there is an employee who regularly downloads multiple documents late on Wednesday evenings? Do they work flexible hours, or are they planning on joining a competitor and stealing your intellectual property?
This is where data science comes in. Applying the same sort of analytics to its own data that the NSA applies to external data would have identified Edward Snowden as an outlier very early on. Data science -- specifically, anomaly analytics -- helps to find what isn't normal. It can be applied to procurement fraud, tax yield management, cyber security, and more, and it brings more adaptive methods to deal with new threats rather than adding more bolts once the horse has left the barn. The goal of anomaly analytics is to let you know when the bolt is being rattled before the horse decides to run with another jockey. It's about finding out what could be a problem and then having processes in place to handle that.
How is this done? First, data scientists within an organization need to establish what constitutes "normal" employee behavior by analyzing a host of different variables over a period of time to identify how the majority of staff members complete tasks on a day-to-day basis. Then, by running an analysis on those findings, employee profiles that do not correspond to those typical behavioral patterns can be flagged.
Here's a specific example of how this requires governments to think differently: Government data analysts identify a coffee shop that is running more money through the tills than what is classified as normal, and the owner is linked to another shop opening elsewhere in the country. There is a possibility that this could be a front for money laundering, but how do you go about requesting a warrant or authorize surveillance based on a potential future threat? The challenge for pinpointing insider threats and confirming that they are real is similar, but watching for suspicious patterns is a good starting point.
The security landscape is evolving, and we cannot rely on traditional methods to keep data and our constituents 100% safe. The "Just Say No" mentality within government security needs to evolve to become a driver for optimization, enabling the business of government to continue forward while effectively preventing rogue behavior. Anomaly analytics isn't rocket science, and with a robust, up-to-date IT infrastructure and a set of carefully applied algorithms, data breaches can be identified and dealt with quickly to prevent outliers such as Snowden from engaging in illegal activity.
NIST's cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.