Managers Who Stay Connected to Remote Employees Could Reduce Insider Threats, State Official Says

The coronavirus pandemic forced much of the federal workforce into a situation that usually serves as a primary indicator of insider threat, according to the State Department’s Jacqueline Atiles.

“People are isolated right now and that is the number one indicator of insider threat,” said Atiles, program director of State’s Insider Threat Program. She spoke to Nextgov to share some tips for ensuring employees don’t compromise the safety of people, property or information from within the government during the month which the Office of the Director of National Intelligence officially designated for that purpose last year.

A 2011 executive order required all agencies to implement an insider threat program. Atiles noted the importance of managers staying connected with employees and paying particular attention to those entering and exiting the workforce–a group who might be especially vulnerable. Managers should also share information across agencies. 

“In terms of what has changed in the last six months,” she said, referring to the onset of increased remote work, “the stress level has increased across the board. We're starting to see people who, when they were on the edge, they're really losing it. And people who may have been able to handle the stress before, are starting to peak.”

Officials have focused a lot on the technical measures needed to securely work from home, but Atiles said the human element she highlighted at the RSA Security conference in February matters even more today.

“The cyber piece is crucial to identifying insider threat and preventing it, but you cannot forget that people are human,” she said. Managers might try to alleviate some of the extra stress workers are under by organizing activities to bring people together and ensuring consistent contact. 

The State Department’s Insider Threat Program covers anyone with physical or logical access to the department, which amounts to about a quarter of a million people across the globe, Atiles said. One place to focus in on is the processes for getting people in and out of the organization, as entities after information might especially target those entering and exiting the workforce.

“The hard part of the pandemic is the on-boarding and off-boarding process,” she said. “Because if you don't properly tell people what their security requirements are, and you're just worried about getting them set up on the IT systems without the education piece of explaining what you can or cannot do,” vulnerability is multiplied. 

She said if people leave during the pandemic there’s a danger they’re not signing nondisclosure agreements or getting in-person briefings on guidelines they need to follow if they’re going to write a book, for example.  

“It's something you might not think of as insider threat-related, but it is a large issue that can save you down the road from a malicious or negligent attack from occurring,” she said.

Atile also highlighted the importance of sharing information with other agencies. In addition to Thursday being suicide prevention day, September also marks the anniversary of the 2013 Navy Yard shooting, where a civilian contractor fatally shot 12 people.

“Other agencies had pieces of information but nobody was talking to each other and that was really the whole emphasis of the [executive order], is to have them share information,” Atiles said while reflecting on the incident. 

Atiles pointed out a number of cases that occured over the summer to emphasize the seriousness of the threat. But she said it’s sad that a successful insider threat program is likely viewed in terms of arrests.

“It's not just putting people in jail, that's just a small part of it,” she said. “The unfortunate part is the cases that you see are going to be people being arrested for insider threat. What you're not seeing is when we can get in and actually help somebody who needs help, someone who's contemplating committing suicide and we've gotten them to turn around, someone who's having severe issues at work or is making a bad security decision and we were able to correct the path. That’s what you're not seeing. Those people still work here, and that's a good news story.”