DHS Research Wing Remains Vulnerable to Insider Threats

Employees, contractors and private sector partners of the Homeland Security Department’s science and technology wing could use their insider knowledge to undermine mission-critical systems and operations, according to a recent auditor’s report.

The audit, released Oct. 1, is based on a six-month investigation by Homeland Security’s inspector general’s office, which concluded in June 2017. The office made nine recommendations.

All of those recommendations are classified. The report is also classified except for a one-page unclassified summary.

The government has struggled to address the threat of a trusted insider leaking sensitive information or intentionally causing violence or destruction since 2013.

In June of that year, National Security Agency contractor Edward Snowden delivered reams of documents about classified surveillance programs to reporters. In September, contractor Aaron Alexis killed a dozen people in a shooting at Washington’s Navy Yard.

Programs to mitigate insider threats typically focus on limiting access to certain systems and data to the people who really need to use them and continuously monitoring what data employees and contractors access to look for anomalies.

Some intelligence and military divisions have also launched programs to continuously evaluate public records, such as arrest reports and property sales, to spot employees who might be behaving abnormally or suffering from extra stress or strain.

The Science and Technology Directorate is Homeland Security’s main research wing, which conducts and funds research focused on cybersecurity, chemical and biological threats, transportation security and nuclear and radiological threats, among other issues.