Plan for dealing with insider threats getting close

The administration last year mandated a national program to defend against insider threats in government, and a national policy with standards for enforcement are expected by year’s end, officials said.

“It’s going to take a while to implement,” said John E. Swift III of the Office of the Director of National Intelligence and assistant director of the Insider Threat Task Force.

A policy is in draft form and is expected to go to the White House for review by the national security staff in the next month or two, Swift said April 4 at the FOSE conference in Washington. Standards development is waiting for the policy to be completed, but is due to be issued by October.


Related story:

Which is the bigger threat, missiles or hackers?


 “It’s going to take a while before agencies have a hard list of standards to follow,” Swift said, and it will take a “considerable time” to implement them once available. But although the creation of a coherent national program on insider threats is new, most agencies already are collecting data and have some components of a program in place. “No agency is starting from scratch.”

The insider threat program was called for in Executive Order 13587, in October 2011 in the wake of the Wikileaks exposure of a cache of classified documents. The order’s goal is “to ensure the responsible sharing and safeguarding of classified national security information on computer networks.”

Combining the appropriate levels of security while enabling necessary sharing and respecting the privacy of employees is a delicate balance, said Gordon Snow, assistant director of the FBI’s Cyber Division.

The FBI and ODNI are the lead agencies in a Senior Information Sharing and Safeguarding Steering Committee that is developing the policy.

“The insider threat has existed for as long as we have had secrets,” Snow said. “What makes it difficult today is the amount and the speed with which that information can be exploited.”

Technology is one key to protecting data and ensuring accountability, and tools such as the smart ID cards mandated for government use are only part of the solution. But it is not a panacea, officials said, and implementing use of a common, electronic ID for both logical and physical access is not a simple process.

“We have a cultural acceptance problem with many of the agencies,” Snow said.

“Thinking that we can tackle the problem with only a technology solution is a mistake,” said Deanna Caputo, lead behavioral psychologist at Mitre Corp.

Behavioral profiling has been identified as a priority for identifying potential insider threats, and Caputo is working with the task force to develop a set of indicators that can be used to predict risk. The goal is to create clusters of indicators so that potential problems can be identified at a high level without violating privacy, using information already being gathered routinely on government employees, especially those with high security clearances.

Caputo said there is no restriction on broadly monitoring for behavioral indicators an entire population of employees, but that targeting specific employees for monitoring for specific characteristics or activities could require a finding that justifies a closer look or a formal investigation. Panelists emphasized that the policy is intended to respect privacy.

“This order shall be implemented consistent with applicable law and appropriate protections for privacy and civil liberties, and subject to the availability of appropriations,” the order says.

 

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Mon, Apr 16, 2012 Chuck G. Baltimore, MD

It appears that senior leadership continues to miss the most effective and important insider threat mitigation strategy available...it's NOT technology...it's NOT behavioral profiling...it is GOOD LEADERSHIP. There’s only been one case that I am aware of that involved a person purposely navigating their way into an agency to conduct espionage…for the rest of the bad apples, they were created as a result of poor or ineffective agency leadership practices - I don’t believe any insider threat joined their agency with the intent to do it or our Nation harm. Agencies would do better to look at how poor and ineffective leadership played a role in what happened, as in the Wikileaks case. So, in addition to the technology and profiling, agency leaders should make sure that they: a) First, make sure they are hiring quality people; b) Train and place them in positions that foster trust and loyalty; c) Care for them with good leadership, watching for signs that something may be wrong; d) When something crops up, deal with it – don’t ignore it and hope it goes away; e) Give them attention and rewards for doing the right thing; f) Stop subjecting them to archaic policies and rules that destroys trust; and g) Quickly get rid of the bad apples and stop making excuses for keeping them around. r/Chuck

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above