Questions and answers from the government on the 'insider threat program'
06/21/2013 5:38 AM
06/21/2013 5:38 AM
To DOD: Questions from McClatchy -
We are reporting out a story on the Insider Threat Program that has been under implementation since 2011, and have the following questions. We'd appreciate a response by the late Thursday afternoon.
1. Some current and former U.S. officials are concerned about the increased reliance on employees to monitor their co-workers' behaviors as a means of detecting insider threats. What precautions are being taken to ensure that this doesn't result in false or unsubstantiated reports?
2. Could you provide a list of the behavioral "indicators" that employees are being trained to recognize in detecting and identifying insider threats? Are these indicators similar to those listed in DoD Directive 5240.06, Enclosure 4?
3. CI professionals undergo years of training and experience in detecting and identifying insider threats. Is it realistic to expect DoD employees to acquire such skills through a routine training course?
4. The DoD Strategic Plan produced by the Unauthorized Disclosures Working Group last June says that, unauthorized disclosures of classified information to the public "harms us as much as spies and is tantamount to aiding the enemies of the United States." How does that view accommodate disclosures like the Pentagon Papers?
5. Since the implementation of this program, how many insider threat cases have been opened and how many have been successfully dealt with either administratively or through referrals to DoJ?
Response from DOD
Below is what I am able to share on the record as a Defense Department spokesman regarding the department's efforts to address the insider threat and unauthorized disclosures:
Under policy direction from the Office of the Under Secretary of Policy and oversight by the Defense Security Enterprise, the Office of the Under Secretary of Intelligence and the DoD Chief Information Officer have established a joint DoD project team to develop a comprehensive DoD Insider Threat Program that leverages counterintelligence, security, and information assurance capabilities in accordance with the National Insider Threat Policy and Minimum Standards.
The department is currently coordinating a draft insider threat policy that will provide an overarching structure for compliance with the national insider threat policy. Additionally, the department is restructuring its current governance process for the oversight of insider threat policy implementation to include additional functions for law enforcement, information assurance, and a range of security disciplines.
Worth noting are several key points that address the department's insider threat concern:
- DoD personnel may report a suspicious incident or behavior to the appropriate officials based upon briefings they have received, training or simply their concern about a situation. Law enforcement, security, counterintelligence or other officials will assess the information and in collaboration with legal support, the chain of command and other required stakeholders will make a determination on any future action. The individual is not penalized for reporting something in good faith that may turn out to be unfounded. Pursuant to DoD directive 5240.06, Counterintelligence Awareness and Reporting, department personnel are required to report suspicious incidents concerning possible foreign intelligence service or international terrorist threats to the department based upon a number of indicators provided in that document.
- In addition to guidelines provided in DoD Directive 5240.06 on counterintelligence threats, the Office of the Director of National Intelligence has issued Federal investigative standards and adjudicative guidelines for determining the reliability of cleared personnel. Those standards apply to all personnel across the department.
- Insider threat situations are not only related to the counterintelligence mission. Security, counterintelligence and the information assurance communities work closely together - particularly regarding the unauthorized disclosure of classified information.
- Counterintelligence, security, and information security specialists throughout the department are available to answer questions, and help DoD members if they have questions on reportable matters. These experts will work with the appropriate parties to evaluate the reported information and determine the required actions.
- Executive Order 12356 and DoD manual 5200.01 set thresholds for the classification of information, the unauthorized disclosure of which can reasonably be expected to cause damage, serious damage, or exceptionally grave damage to national security. Unauthorized disclosures (UDs) of classified information to the public are in fact made available to all -- including to adversaries. Unauthorized disclosures of classified information put at risk the success of the most sensitive classified operations, plans, partnerships, and technologies of the department and our mission partners. It is not an overstatement to say that human lives are at times jeopardized when someone leaks classified information.
- The federal government, including DoD, also have long-established policy and procedures for individuals to submit challenges to classification decisions. If personnel have reason to believe that information is improperly or unnecessarily classified, they must communicate that view to their security manager or the original classification authority to bring about a correction. DoD component leaders must ensure no retribution is taken against an individual who questions a classification or formally challenges a classification. Each component has a system for processing, tracking, and recording formal classification challenges, including administrative appeals of classification decisions, and must ensure all personnel are made aware of the established procedures for classification challenges.
Questions and answers from Peace Corps
I am reporting out a possible story on how federal agencies are implementing President Obama's Oct. 7, 2011, Executive Order 13587 on improving safeguards against unauthorized disclosures of classified information. Here's the order: http://www.whitehouse.gov/the-press-office/2011/10/07/executive-order-structural-reforms-improve-security-classified-networks- An October 14, 2011 memo instructed your agency and others to carry out the executive order. I have the following questions: 1. What specific steps has your agency taken to implement the EO? 2. Did your self-assessments determine that your agency's safeguards against UDs (unauthorized disclosures) were inadequate? If so, what corrective actions were taken and improvements realized? 3. Has your agency begun providing monthly reports on UDs to the Senior Information Sharing and Safeguarding Steering Committee? 4. Has your agency selected a POC to facilitate this reporting? 5. Have your efforts resulted in increased detection of UDs? If so, how does your agency determine whether they should be handled administratively or referred for criminal investigation? 6. Has your agency encountered any specific problems or objections to implementing the EO? If so, what have they been? 7. Can we get copies of the guidance and standards that your agency has developed for insider threat detection? 8. Can you provide us with your self-assessments or summaries of the assessments?
Response from Peace Corps:
Below is what I can offer you, on background from a Peace Corps official please.
The Peace Corps takes very seriously the obligation to protect sensitive information and is working to implement Executive Order 13587 as directed by the President. The agency has identified a senior official to oversee classified information sharing, safeguarding efforts, and implementation of an insider threat detection and prevention program. The agency has conducted the required internal assessment, and a cross-departmental team of Peace Corps staff has been identified and trained to support the program. The Peace Corps is working in coordination with the National Insider Threat Task Force to ensure the security of classified networks and the responsible sharing and safeguarding of classified information.