A Look at the Pentagon’s Insider Threat Program
When the word “security” pops up in discussions about the government, it’s usually in relation to an outside threat. But two years after Edward Snowden became infamous for exposing the details of classified government surveillance programs, a growing number of federal agencies have reportedly dealt with data loss as a result of insider issues.
A surprising 45 percent of feds say they’ve experienced trouble with digital insiders, MeriTalk reports. In addition, at least one-third have lost data because of insiders. Digital insiders are trusted sources, typically employees granted network access, who either consciously or unknowingly reveal information. The government has begun to implement insider threat programs, but Joseph Kirschbaum, director of defense capabilities and management for the Government Accountability Office, says the Department of Defense (DOD) is ahead of the curve.
“A lot of the component parts that comprise insider threats have existed before,” Kirschbaum told MeriTalk. “The Department of Defense has well-established and well-practiced programs to do things like anti-terrorism force protection to protect facilities and people from outside the wire. Shifting that focus inside is, in some cases, an adaptation of those policies and procedures, and the department has been practicing those.”
Kirschbaum added that after conducting self-reviews, agencies could draw on familiar principles to establish strong insider threat programs. “It’s really a matter of determining what’s normal in an organization, what the expectation for normal is, and then what the deviation from normal might be,” Kirschbaum explained.
“A lot of this takes from traditional disciplines of risk management, threat detection and response. For insider threats, it’s largely a matter of bringing many of those disciplines together, bringing the information together, and the insider threats programs and standards the Department of Defense has been acting on does that.”
Furthermore, the DOD’s continuous monitoring efforts are similar to that of the intelligence community. “The individual techniques and tools may differ, but the concepts are the same,” Kirschbaum said.
Technology will play a role in this, but Kirschbaum insists that will be a matter of specifics. “That’s going to be a constant game of determining what tools are going to help which elements, and then which tools can be integrated into a broader system of systems,” he said.
