Insider Threat Program May Not Be Ready by 2017
Security policies in the executive branch are being overhauled in response to a potential “insider threat.” But while some progress is being made, the intended functionality will not be available for several more years to come.
The insider threat includes “the threat of those insiders who may use their authorized access to compromise classified information.” Three years ago, due in part to the unauthorized disclosures by then-Pfc. Bradley Manning to WikiLeaks, President Obama issued Executive Order 13587 directing agencies to “implement an insider threat detection and prevention program.”
Last week, the Department of Defense finally issued an internal directive establishing department policy on the subject. The policy aims to establish “an integrated capability to monitor and audit information for insider threat detection and mitigation,” including “the monitoring of user activity on DoD information networks.” See “The DoD Insider Threat Program,” DoD Directive 5205.16, September 30, 2014.
But that is easier said than done. The timetable for achieving a government-wide insider threat program does not envision an Initial Operating Capability until January 2017, and even the achievement of that operational milestone is considered to be “at risk,” according to the latest quarterly report on Insider Threat and Security Clearance Reform (at p. 15).
Prior to 2010, Army regulations “never adequately addressed the ‘insider threat’,” said a 2011 Army investigative report on the Compromise of Classified Information to Wikileaks that was released by the Army in redacted form last month.
“Disenchanted idealists are… a fertile source of information” for adversaries, according to Army Regulation 530-1 on Operations Security, updated 26 September 2014.
To secure the U.S. bio-infrastructure, maintain global leadership in biotechnology, and safeguard American citizens from emerging threats to their privacy, the federal government must modernize its approach to human genetic and biological data.
To ensure an energy transition that brings broad based economic development, participation, and direct benefits to communities, we need federal policy that helps shape markets. Unfortunately, there is a large gap in understanding of how to leverage federal policy making to support access to capital and credit.
From use to testing to deployment, the scaffolding for responsible integration of AI into high-risk use cases is just not there.
OPM’s new HR 2.0 initiative is entering hostile terrain. Those who have followed federal HR modernization for years desperately want this effort to succeed.