Snowden's ex-boss offers tips on stopping insider threats

Strict data control systems could have stopped Snowden, according to former defense contractor Steven Bay

Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. National Security Agency.

Recalling the day he learned Snowden had been behind the NSA leaks back in June 2013, Bay said he received texts about the breaking news while in a leadership meeting at a church. The first text said "Sorry man, looks like your worst nightmare came true."

Bay was crushed: "I went out into an empty room of the church and I just melted down crying."

"Every negative thought you can have, I had," he said. "I thought I was going to get fired. I thought I was going to go to jail. I’m going to lose my family… undercover CIA agents are going to get whacked."

Fortunately, Bay -- who was Snowden's manager at the time of the NSA hack -- wasn’t jailed. But the whole incident did teach him the dangers about insider data theft, and that all companies must take it seriously.

"When we look at Snowden, it’s a very divisive issue," he said. "But there are also a lot of lessons we can learn here."

Bay spoke Tuesday at the TechIgnite event, hosted by the IEEE Computer Society, where he explained tips that companies can use to guard against insider threats. He previously worked at the consulting firm Booz Allen Hamilton, which does work for the NSA. In February 2013, Bay interviewed Snowden for a job at the firm.

Snowden has said to the press that he actually sought employment at Booz Allen to gain access to NSA’s surveillance program data.

Bay calls Snowden a "malicious insider" who should be jailed. But stopping someone like him can be tricky.

In an interview, Bay said Snowden didn’t exhibit any blatant red flags that exposed his intentions in the two months he was employed at Booz Allen as an intelligence analyst. But he did show a couple "yellow flags" that in retrospect hinted something was off.

bey Michael Kan

Former defense contractor Steven Bay speaks at TechIgnite on March 21, 2017.

For instance, Snowden had early on asked for access to NSA’s classified PRISM surveillance program. Two weeks later, he asked for it again, explaining that the data would help him in his NSA-related work. After he got access to the information, he ended up leaking it to the press.

Snowden also claimed he had epilepsy and had to take a leave of absence from Booz Allen because of it. Normally, employees will file short-term disability with human resources so they can still receive their wages, Bay said. But Snowden didn’t care to.

"Wanting leave without pay, instead of short-term disability, was weird," he said. However, none of these actions were unreasonable either.

"I had no reason not to trust him," said Bay, who recalls being “blown away” by Snowden’s technical knowledge when he interviewed him for the job at Booz Allen.

That’s why it’s important for any organization to have protective measures in place when insiders do strike, he said.

Snowden ended up successfully stealing a massive number of files about NSA programs. But better technological controls, like system alerts that detect when sensitive data is being moved, could have been used to stop that, Bay said.

"Perhaps an alert for when a thumb drive gets plugged in," he added. "Alerting when a thumb drive gets turned on."

Or, in a low-tech solution, USB drive ports from the most sensitive computing systems should be removed.

Companies can consider data loss prevention services, which specialize in the monitoring and the protection of sensitive files, Bay said. But another way to guard against insider threats is properly segregating who has access to what.

For example, staffers who leave a company should have their computer access immediately terminated. In addition, a company’s accounting department shouldn’t have access to the R&D team’s research, and vice-versa. 

"Unless your insider has the keys to the kingdom, they can do damage, but they’ll be limited to whatever they have access to," he said. 

Following the NSA leaks, Bay was pulled off from his NSA-related work at Booz Allen Hamilton, and he left the firm last year. He now works as an independent cybersecurity consultant, after serving as a CISO at a medical devices maker.

Looking back at his time at Booz Allen, Bay joked in his talk at TechIgnite: "I don’t know why I was the one guy out of billions of people who got stuck being Snowden’s boss. But I was."

He added that insider hackers like Snowden are rare, so it’s important for companies to focus on more common cybersecurity threats too, like those that come from phishing emails, he said.

But that doesn’t mean companies should ignore the insider risk either.

"These malicious insiders, in my mind, they can do more damage than any other threat you have out there," he said.  

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?