The request for information stems from an executive order issued in 2011.
The Air Force is looking into commercially available data sources that can ethically capture public information on people to help keep its officials up to speed on insider threats.
According to a request for information updated Wednesday, the military branch wants to pinpoint “Public Persona Cyber Data Sources,” or services that can provide a wide range of data and information on specific individuals, in a way that’s collected legally from the internet, and with a high degree of certainty. The Air Force was mandated by an executive order in 2011 and follow-on policy in 2012 to build and maintain a related capability to monitor insider threats.
“Within the last decade, the national loss due to insider activities has included loss of national information assets, harm to national security, and workplace violence,” officials wrote in the RFI. “[The Air Force] is conducting market research to identify government releasable, publicly available personal data sources that may be acquired in a legal, suitable and cost effective manner to meet the National Insider Threat Policy requirements for data collection.”
In 2011 President Barack Obama issued an executive order on “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information,” which mandated the Defense Department component and other agencies that operate or access classified computer networks to establish insider threat detection and prevention programs. The following year, Obama issued the National Insider Threat Policy and Minimum Standards to set forth expectations that the component insider threat programs must meet. The standards direct relevant agency heads to “build and maintain an insider threat analytic and response capability to manually and/or electronically gather, integrate, review, assess, and respond to information derived from [counter intelligence, security, information assurance, human resources, and law enforcement], the monitoring of user activity and other sources as necessary and appropriate.”
According to officials in the RFI, “early industry involvement to identify legally available public data sources is critical to the success of this mission.”
The Air Force calls on interested businesses that offer such services to describe the data they collect and can provide, as well as their review and oversight processes. Officials also ask how the services protect the confidentiality of individual information, the metrics they use to prove that the information collected is correct and attached to the right individuals, how the entities retrieve and store that data, and a variety of other inquiries.
Those who wish to participate must submit responses via email by Jan. 23.
NEXT STORY: What’s Next for Iran’s Cyber Actors?