To fight insider threats, AF team models network protection layers
- By Mark Pomerleau
- Mar 11, 2015
A team from Hanscom Air Force Base has developed a model for delivering solutions that protect against insider cyber threats.
Last year the special programs unit opened the Materiel Solutions Analysis (MSA) Lab, where the team tests commercial technologies that could potentially function on a secure network and, at the same time, serve as a deterrent for insider attacks.
After testing more than 100 proposals on insider threat mitigation technologies, MSA and its partner the MIT Lincoln Lab started to notice a pervasive misconception among companies: That there is a single solution to insider attacks.
“To believe a single technology exists that will prevent malicious insiders from stealing, altering or destroying sensitive information is inaccurate," said Lt. Col. Richard Howard, the MSA chief.
Researchers and engineers at Hanscom developed what is referred to as the Insider Threat Universe, a model that conveys how technologies protect different parts of the Air Force’s secure networks. The ITU works in layers, representing data-at-rest encryption and role-based access controls, for example, but does not examine network protection in whole, only in part.
The MSA team recently hosted a Cyber Insider Threat Workshop where participants discussed mitigation efforts and how they fit into the ITU model.
"Communication is the only way synergy can be developed across the board," said Paul Krueger, the MSA chief engineer. "Making the community aware of currently used technologies, as well as equipment and software that's being tested and fielded by facilities like the MSA Lab, is critical to solving this problem."
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.