Pentagon launches Insider Threat Program
Several years in the making, the program looks to create an integrated process for keeping classified information under wraps.
Three years after a presidential directive ordered federal agencies to better ensure safe handling of information—and in the wake of the disclosures of Edward Snowden—the Pentagon has issued a directive implementing the DOD Insider Threat Program.
The directive, dated Sept. 30, covers all components of the Defense Department, as well as contractors, volunteers and others who have access to DOD resources. It sets policies and assigns responsibilities for preventing, detecting and mitigating damaging actions by insiders.
The program will implement the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, which was issued by President Barack Obama in November 2012 and gave executive branch agencies baseline standards for defending against insider threats and providing awareness training for employees.
DOD’s program has been several years in the making. In October 2011, Obama issued an executive order to federal agencies on safeguarding classified information, following that a year later with the National Insider Threat Policy. In November 2013, while researching ways to prevent insider threats, the Pentagon issued a request for proposals to industry, looking for expertise in confronting the problem.
In implementing the program, the directive outlines several parameters, including:
- Preventing insider threats requires the integration and synchronization of programs throughout DOD and must account for the possibilities of espionage, terrorism, unauthorized disclosure of national security information, or the loss or degradation of resources or capabilities.
- The program will monitor and audit information from sources including counterintelligence, security, cybersecurity, civilian and military personnel management, workplace violence, antiterrorism risk management, law enforcement, user monitoring and other sources as necessary.
- The program will provide training, education, and awareness to military and civilian personnel, contractors and volunteers who have access to DOD resources.
- Any use of information must comply with applicable laws and DOD policies, including those regarding whistleblower, civil liberties and privacy protections.
Compliance with the directive will include quarterly compliance reports from DOD components and an annual progress report from the insider threat program.