Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1211748
34 FEBRUARY/MARCH 2020 www.vanguardcanada.com CYBER the Intelligence Community, Depart- ment of Defense and other federal part- ner insider threat programs. Detailed and comprehensive, the ITPMF applied to the vast, complicated US intelligence landscape. Here's a primer: The U.S. Intelligence Community is composed of 17 organi- zations. The Office of the Director of National Intelligence (ODNI) and the Central Intelligence Agency (CIA) are independent. Eight Department of De- fense elements: the Defense Intelligence Agency (DIA), the National Security Agency (NSA), the National Geospatial- Intelligence Agency (NGA), the National Reconnaissance Office (NRO) and the intelligence elements of the four Depart- ment of Defense services: the Army, Navy, Marine Corps and Air Force. Then, there are the seven elements of other departments and agencies: the Department of Energy's Office of Intel- ligence and Counter-Intelligence, the Department of Homeland Security's Of- fice of Intelligence and Analysis and U.S. Coast Guard Intelligence, the Depart- ment of Justice's Federal Bureau of Inves- tigation, the Drug Enforcement Agency's Office of National Security Intelligence, the Department of State's Bureau of In- telligence and Research and the Depart- ment of the Treasury's Office of Intelli- gence and Analysis. In Canada, things are simpler than that. But the Government of Canada's insider threat programs are still in more of a con- cept or incubation phase. Well, we have a publication: Public Safety Canada's "Enhancing Canada's Critical Infrastruc- ture Resilience to Insider Risk" that touts eight steps in promoting and adopting a preventative insider threat program. But first, it poses these questions: What if the keys to the castle were in the hands of those that you were trying to defend against? What if the contractor building your IT infrastructure was working for your com- petitor? What if your most important asset was also your biggest vulnerability? This is a bit of a problem. First, "resil- ience" is not a defence. Second, there is no "set of keys to the castle" – there are many keys, many locks and many doors called controls and safeguards, which are subject to vulnerabilities and vectors that spider from asset to asset. Third, typifying a threat actor preloads and prejudices the detection processes from the start. All actors have to be as- sessed, on criteria, as potential threats even the most highly credentialed and thoroughly vetted. And fourth? An organization's most im- portant asset is its biggest target: what- ever protects an asset is ripe for attempts to exploit. A far cry from the multi-layered ap- proach the U.S. has implemented, Can- ada is still maturing the thinking around insider threats and how to assess their risks. We already know it's not enough to address only one area or domain when tightening the controls around sensitive or valuable assets. We have hardworking folks in various government security departments but the Government of Canada needs to call a prohibition on publications and use those resources to focus on delivering opera- tionalized programs. At the end of the day, we still have the same problem: defeating insider threats requires accounting for the dynamic as- pects of humans – how they can be influ- enced or coerced through external means, what they internalize that may shift mor- als, values, ideologies or political views and how we detect these features. For now, there is no easy formula in monitoring, detecting and intervening on insider threats. But "The Informant!" is available on Netflix; you should watch it. So should the Government of Canada. Valarie Findlay is an American Society for Evidenced-Based Policing member and a research fellow for the Police Foundation (USA) with two decades of senior-level expertise in cybersecurity and policing ini- tiatives. She has worked extensively on federal cyber initiatives and is a member of the Canadian Association of Chiefs of Police eCrimes Cyber Council and AFCEA DC. She has a Masters in Sociology and a Masters in Terrorism Studies with her dissertation addressing the impacts of terrorism on law enforcement in Western Nations. The Government of Canada's insider threat programs are still in more of a concept or incubation phase. Well, we have a publication: Public Safety Canada's "Enhancing Canada's Critical Infrastructure Resilience to Insider Risk" that touts eight steps in promoting and adopting a preventative insider threat program.