Joe Gould reports:
In the wake of the biggest dump of classified information in the history of the Army, the brass is searching for ways to watch what every soldier is doing on his or her Army computer.
The Army wants to look at keystrokes, downloads and Web searches on computers that soldiers use.
[…]
According to Smith, the Army will soon shop for software pre-programmed to detect a user’s abnormal behavior and record it, catching malicious insiders in the act. Though it is unclear how broadly the Army plans to adopt the program, the Army has more than 900,000 users on its computers.
Read more on Army Times.
I work in Information Assurance. I can understand some of he reasons why things happen, but then again, there are others that just don’t make sense with the technology – and required people-power to handle the job.
In My personal opinion, I think it would be ALOT easier simply to remove the internet from the place of work. Then, there is no means of tranfer of data, short of taking it from work to another location and doing their harm elsewhere.
In my opinion, this is a quick fix. Its like putting a 4 foot fence round your property. You’re going to keep the honest people honest, and the determined people will consider this a very light hurdle to overcome.
Controlling material of any sort is quite difficult. There has to be a level of trust granted to people in order to protect information. The way this article reads from here is that the Army has little trust in any individual they employ – military, civilian and contractor alike.
Software? Yikes. I’m sorry, but if there is something that needs to be avoided is an additional layer of protection that has a potential to fall into the wrong hands. Lets say a system gets compromised. Then this system has software that the bad guy knows about and taps into the client residing program and sits and watches username and passwords and official documents fly right by.
Again, the issue seems not to rid of the problem itself, all they are doing is adding another layer upon the cake that is getting quite heavy to manage. Move all internet activity to strategically located kiosks. From there, individuals who need internet access can use a workstation. Don’t build these kiosks with high privacy walls, it will cut down on most of the questionable surfing that way.
Don’t allow USB, CDROM or DVD burning what so ever. Personnel put in a trouble ticket, create a file on their share and appropriately trained personnel (who hopefully are on the GOOD side) look over the contents of the file(s) and burn them to a disk, and close the ticket. Its an increase in people power, but it provides a human second look at a process.
Just becuase an individual has a clearance doesn’t mean they need an account or an account that has access to privileged information 24/7 365. If your a clerk in the admin ofice why do you need access to classified data? Let the higher chain of command “manage” the classified stuff. Clearances, and access are given out like candy. Access should be limited. Seems like the Need to know is too widespread.
I don’t know about the Armys’ way of doing business, but if it was another branch doing this, I think it would be handled differently. I see a large stream of data and an overwhelmed staff who eventually cannot keep up. Heck, just look at most places that can’t even keep up to look at event logs. Now an additional layer of burden is brought upon an already overworked staff.