8220;I went out into an empty room of the church and I just melted down crying.&#8221;<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3184411\/security\/snowdens-ex-boss-offers-advice-on-stopping-insider-threats.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714],"class_list":["post-7093","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7093"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7093\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7093"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}