View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 25, 2016updated 28 Oct 2016 11:01am

Ex-Deputy Director of NSA discredits ‘story’ spun by Snowden

Cris Inglis, the NSA Deputy Director at the time of the Snowden leak, answers CBR's questions about insider attacks.

By Ellie Burns

There is a scene in the Snowden movie where the Deputy Director of the NSA, played by Patrick Joseph Byrnes, sends Joseph Gordon-Levitt’s Snowden on a mission to Hawaii. The man portrayed by Patrick Joseph Byrnes is Chris Inglis, the now ex-Deputy Director of the NSA who disputes ever meeting Edward Snowden and questions whether the Oliver Stone biopic is more fabrication than dramatisation.

For Inglis, the film was yet another extension of Snowden’s ability to spin a story which continues to vilify the NSA.  This story, wherever your allegiances lie on the patriot/traitor argument, starts with Snowden as the ultimate insider threat. The first lesson taught by Snowden is to never underestimate the insider threat – a point which Inglis readily acknowledges happening at the NSA.

At an exclusive media Q&A hosted by Securonix, CBR’s Ellie Burns followed up with Inglis about how the insider threat has evolved since Snowden. Inglis told CBR that insider threats have greatly increased in scope and scale – which is an opinion that aligns with what many experts in the industry say. The former NSA Deputy Director admitted that it was hard to say if insider threats had changed in character, from stealing data to destroying data or taking systems online, due to a lack of data points available.

Inglis did, however, use Snowden as an example of the different kinds of impact an insider attack can have on an organisation.

Chris Inglis

John Chris Inglis, also known as Chris Inglis, is a former Deputy Director of the National Security Agency. He retired as Deputy Director on January 10, 2014.

“Snowden is an interesting case in point, with the malice of forethought he stole data and then he kind of conducted an information operations campaign to essentially take that data and to craft a story – which I would assertively allege is untrue,” Inglis told CBR.

“It was a very successful campaign because a large body of the people that were listening to him believed what he said to be true. He carefully selected the material that he released and in many cases possibly misinterpreted the data he had, but none the less was hugely successful in getting a large body of the American public to say, the NSA is in the wrong place.”

Strip back the politics and the Hollywood portrayals – Snowden was the archetypal insider threat. Whatever your ethical stance concerning his actions, businesses and government must learn from this leak. However, that it is easier said than done when the current cyber landscape is dominated by news of state-sponsored and external cyber attacks – it’s hard to look inside, when you are so busy looking outside.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Both business and government have no easy task – from managing privileged identities to shadow IT, phishing and so on, it is becoming ever harder to protect both externally and internally.

For Inglis, part of the solution lies in behavioural analytics that analyse and monitor patterns of user behaviour in order to spot threats. User & Entity Behaviour Analytics (UEBA) technology can distinguish between a trusted employee with privileged access and one that has gone rouge. Of course, UEBA technology is just one part of the solution – Inglis also advised businesses to ‘enforce discipline’ at all levels of the business, as well as ensure a level of transparency across the organisation.

However, the one piece of advice which resonates the most is to never underestimate the insider threat – as Snowden proved to the NSA.

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.