The Foreign Service Journal, December 2005

The Need to Remain Vigilant As DS already recognizes, pre- venting such a scenario requires a comprehensive policy that com- bines personnel security with cyber- security. Traditional background investigations evaluate a potential employee’s character and lifestyle. Despite their ability to weed out many unsuitable applicants, background investigations are not perfect, especially with longtime employees. However, subsequent background investigations — required for those who hold certain security clearance classifications — may uncover evidence that suggests wrongdoing or raises questions regarding loyalty. Follow- up investigations, as well as initial screenings, need to be “tuned” to pick up indicators of criminal intent or practice. Only through good personnel and physical security prac- tices can the insider threat to computer systems be man- aged, if never fully controlled. For the State Department, main- taining strong defenses against the insider threat is especially acute at its hundreds of embassies and con- sulates around the world. From security to janitorial services, the host country provides the labor pool from which posts hire or con- tract in-country staff support. Despite the efforts of the department to validate back- ground information, their potential impact on facility security generally, and cybersecurity in particular, cannot be overlooked. Because foreign nationals may have significant access to and knowledge of security operations, foreign intelli- gence services or terrorist organizations could use the cover of legitimate employment for operational surveil- lance and intelligence gathering, and certainly might do so to conduct a cyber- or physical attack. However, it is F O C U S 48 F O R E I G N S E R V I C E J O U R N A L / D E C E M B E R 2 0 0 5 Even as State works to shore up cybersecurity, the threats it confronts are growing more complex.