Snowden's ex-boss offers tips on stopping insider threats

Strict data control systems could have stopped Snowden, according to former defense contractor Steven Bay

Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. National Security Agency.

Recalling the day he learned Snowden had been behind the NSA leaks back in June 2013, Bay said he received texts about the breaking news while in a leadership meeting at a church. The first text said "Sorry man, looks like your worst nightmare came true."

Bay was crushed: "I went out into an empty room of the church and I just melted down crying."

"Every negative thought you can have, I had," he said. "I thought I was going to get fired. I thought I was going to go to jail. I’m going to lose my family… undercover CIA agents are going to get whacked."

Fortunately, Bay -- who was Snowden's manager at the time of the NSA hack -- wasn’t jailed. But the whole incident did teach him the dangers about insider data theft, and that all companies must take it seriously.

"When we look at Snowden, it’s a very divisive issue," he said. "But there are also a lot of lessons we can learn here."

Bay spoke Tuesday at the TechIgnite event, hosted by the IEEE Computer Society, where he explained tips that companies can use to guard against insider threats. He previously worked at the consulting firm Booz Allen Hamilton, which does work for the NSA. In February 2013, Bay interviewed Snowden for a job at the firm.

Snowden has said to the press that he actually sought employment at Booz Allen to gain access to NSA’s surveillance program data.

Bay calls Snowden a "malicious insider" who should be jailed. But stopping someone like him can be tricky.

In an interview, Bay said Snowden didn’t exhibit any blatant red flags that exposed his intentions in the two months he was employed at Booz Allen as an intelligence analyst. But he did show a couple "yellow flags" that in retrospect hinted something was off.

bey Michael Kan

Former defense contractor Steven Bay speaks at TechIgnite on March 21, 2017.

For instance, Snowden had early on asked for access to NSA’s classified PRISM surveillance program. Two weeks later, he asked for it again, explaining that the data would help him in his NSA-related work. After he got access to the information, he ended up leaking it to the press.

Snowden also claimed he had epilepsy and had to take a leave of absence from Booz Allen because of it. Normally, employees will file short-term disability with human resources so they can still receive their wages, Bay said. But Snowden didn’t care to.

"Wanting leave without pay, instead of short-term disability, was weird," he said. However, none of these actions were unreasonable either.

"I had no reason not to trust him," said Bay, who recalls being “blown away” by Snowden’s technical knowledge when he interviewed him for the job at Booz Allen.

That’s why it’s important for any organization to have protective measures in place when insiders do strike, he said.

Snowden ended up successfully stealing a massive number of files about NSA programs. But better technological controls, like system alerts that detect when sensitive data is being moved, could have been used to stop that, Bay said.

"Perhaps an alert for when a thumb drive gets plugged in," he added. "Alerting when a thumb drive gets turned on."

Or, in a low-tech solution, USB drive ports from the most sensitive computing systems should be removed.

Companies can consider data loss prevention services, which specialize in the monitoring and the protection of sensitive files, Bay said. But another way to guard against insider threats is properly segregating who has access to what.

For example, staffers who leave a company should have their computer access immediately terminated. In addition, a company’s accounting department shouldn’t have access to the R&D team’s research, and vice-versa. 

"Unless your insider has the keys to the kingdom, they can do damage, but they’ll be limited to whatever they have access to," he said. 

Following the NSA leaks, Bay was pulled off from his NSA-related work at Booz Allen Hamilton, and he left the firm last year. He now works as an independent cybersecurity consultant, after serving as a CISO at a medical devices maker.

Looking back at his time at Booz Allen, Bay joked in his talk at TechIgnite: "I don’t know why I was the one guy out of billions of people who got stuck being Snowden’s boss. But I was."

He added that insider hackers like Snowden are rare, so it’s important for companies to focus on more common cybersecurity threats too, like those that come from phishing emails, he said.

But that doesn’t mean companies should ignore the insider risk either.

"These malicious insiders, in my mind, they can do more damage than any other threat you have out there," he said.  

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?