At U.S. Strategic Command in Omaha, Nebraska, a cyberthreat analyst busily monitors potential insider threats for the command’s top-secret, secret and classified networks.
Mariah Miller-Gordon, 25, the developer of the year-old program — called the Cyber Threat Analysis Risk Assessment Matrix — is preparing the matrix for use at other Defense Department organizations.
On Nov. 29, at the 2018 DOD Chief Information Officer Annual Awards for Cyber and Information Technology Excellence ceremony at the Pentagon, Miller-Gordon won an individual award for her work in developing a matrix aimed at identifying insider threats.
She credited a team effort in her division for the win, noting that her team identified the need for a system that documented and described “the whole threat profile of an individual and what it looks like to the command,” she said.
Quantifying Insider Threats
The matrix helps quantify insider threats, and in the first year of its use Stratcom has identified more than 250 potential insider threats, thanks to Miller-Gordon’s vision.
“The risk matrix came as a need to ... describe how it [insider threats] actually impacts the mission and how we quantify those things,” she said.
“You’ve got to know what’s valuable to the J-3 [operations], the J-5 [plans and policy], to safeguard that information. If you don’t know what the information does or doesn’t do, then you don’t know how it will impact the mission,” Miller-Gordon explained.
And, she added, quantifying is still a big challenge as her division moves forward.
“The matrix is important to stop insider threats because it’s not about [just] one thing somebody does,” Miller-Gordon said. “In the business of insider threats … it’s one small thing here, one small thing there, and it leads to a bigger mosaic. And the matrix is important because it helps us pictorially quantify that threat mosaic that somebody might have.”
“People go through tough times, life happens, and there’s that whole burden of existence, and it’s hard to say, ‘Oh, somebody has financial issues and they’re an insider threat because they need money and might sell secrets.’ That’s not always the case,” she said.
Connecting The Dots
But her division still has to know that indicator exists because otherwise there’s no way to progress to knowing if it’s a threat or not, Miller-Gordon added.
Looking at potential insider threats is a game of connect the dots, she noted.
And, “it’s as much tracking the insider threat as it is keeping the workforce healthy, whole and safe, and making sure people are protected,” Miller-Gordon said. “We’re almost like the protectors of the people inside the building [in addition to] trying to find the insider threat.”
Will the matrix someday be used departmentwide? It’s her understanding that it will, at some point.
“It really will be an asset to the DOD community at large as we start to move into understanding what the insider threat is; not just cyberwise, but also behaviorwise, and how those two integrate,” she said.