Defense Department’s Program to Monitor for Insider Threats Mirrors Other Agencies’ Efforts

The Department of Defense (DOD) is creating a new information-sharing system that is designed to identify department employees who may leak classified material. The system, intended to combat so-called “insider threats,” is an aggressive effort to stop leaks before they happen and is in line with other agencies’ practices. The DOD’s system, formally called the “DOD Component Insider Threat Records System,” is part of an executive order President Barack Obama signed in October 2011, as Defense Systems notes. The order required all federal agencies to set up programs to combat insider threats.

According to a Privacy Act notice entered into the Federal Register, the system will “analyze, monitor, and audit insider threat information for insider threat detection and mitigation within DOD on threats that insiders may pose to DOD and U.S. Government installations, facilities, personnel, missions, or resources.”

A New DOD System

Given the 2010 leaks of classified diplomatic cables by former Pfc. Chelsea Manning, as well as the trove of documents leaked by former National Security Agency contractor Edward Snowden, it makes sense that the DOD is taking an assertive approach to stopping insider threats.

The DOD system will cover employees “who had or have been granted eligibility for access to classified information or eligibility to hold a sensitive position, and who have exhibited actual, probable, or possible indications of insider threat behaviors or activities,” the DOD says. According to the DOD, the program will help identify “systemic insider threat issues and challenges” as well as best practices among other federal insider-threats programs and will lead to solutions to mitigate such leaks.

The DOD-wide system will cover active and reserve military (including National Guard members), civilian and DOD contractor personnel. As Defense Systems reports, the system will “keep track not only of official systems but social media use and other private exchanges made on the job.”

Approaches of Commerce and State Departments  

Federal agencies are stepping up efforts to combat insider threats. Fifty-five percent of agencies now host a formal insider threat program, and 76 percent of IT managers say their agencies are more focused on combating insider threats today than they were a year ago, according to a MeriTalk survey released last September. Officials at both the Commerce and State Departments have said that their programs to fight insider threats are having an impact, though they declined to discuss many operational or technical details. “We’re successful in our nascent insider threat program,” Stephen Smith, insider threat program coordinator for the Bureau of Diplomatic Security, the security and law enforcement arm of the State Department, told FedTech. “We clear anomalous activity, or we take the referral a little further and look at whether the act was malicious and adjudicate it. The program has identified behaviors that cause us to take administrative and sometimes criminal action.”

At the State Dept., the team actively monitors its users and audits classified networks, but Smith was reluctant to talk about specific solutions the agency uses. Looking forward, however, he said he expects that Big Data solutions will help detect insider threats.

“Government can benefit from Big Data to become more responsive,” Smith said. “It doesn’t take much time to exfiltrate sensitive information. We have to be as preventative as possible and mitigate insider threat attacks in a timely fashion.”

Rod Turk, chief information security officer at the Commerce Department, told FedTech  that at the agency, the IT team uses a security information management tool and continuous monitoring to identify potential insider threats. “We’re interested in anomalous behaviors from individuals with elevated privileges. If you see a large amount of classified information downloaded at 2 a.m. on a Saturday, then you know something is wrong,” he said.

For more on how the Commerce and the State departments are tackling insider security threats, visit fedtechmagazine.com/insiderthreat2016.

This content is made possible by FedTech. The editorial staff of Nextgov was not involved in its preparation.