Pentagon Is Building Massive Hub of Insider Threat Data

Andrea Danti/Shutterstock.com

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
Aliya Sternstein By Aliya Sternstein,
Senior Correspondent

By Aliya Sternstein

|

Some civil liberties advocates say the system could create a culture of mutual suspicion that silences whistle-blowers.

The Defense Department is building a massive information-sharing system detailing national security personnel and individuals cleared for accessing U.S. secrets, to flag who among them might be potential turncoats or other "insider threats."

The “DOD Component Insider Threat Records System” is part of the U.S. government's response to the 2010 leaks of classified diplomatic cables by former Pfc. Chelsea Manning. A 2011 so-called WikiLeaks executive order called for an "insider threat detection" program. 

A review of the 2013 Washington Navy Yard shootings found the department still lacked "a centralized hub" to obtain a holistic view into potential threats, Defense spokeswoman Linda Rojas told Nextgov in an email.

Now, the Pentagon is establishing a team of “cross-functional experts" trained in cybersecurity, privacy, law enforcement, intelligence and psychology -- aided by the new workflow technology -- to help fill that gap, she said. 

But some civil liberties advocates say this Defensewide insider threat analytics system could create a culture of mutual suspicion that silences whistleblowers.

The Pentagon expects to enter into the tool information that is gleaned, in part, from a new "continuous evaluation" approach to screening clearance-holders that uses automated data checks, according to a May 19 Privacy Act notice. 

The insider-threat system also will share data pulled from public social media posts and "user activity monitoring" of employees’ private digital habits at work, the notice states. The surveillance of military networks may include keystrokes, screen captures, and content transmitted via email, chat, and data import or export.

Earlier this month, Director of National Intelligence James Clapper signed a policy that would authorize investigators to vet public social media posts when conducting background checks of national security personnel.

In the privacy notice, Aaron Siegel, alternate defense Federal Register liaison officer, describes user activity monitoring as the technical capability to "record the actions and activities of all users, at any time, on a computer network controlled by DOD."

The insider threat technology also would disseminate equal employment opportunity complaints, security violations and personal contact records, the notice states. Logs of printer, copier and fax machine use would be shared through the tool. Public information from professional certifications -- like pilot's licenses, firearms and explosive permits -- would be fair game too, the notice states.

Traitor or Truthsayer?

Referring to the equal employment opportunity complaints and security violation data, some civil liberties advocates said the new technology could propagate misleading information about behaviors common in any workplace. 

"Almost all of us at different periods of time, have been upset with the people we work with, and that is part of the human nature, so to identify that behavior as potentially troubling and indicative of being a -- quote -- insider threat is both inappropriate and likely to lead to errors," said Michael German, a 16-year FBI veteran, who now is a fellow with the Brennan Center for Justice’s Liberty and National Security Program. 

“When you read the insider threat material, what they view as a threat is somebody reporting information about government activity to the press, which is, in a democratic society, not only important but necessary,” he said.

According to the privacy notice, the system will be governed under the following definition of "insider threat:”

The threat that an insider will use his or her access, wittingly or unwittingly, to do harm to the security of the United States. This threat includes damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or the loss or degradation of government, company, contract or program information, resources, or capabilities.

German said personnel who ruffle the feathers of managers while trying to root out government abuses could be tracked by the system.

"They are definitely attempting to get whistleblowers and people who are reporting the truth in the face of government efforts to suppress that truth," he said. "The real threat are the people that they are not seeing," German added, pointing to cases like that of Robert Hanssen, who spied for the Russian government while serving at the FBI -- unnoticed -- between 1979 and 2001. 

And if national security personnel know their criticisms will be widely circulated, they might shy away from reporting problems, German said. 

"If you have an agency whose mission is national security and that entity is being hampered by waste, fraud, misconduct or illegality, you would think reporting that would be something that is positive and promoted, but this program would tend to suppress that type of internal activity and instead cause more problems which then undermine our national security goals," he said.

System Specs

Defense officials said only military-affiliated personnel who fall under certain criteria will be entered into the insider-threat system. 

"Adequate controls, training and oversight are in place to ensure that personally identifiable information is protected and that only information which meets a pre-determined threshold is entered into the system," Rojas said. 

The tool will share records on people eligible to hold sensitive Defense positions and people granted security clearances who have "exhibited actual, probable, or possible indications of insider threat behaviors or activities," Siegel said in the privacy notice.

Only personnel trained in insider threat, privacy and civil liberties, and intelligence oversight, who are approved by the department, will be allowed to use the system, Rojas said. The system will not be activated until after a public comment period that ends June 20.

Insider threat programs require "a holistic approach to information management," as the "data containing anomalous behaviors that may be indicative of an insider threat can come from many sources, such as personnel security, physical security, information assurance, and law enforcement," Rojas said. But right now, this information is not easy to access, plus the size and complexity of the Pentagon makes it hard to share information among military components, she said.

The insider threat tool's "workflow management and analytics" features will facilitate the exchange of information, Rojas said. When one department unit identifies and validates behavior that may signal a threat, it can be shared with other department units for further analysis, once the tool is in place, she said.

The system also will provide access to traditional background check records like biometric data files, and self-reported "SF-86" forms detailing the medical and personal lives of individuals applying for security clearances.

On the Record

A diverse group, including the press and civilian agency employers, will be able to use certain material in the system, according to the privacy notice.

Information in the tool also could be used outside the Pentagon for HR, licensing and counterterrorism purposes.

For example, other federal and state agencies can obtain information relevant to a "decision concerning the hiring or retention" of a worker, the notice states. The "news media or the general public" can view factual information in the public interest and does not constitute an unwarranted invasion of personal privacy, Siegel said. And congressional offices can request records on specific individuals.

In addition to active troops, individuals profiled by the system could include National Guard members, civilian employees cleared to handle classified material, and defense contractors, the notice states.

U.S. Coast Guard members, "mobilized" retired military personnel, and Limited Access Authorization grantees could be documented in the system, too, according to the notice.

NEXT STORY: White House Issues Cyber Framework for Protecting ‘Precision Medicine’ Patient Data

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.