The Dangers of Insider Threats in Critical Infrastructure

The Dangers of Insider Threats in Critical Infrastructure

It is scary enough that intelligence officials say cyber security no trumps terrorism as the No. 1 threat to the U.S. With the most recent data breach attacks on the White House and Office of Personnel Management, this is just the tip of concern for the federal government. However, it gets even scarier when these breaches are insider threats on the nation’s critical infrastructure.

Based on research from a recent article, in April 2011, a lone water treatment employee allegedly shut down operating systems at a wastewater utility in Arizona in an attempt to cause sewage backup to damage equipment and create a buildup of methane gas. Luckily, automatic safety features prevented this from happening without an incident. Earlier that year, an employee recently fired from a US natural gas company also closed a valve, disrupting gas service to nearly 3,000 customers for an hour.

There is so much sensitive information that is vital to the country’s infrastructure, and with the concern of this information being in the hands of unauthorized users, retail data breaches such as Target and Home Depot are considered to be small compared to what can happen, without the proper security of this information.

These days, to reduce costs unqualified vendors, contractors and trusted business partners get privileged access to critical infrastructure facilities. The use of cloud services, remote work and Web technologies within critical infrastructure organization further increase the problem if the sensitive information is not secured. This is not only for outside hackers, but for trusted employees and contractors who can get their information stolen or provided to unauthorized users intentionally.

With the recent warnings provided by the Department of Homeland Security (DHS) it is important that the data is protected, as to stop using these outside vendors will be too costly to replace. Eliminate the risk with data-centric solutions such as information rights management or otherwise known as digital rights management.

In contrast with conventional security solutions, these solutions can protect the data persistently wherever they are. This is the only complete and effective solution that protects against unwanted data breaches, especially from insiders to the nation’s critical infrastructure.

Photo Credit: Jonathan Brodsky

Book a meeting