Snowden's ex-boss offers tips on stopping insider threats

Strict data control systems could have stopped Snowden, according to former defense contractor Steven Bay

Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. National Security Agency.

Recalling the day he learned Snowden had been behind the NSA leaks back in June 2013, Bay said he received texts about the breaking news while in a leadership meeting at a church. The first text said "Sorry man, looks like your worst nightmare came true."

Bay was crushed: "I went out into an empty room of the church and I just melted down crying."

"Every negative thought you can have, I had," he said. "I thought I was going to get fired. I thought I was going to go to jail. I’m going to lose my family… undercover CIA agents are going to get whacked."

Fortunately, Bay -- who was Snowden's manager at the time of the NSA hack -- wasn’t jailed. But the whole incident did teach him the dangers about insider data theft, and that all companies must take it seriously.

"When we look at Snowden, it’s a very divisive issue," he said. "But there are also a lot of lessons we can learn here."

Bay spoke Tuesday at the TechIgnite event, hosted by the IEEE Computer Society, where he explained tips that companies can use to guard against insider threats. He previously worked at the consulting firm Booz Allen Hamilton, which does work for the NSA. In February 2013, Bay interviewed Snowden for a job at the firm.

Snowden has said to the press that he actually sought employment at Booz Allen to gain access to NSA’s surveillance program data.

Bay calls Snowden a "malicious insider" who should be jailed. But stopping someone like him can be tricky.

In an interview, Bay said Snowden didn’t exhibit any blatant red flags that exposed his intentions in the two months he was employed at Booz Allen as an intelligence analyst. But he did show a couple "yellow flags" that in retrospect hinted something was off.

bey Michael Kan

Former defense contractor Steven Bay speaks at TechIgnite on March 21, 2017.

For instance, Snowden had early on asked for access to NSA’s classified PRISM surveillance program. Two weeks later, he asked for it again, explaining that the data would help him in his NSA-related work. After he got access to the information, he ended up leaking it to the press.

Snowden also claimed he had epilepsy and had to take a leave of absence from Booz Allen because of it. Normally, employees will file short-term disability with human resources so they can still receive their wages, Bay said. But Snowden didn’t care to.

"Wanting leave without pay, instead of short-term disability, was weird," he said. However, none of these actions were unreasonable either.

"I had no reason not to trust him," said Bay, who recalls being “blown away” by Snowden’s technical knowledge when he interviewed him for the job at Booz Allen.

That’s why it’s important for any organization to have protective measures in place when insiders do strike, he said.

Snowden ended up successfully stealing a massive number of files about NSA programs. But better technological controls, like system alerts that detect when sensitive data is being moved, could have been used to stop that, Bay said.

"Perhaps an alert for when a thumb drive gets plugged in," he added. "Alerting when a thumb drive gets turned on."

Or, in a low-tech solution, USB drive ports from the most sensitive computing systems should be removed.

Companies can consider data loss prevention services, which specialize in the monitoring and the protection of sensitive files, Bay said. But another way to guard against insider threats is properly segregating who has access to what.

For example, staffers who leave a company should have their computer access immediately terminated. In addition, a company’s accounting department shouldn’t have access to the R&D team’s research, and vice-versa. 

"Unless your insider has the keys to the kingdom, they can do damage, but they’ll be limited to whatever they have access to," he said. 

Following the NSA leaks, Bay was pulled off from his NSA-related work at Booz Allen Hamilton, and he left the firm last year. He now works as an independent cybersecurity consultant, after serving as a CISO at a medical devices maker.

Looking back at his time at Booz Allen, Bay joked in his talk at TechIgnite: "I don’t know why I was the one guy out of billions of people who got stuck being Snowden’s boss. But I was."

He added that insider hackers like Snowden are rare, so it’s important for companies to focus on more common cybersecurity threats too, like those that come from phishing emails, he said.

But that doesn’t mean companies should ignore the insider risk either.

"These malicious insiders, in my mind, they can do more damage than any other threat you have out there," he said.  

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?