FAS

Insider Threat Policy Equates Leakers, Spies, Terrorists

07.16.13 | 3 min read | Text by Steven Aftergood

A national policy on “insider threats” was developed by the Obama Administration in order to protect against actions by government employees who would harm the security of the nation.  But under the rubric of insider threats, the policy subsumes the seemingly disparate acts of spies, terrorists, and those who leak classified information.

The insider threat is defined as “the threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States.  This threat can include damage to the United States through espionage, terrorism, [or] unauthorized disclosure of national security information,” according to the newly disclosed National Insider Threat Policy, issued in November 2012.

One of the implications of aggregating spies, terrorists and leakers in a single category is that the nation’s spy-hunters and counterterrorism specialists can now be trained upon those who are suspected of leaking classified information.

The National Insider Threat Policy directs agencies to “leverag[e] counterintelligence (CI), security, information assurance, and other relevant functions and resources to identify and counter the insider threat.”

“Agency heads shall ensure personnel assigned to the insider threat program are fully trained in… counterintelligence and security fundamentals….”

Agency heads are directed to grant insider threat program personnel access to “all relevant databases and files” needed to identify, analyze, and resolve insider threat matters.

The National Insider Threat Policy was developed by the Insider Threat Task Force that was established in 2011 by executive order 13587.  The Policy document itself was issued by the White House via Presidential Memorandum on November 21, 2012 but it was not publicly released until last week.

The document was disclosed by the National Counterintelligence Executive (NCIX) after it was independently obtained and reported by Jonathan Landay and Marisa Taylor of McClatchy Newspapers. (“Obama’s crackdown views leaks as aiding enemies of U.S.,” June 20, 2013).

“The National Insider Threat Policy policy is intended to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security,” according to NCIX.

Among the activities mandated by the National Insider Threat Policy is the routine monitoring of user activity on classified government computer networks. “This refers to audit data collection strategies for insider threat detection, leveraging hardware and/or software with triggers deployed on classified networks to detect, monitor, and analyze anomalous user behavior for indicators of misuse.”

But a different sort of approach to combating leaks — an approach not represented in the Insider Threat Policy — would require an ongoing critical examination of the scope and application of official secrecy.  This view was articulated by the late Senator Daniel P. Moynihan when he said “If you want a secret respected, see that it’s respectable in the first place.”

“The best way to ensure that secrecy is respected, and that the most important secrets remain secret,” Sen. Moynihan said, “is for secrecy to be returned to its limited but necessary role. Secrets can be protected more effectively if secrecy is reduced overall.”