Type of Culminating Activity

Graduate Student Project

Graduation Date

8-2023

Degree Title

Master of Science in Cyber Operations and Resilience

Major Advisor

Sin Ming Loo, Ph.D.

Abstract

Jack Teixeira, a 21-year-old IT specialist Air National Guard found himself on the wrong side of the US law after sharing what is considered classified and extremely sensitive information about USA's operations and role in Ukraine and Russia war. Like other previous cases of leakage of classified intelligence, the case of Teixeira raises concerns about the weaknesses and vulnerability of federal agencies' IT systems and security protocols governing accessibility to classified documents. Internal leakages of such classified documents hurt national security and can harm the country, especially when such secretive intelligence finds its way into the hands of enemies. Unauthorized disclosure of secretive documents and information is a result of rarely noticeable insider threats. Addressing such threats requires highly sophisticated technology such as Zero Trust Architecture based on multi-authentication and continuous monitoring of the behaviors of users of the IT system. A Zero Trust Architecture (ZTA) is recommended as the best solution to assist federal agencies and departments such as the Air National Guard in curbing unauthorized disclosure of intelligence with significant harm to national security. This solution is based on multi-authentication and authorization of users, devices, applications, networks, and links before accessing or using an IT system. Therefore, for the agency, implementing ZTA will offer it an identity-centered access control and continuous monitoring of the behaviors of users to identify anomalies and other suspicious activities that can contribute to leaking classified intelligence. ZTA is the best solution in these federal agencies because despite individuals having security clearance to classified information, they will still be required to be validated, authenticated, and authorized before accessing the systems and other Sensitive Compartmented Information Storage (SCIS). Apart from multiple-authentication, behavioral analytics will be used to analyze and monitor their actions and behaviors while interacting with IT systems and sensitive data storage areas.

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Share

COinS