Master’s alum finds more insiders in the dark corners

NPS Center for Homeland Defense and Security HSx participant Nick Catrantzos found a way to preserve his ideas forged during the course by expanding his research on his master’s degree topic, combating insider threats.

In the recently updated Springer Handbook of Security Science Catrantzos updates themes discussed in his 2009 thesis, “No Dark Corners: Defending Against Insider Threats to Critical Infrastructure.

Nick Catrantzos

“In some ways this chapter became a kind of parking lot to take ideas we had been kicking around and captured in another away,” Catrantzos said.

During the years since his thesis, cyber security has assumed a leading role in insider threat studies, as Catrantzos noted in the new Handbook. He also warned against defaulting to the same tired methods of more invasive employee monitoring and endless password changes. These methods alienate employees and inspire them to greater creativity in finding ways to bypass such burdens.

“I quoted in the chapter that some studies that show even IT people bypass their own controls,” he said. “That doesn’t inspire a lot of confidence from the people who are beset by this oppression.”

Nor is solely relying on high-tech staff expertise necessarily a sound defensive policy. Experts are finite resources, he noted, and that tack tends to absolve end users from believing they have a role in mitigating threats.

Another addition to the chapter is the discussion about divided loyalties and how they affect insider attacks. Catrantzos drew on work from Dr. Katherine Herbig, formerly of the Defense Personnel and Security Research Center (PERSEREC), in Seaside, California, which was established in 1985 in the wake of the Walker spy scandal in which he enlisted family and U.S. Navy peers to snoop on behalf of the Soviet Union from 1968. Walker was motivated by finances, but Catrantzos suggests in current times the motivation for most insider threats has shifted from monetary gain to more ideological or nationalistic forces.

“People used to do it for money, but in recent years people are selling our country out because of divided loyalty,” he said. “That makes it hard to detect.”

Containing the threat dramatically hinges on an active workforce and lawful disruption. Leaders must confront what Catrantzos has famously called the “indelicate obvious,” in which employees with obvious factors that could lead to criminality are never challenged because of managerial sensitivity. A financial institution would do well to question an employee with poor credit, for example. And, a planted malcontent is less likely to maintain a competent cover story.

“Instead of snitching we should be encouraging people to get engaged in a level that is safe,” he said. ““This signals that there is an alert workforce. Ask people what they are doing or if you can help them. That lets people know someone is watching. We have gotten ourselves so sensitive about offending someone that we ignore the obvious. You need the courage to defy apathy.”

The original thesis earned the Outstanding Thesis Award for Catrantzos master’s cohort and led to ensuing opportunities to share the research. He published an accompanying article in the peer-reviewed NPS-CHDS Journal of Homeland Security Affairs and published a book based on the topic as well as an article for a Canadian security magazine. He was recently interviewed by PERSEREC, which contributed to his original research and was invited to address the Conference Board of Canada at its insider threat symposium in Ottawa.

Assorted citations of his thesis have also risen, especially in regard to his thesis research approach employing the Delphi method was unique. The technique uses a group of experts who are anonymously surveyed with the answers then synthesized and re-submitted for more perusal. The idea is to draw conclusion based on the wisdom of the crowd of experts.

“The Delphi method is kind of like a focus group without peer pressure,” he said. “They aren’t being brow-beaten by the loudest voices in the room.”

Participation in the HSx program allowed the time and intellectual interaction to re-tackle a subject to the handbook, albeit for no pay and the masochism of academic formatting and copy editing. Classmates André Billeaudeaux, Dan O’Connor and Cynthia Renaud helped shape early discussions and Catrantzos credits Nadav Morag of the NPS-CHDS instructional staff for the idea of writing a new chapter.

His general message is to make all employees a security specialist and not to treat security challenges as something that has a concrete solution.

“The insider threat is not a problem so much as it is a predicament,” he said. “Problems can be solved. Predicaments take interpretive thinking. You have to approach them in a different way.”