The Meaning of Trust
Security technologist and author Bruce Schneier looks at the age-old problem of insider threat
By Bruce Schneier
Rajendrasinh Makwana was a UNIX contractor for Fannie Mae. On October 24, he was fired. Before he left, he slipped a logic bomb into the organisation's network. The bomb would have "detonated" on January 31. It was programmed to disable access to the server on which it was running, block any network monitoring software, systematically and irretrievably erase everything, and then replicate itself on all 4,000 Fannie Mae servers. Court papers claim the damage would have been in the millions of dollars.
Luckily, another programmer discovered the script a week later, and disabled it.
Insiders are a perennial problem. They have access, and they're known by the system. They know how the system and its security works, and its weak points. They have opportunity. And, like Makwana's attempt at revenge, these insiders can have pretty intense motives, motives that can only intensify as the economy continues to suffer and layoffs increase. Insiders are especially pernicious attackers because they're trusted. They have access because they're supposed to have access. They have opportunity, and an understanding of the system, because they use it -- or they designed, built, or installed it. They're already inside the security system, making them much harder to defend against.
It's not possible to design a system without trusted people. They're everywhere. In offices, employees are trusted people given access to facilities and resources, and allowed to act -sometimes broadly, sometimes narrowly -- in the company's name. In stores, employees are allowed access to the back room and the cash register; and customers are trusted to walk into the store and touch the merchandise. IRS employees are trusted with personal tax information; hospital employees are trusted with personal health information. Banks, airports, and prisons couldn't operate without trusted people. Replacing trusted people with computers doesn't make the problem go away; it just moves it around and makes it even more complex.
Good security systems use multiple measures, all working together. In the end, systems will always have trusted people who can subvert them. It's important to keep in mind that incidents like this don't happen very often; that most people are honest and honorable. Security is very much designed to protect against the dishonest minority. And often little things -- like disabling access immediately upon termination -- can go a long way.
Sidebar: Damage Limitation
Inside threats are much, much older than computers. And the solutions haven't changed much throughout history, either. Here are five basic techniques to deal with trusted people:
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.