Efforts to stop insider spying have focused mainly on trying ever harder to develop profiles or other indicators for detecting potential or current insider spies, these days favoring high-technology methods.
While profiling has achieved its successes, the Law of Diminishing Returns enters the picture. Investing more and more into profiling and detection starts to approach limitations due to minimal added effectiveness, at the expense of rapidly escalating costs, which include negative impacts on workforce morale due to intrusiveness and false positives.
Time and again, human ingenuity seems able to defeat the most stringent protection regimes. For us to prevail over insider spying, we have room for improvement. There is room for something new.
If anything, recent events have increased the urgency. While the focus here will be on “classic” state-sponsored spying, the recent notorious “whistleblowers,” Bradley Manning and Edward Snowden, have shown how easy it is to abscond with vast quantities of classified documents, given our reliance on electronic files. They went for one-time showy splurges of secrets, which is bad enough. Worse still are the usual practices of classic spies, who are still very busy out there.
This highlights the real challenge: how to protect our secrets when we don’t know what secrets have been given away to our enemies by unidentified insider spies, working in the shadows for years on end with no outward drama.