The Office of Management and Budget asked government agencies to spell out their strategies for minimizing insider risk.

Last week, the Office of Management and Budget asked government
agencies to spell out their strategies for minimizing insider risk.
The memo, published by MSNBC, asked agencies to assess their security
efforts and compliance to federal standards following the release of a
trove of government documents, including classified State Department
memos, by Wikileaks.
It's likely that federal contractors and government suppliers will
also find themselves responding to this list of questions [PDF] and
the central issue of preventing the unauthorized disclosure of
sensitive and classified materials. In a key section of the memo, the
OMB requests information on whether organizations are measuring the
"trustworthiness" of their employees and whether they use a
psychiatrist or sociologist to measure the unhappiness of an employee
as a measure of trustworthiness.

In an effort to prevent the leak of the crown jewels, government
agencies and companies with significant intellectual property may be
moving to stricter management of employees, says Ken Ammon, chief
strategy officer for network access control firm Xceedium.

"Historically, policy and training have been the way (organizations)
have handled insiders," Ammon says. "But if you talk with the DOD
(Department of Defense), their most significant threat is an
intelligent and motivated insider system administrator."

Privileged insiders are not responsible for the loss of great
quantities of data, but they steal the more valuable data, according
to Verizon Business's Data Breach Investigations Report, which it
released last year.

"In general, we find that employees are granted more privileges than
they need to perform their job duties and the activities of those that
do require higher privileges are usually not monitored in any real
way," the report states.

Xceedium focuses its efforts on monitoring and auditing the access of
such privileged insiders, blocking any attempts to access data and
resources outside of explicit policy.

With privileged insiders, "you have to go with the zero-trust model,"
says Ammon.

The Department of Defense is doing just that. Last year, the research
arm of the Pentagon, known as DARPA (Defense Advanced Research
Projects Agency), tasked researchers with finding better methods of
detecting government employees and soldiers who may be planning to go
rogue. The program, dubbed ADAMS (Anomaly Detection at Multiple
Scales), aims to detect changes in behavior that could suggest a
decision to attack. In another proposal, issued in August, DARPA asked
for technological solutions to better detect enemies already present
in networks.

The WikiLeaks memo and the ADAMS project seem to indicate that the
government will be looking more closely at the people with access to
critical assets and data. With the government focusing on increasing
the security of government contractors, it's likely that corporate
America will take a greater interest in the happiness and
trustworthiness of its IT staff as well.

It's time to grit your teeth and be happy, folks.

SOURCE - http://www.infoworld.com/t/insider-threat/the-fed-goes-hunting-malcontents-411