recommended reading

TSA drops ‘insider threat’ label from spyware buy

David Goldman/AP

The Transportation Security Administration has reissued a June 20 purchase order for spyware that monitors employees’ computer activities under a new name, explaining that contractors complained the scope of the earlier descriptor was too constricting.

The agency now is shopping for “host-based monitoring and digital forensics software” after announcing in June it needed “insider threat software.” The two solicitations are nearly identical, each bearing an itemized list of keystrokes and other digital evidence of snitching that the technology must capture.

The new request for proposals, released Friday, drops all references to insider threats.

When TSA first asked for product submissions in June, the feedback from vendors suggested that the language in the request was too narrow in scope, an agency official told Nextgov.  The official acknowledged that TSA is re-soliciting industry with no changes to the technical requirements.

The new write-up reads: “The scope of this procurement is an enterprise solution to host-based monitoring and the collection of digital forensics information. The information assurance and cybersecurity division /focused operations branch supports areas of cyber threats and digital forensics. FO is seeking an enterprise technology that will automate enterprisewide host-based monitoring.”

The old scope read: “Focused operations is in need of a tool to help detect an insider threat. The focus is to monitor at the host level. FO has determined that the best method to monitor and detect insider threats is at the user host level. The scope of this procurement is an enterprise insider threat software package. In order to detect an insider threat, technology is required to monitor and obtain visibility into users' actions.”

Nextgov asked a TSA official why the “insider threat” label was limiting options, given that some experts narrowly define the new term “digital forensics” to mean the practice of scrutinizing digital records for evidence that can hold up in court.

The official replied that because new vendors are constantly entering the market, the thinking is it makes sense to see if a second request will yield additional vendors capable of providing adequate software that fulfills the agency’s desires.

The sought-after system will be designed to record keystrokes and chat sessions, monitor emails and attachments, log website visits and file transfers, track the movement of documents, and capture screenshots. All the surveillance will be fed to a central command center.  

The technology is intended to run without the target’s knowledge. “The end user must not have the ability to detect this technology,” and must not have the power “to kill the process,” both work descriptions state.

The software will be configured to sift through aggregated information to spot connections and trends, or “mine through all the collected data using built-in or third-party tools,” the contracting papers noted.

McAfee currently supplies the Pentagon with a similar leak-prevention tool called the Host-Based Security System. The NATO force that fights Afghan insurgents also is installing an anti-leak product, because it has had no way of detecting unauthorized downloads and data sharing.

Government agencies worldwide are installing personnel surveillance software following the 2009 transfer of thousands of classified materials associated with the Middle East wars to anti-secrets website WikiLeaks. 

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.