14 DAY TRIAL // Last week, the House Intelligence Committee approved a bill to provide additional funding for US intelligence agencies. The NSA will be given $75 million (€55 million) to combat insider threats and make sure leaks of classified information, like in the case of Edward Snowden, never happen again.
While this large amount of money might be very useful to the NSA, experts warn that money is not always enough to solve cyber security issues.
“The reality for most organizations is that there is very little awareness and understanding of the impact that cyber attacks trust can have on an organization and Snowden is a classic example of this fact,” Jeff Hudson, CEO of Venafi, told Softpedia.
Researchers from Venafi’s Threat Center are confident that they know how Edward Snowden managed to steal thousands of documents from the NSA’s systems without being detected. Experts believe he used fabricated SSH keys and self-signed certificates to pull off the stunt.
“The NSA’s inability to identify and respond to a low-level contractor who siphoned off—in-excess of—10,000 pages of invaluable US intellectual property and classified information is just one symptom of a weak and failing security system that the House Intelligence Committee is now coming to understand is in dire need of help,” Hudson added.
He believes that the NSA, which at its core lacks the ability to identify weak links in the digital trust chain, might be able to put the $75 million (€55 million) to good use. However, this is only the first step in the process to correct the problem.
“[T]hose funds will have little impact unless they are used to shore up the massive security vulnerability that remains from unprotected cryptographic keys and digital certificates—which were used by the now-exiled insider to steal documents from the most secretive agency on the planet,” Hudson noted.
Mike Tierney, vice president of operations at SpectorSoft, a company that specializes in providing advanced monitoring solutions, agrees that money alone is not enough.
“We encourage any organization contemplating how best to deal with potential insider threats to ensure that the strategy they put in place embraces a simple truth: the heart of every insider threat, including the now infamous NSA example, involves authorized access used in an unauthorized way,” Tierney told us.
“We applaud the House on its decision to provide additional funding to the NSA, as it is clear that the agency needs more money, resources and expertise, but it is also clear that money alone cannot solve the problem,” he added.
“Snowden’s example signals louder than ever a ‘people’ problem as much as it does a technology one, and if any organization fails to invest in people-centric security solutions they are going to do little to protect against a second Snowden-like compromise.”