recommended reading

TSA drops ‘insider threat’ label from spyware buy

David Goldman/AP

The Transportation Security Administration has reissued a June 20 purchase order for spyware that monitors employees’ computer activities under a new name, explaining that contractors complained the scope of the earlier descriptor was too constricting.

The agency now is shopping for “host-based monitoring and digital forensics software” after announcing in June it needed “insider threat software.” The two solicitations are nearly identical, each bearing an itemized list of keystrokes and other digital evidence of snitching that the technology must capture.

The new request for proposals, released Friday, drops all references to insider threats.

When TSA first asked for product submissions in June, the feedback from vendors suggested that the language in the request was too narrow in scope, an agency official told Nextgov.  The official acknowledged that TSA is re-soliciting industry with no changes to the technical requirements.

The new write-up reads: “The scope of this procurement is an enterprise solution to host-based monitoring and the collection of digital forensics information. The information assurance and cybersecurity division /focused operations branch supports areas of cyber threats and digital forensics. FO is seeking an enterprise technology that will automate enterprisewide host-based monitoring.”

The old scope read: “Focused operations is in need of a tool to help detect an insider threat. The focus is to monitor at the host level. FO has determined that the best method to monitor and detect insider threats is at the user host level. The scope of this procurement is an enterprise insider threat software package. In order to detect an insider threat, technology is required to monitor and obtain visibility into users' actions.”

Nextgov asked a TSA official why the “insider threat” label was limiting options, given that some experts narrowly define the new term “digital forensics” to mean the practice of scrutinizing digital records for evidence that can hold up in court.

The official replied that because new vendors are constantly entering the market, the thinking is it makes sense to see if a second request will yield additional vendors capable of providing adequate software that fulfills the agency’s desires.

The sought-after system will be designed to record keystrokes and chat sessions, monitor emails and attachments, log website visits and file transfers, track the movement of documents, and capture screenshots. All the surveillance will be fed to a central command center.  

The technology is intended to run without the target’s knowledge. “The end user must not have the ability to detect this technology,” and must not have the power “to kill the process,” both work descriptions state.

The software will be configured to sift through aggregated information to spot connections and trends, or “mine through all the collected data using built-in or third-party tools,” the contracting papers noted.

McAfee currently supplies the Pentagon with a similar leak-prevention tool called the Host-Based Security System. The NATO force that fights Afghan insurgents also is installing an anti-leak product, because it has had no way of detecting unauthorized downloads and data sharing.

Government agencies worldwide are installing personnel surveillance software following the 2009 transfer of thousands of classified materials associated with the Middle East wars to anti-secrets website WikiLeaks. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.