What About Countering Insider Threats?

It's a rule of thumb that insiders pose the greatest threat to classified information systems -- a rule sadly reinforced by the public release of 91,000 classified, purloined Defense Department documents by Wikileaks.

Defense has zeroed in on Army Pfc. Bradley Manning as the source of the documents Wikileaks released, because it already has him in custody for allegedly leaking other documents to Wikileaks this year.

While the Pentagon has been all over the news in its reaction to potential damage caused by this massive leak, it has been strangely silent on any new plans to counter insider threats -- or how, as the New York Times put it, a private was able to "exploit a loophole in Defense Department security to copy thousands of files onto compact discs over a six-month period. In at least one instance, according to people familiar with the inquiry, Private Manning smuggled highly classified data out of his intelligence unit on a disc made to look like a music CD by Lady Gaga."

This may have something to do with the fact that in fiscal 2010, the Defense Information Systems Agency budgeted a mere $814,000 for insider threat detection systems and asked for a $2.2 million budget for insider detection tools in fiscal 2011. That's out of an overall information systems security operations and maintenance budget request of $288.6 million.

Since insiders account for 75 percent of leaks, why does DISA allocate such a small amount of its budget to countering the biggest part of the information security problem?