Government Computer News
Agencies must monitor insider network threats, expert says
Agency networks are more vulnerable than ever, according to a former CIA official and cybersecurity expert, and the greatest threat to an organization’s network security may come from within.
Digg
De.licio.us
Slashdot
Technorati
Eric Cole, who worked for the CIA for more than five years, told an audience of government and corporate security professionals today at the inaugural Techno Forensics Conference at the National Institute of Standards and Technology that despite their best efforts, networks are only getting more porous.
Cole said an emerging threat for organizations is that the emphasis on thwarting outside attacks and tracing their origins has led them to overlook the insider threat.
In several recent cases, organizations conducted preliminary forensic examinations after network incidents and identified employees as being responsible.
The problem, according to Cole, is that “those individuals were digitally framed. … I’m the inside expert, I can set it up that you can never catch me, you catch some innocent individual.”
Aside from network insecurity, Cole said agencies need to have standardized procedures for computer forensics. A lack of standardized procedures for computer forensics, he warned, will jeopardize organizations’ abilities to use forensic examinations at trial and will poison the well with judges on future cases.
Some of the difficulties could be alleviated if standards are established and certifications issued to those who are qualified to conduct forensic examinations, Cole said.
Doctors, lawyers, certified public accountants—all must meet specific public standards in order to use those titles, Cole said.
“But what stops someone from saying they are a computer security expert?” he asked. “It was bad during the dot-com boom, but it is happening today.”
According to a recent study conducted for the National Institute of Justice in the U.S. Justice Department, most agencies don’t have dedicated digital evidence units, and a majority of agencies have no digital evidence policies, Cole said. In addition, less than half require specific training to seize digital evidence, and only half require specific training to duplicate, examine and analyze evidence.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [justice]](/images/1105logo_website.gif "Government Computer News [justice]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
