recommended reading

TSA drops ‘insider threat’ label from spyware buy

David Goldman/AP

The Transportation Security Administration has reissued a June 20 purchase order for spyware that monitors employees’ computer activities under a new name, explaining that contractors complained the scope of the earlier descriptor was too constricting.

The agency now is shopping for “host-based monitoring and digital forensics software” after announcing in June it needed “insider threat software.” The two solicitations are nearly identical, each bearing an itemized list of keystrokes and other digital evidence of snitching that the technology must capture.

The new request for proposals, released Friday, drops all references to insider threats.

When TSA first asked for product submissions in June, the feedback from vendors suggested that the language in the request was too narrow in scope, an agency official told Nextgov.  The official acknowledged that TSA is re-soliciting industry with no changes to the technical requirements.

The new write-up reads: “The scope of this procurement is an enterprise solution to host-based monitoring and the collection of digital forensics information. The information assurance and cybersecurity division /focused operations branch supports areas of cyber threats and digital forensics. FO is seeking an enterprise technology that will automate enterprisewide host-based monitoring.”

The old scope read: “Focused operations is in need of a tool to help detect an insider threat. The focus is to monitor at the host level. FO has determined that the best method to monitor and detect insider threats is at the user host level. The scope of this procurement is an enterprise insider threat software package. In order to detect an insider threat, technology is required to monitor and obtain visibility into users' actions.”

Nextgov asked a TSA official why the “insider threat” label was limiting options, given that some experts narrowly define the new term “digital forensics” to mean the practice of scrutinizing digital records for evidence that can hold up in court.

The official replied that because new vendors are constantly entering the market, the thinking is it makes sense to see if a second request will yield additional vendors capable of providing adequate software that fulfills the agency’s desires.

The sought-after system will be designed to record keystrokes and chat sessions, monitor emails and attachments, log website visits and file transfers, track the movement of documents, and capture screenshots. All the surveillance will be fed to a central command center.  

The technology is intended to run without the target’s knowledge. “The end user must not have the ability to detect this technology,” and must not have the power “to kill the process,” both work descriptions state.

The software will be configured to sift through aggregated information to spot connections and trends, or “mine through all the collected data using built-in or third-party tools,” the contracting papers noted.

McAfee currently supplies the Pentagon with a similar leak-prevention tool called the Host-Based Security System. The NATO force that fights Afghan insurgents also is installing an anti-leak product, because it has had no way of detecting unauthorized downloads and data sharing.

Government agencies worldwide are installing personnel surveillance software following the 2009 transfer of thousands of classified materials associated with the Middle East wars to anti-secrets website WikiLeaks. 

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.