The Department of Defense has issued a new Instruction defining its response to the “insider threat” from Department personnel who engage in unauthorized disclosures of information or other activities deemed harmful to national security.
The new Instruction assigns responsibilities and authorities for systematically detecting “anomalous” employee behavior that may be an indication of an insider threat.
An insider threat is defined as “A person with authorized access, who uses that access, wittingly or unwittingly, to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.”
A subset of the insider threat is the counterintelligence (CI) insider threat, which refers to an authorized individual who uses his access on behalf of a “foreign intelligence entity.”
A foreign intelligence entity (FIE) is “Any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire U.S. information, blocks or impairs U.S. intelligence collection, influences U.S. policy, or disrupts U.S. systems and programs.”
All heads of DoD components are now instructed to “implement CI insider threat initiatives to identify DoD-affiliated personnel suspected of or actually compromising DoD information on behalf of an FIE.”
All military departments are expected to “conduct anomaly-based detection activities.”
See “Countering Espionage, International Terrorism, and the Counterintelligence (CI) Insider Threat,” DoD Instruction 5240.26, May 4, 2012.
The new Instruction complies with a congressional mandate in the FY2012 defense authorization act that was passed last year in response to the WikiLeaks disclosures.
By preparing credible, bipartisan options now, before the bill becomes law, we can give the Administration a plan that is ready to implement rather than another study that gathers dust.
Even as companies and countries race to adopt AI, the U.S. lacks the capacity to fully characterize the behavior and risks of AI systems and ensure leadership across the AI stack. This gap has direct consequences for Commerce’s core missions.
The last remaining agreement limiting U.S. and Russian nuclear weapons has now expired. For the first time since 1972, there is no treaty-bound cap on strategic nuclear weapons.
As states take up AI regulation, they must prioritize transparency and build technical capacity to ensure effective governance and build public trust.