CIA Controversy Highlights Data Threats Often Come From the Inside

Malicious insiders and disgruntled employees are one of the greatest security threats to U.S. businesses. While the same would be true for the federal government, the recent CIA controversy adds a unique perspective to that reality. The U.S. Central Intelligence Agency (CIA) recently admitted to hacking a computer network used by the Senate Intelligence Committee. As expected, Congress is up in arms over the revelation particularly because of earlier denials of such conduct.

According to the CIA inspector general’s report released on July 31, 2014, several agency employees searched Senate computers and staff emails for information about the committee’s investigation into interrogation techniques used in the wake of the September 11 attacks. These employees “acted in a manner inconsistent with the common understanding” between the CIA and the Senate committee regarding the use of the computer network, the report states.

The admissions confirm concerns raised by Sen. Diane Feinstein in March 2014 when she alleged on the Senate floor that the CIA was attempting to impede the committee’s investigation into suspected torture al Qaida detainees. The findings also appear to contradict the earlier position taken by CIA Director John Brennan. “As far as the allegations of the CIA hacking into Senate computers, nothing could be further from the truth… That’s beyond the scope of reason,” Brennan said at the time.

According to a CIA statement in response to the report, Brennan has apologized to members of the Senate Intelligence Committee and referred the report to an accountability board, which Feinstein acknowledged is a good first step.

“The investigation confirmed what I said on the Senate floor in March—CIA personnel inappropriately searched Senate Intelligence Committee computers in violation of an agreement we had reached, and I believe in violation of the constitutional separation of powers,” Feinstein said.

While the CIA’s conduct is shocking, data breaches by company or even government insiders are not uncommon. According to recent studies, nearly 60 percent of data security breaches are attributed to inside threats, from former employees to current business partners.

Thanks to technology, employees can access key business data from numerous devices from a variety of locations. However, the same tools that make our lives easier also put information at risk. Therefore, it is imperative to take steps to improve data security, which should include technological safeguards such as passwords and legal protections such as confidentiality and non-disclosure agreements.

If you have any questions about this post or would like to discuss the issues involved, please contact me, Fernando Pinguelo, or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit eWhiteHouseWatch (http://ewhwblog.com).