FAS

Army Establishes Insider Threat Program

08.08.13 | 2 min read | Text by Steven Aftergood

On July 30, a military judge found Army Pfc. Bradley Manning guilty of multiple violations of the Espionage Act and other laws because of his unauthorized disclosure of restricted government records to the WikiLeaks website.

On July 31, the Secretary of the Army formally established the Army Insider Threat Program. Remarkably, this is still a pending initiative rather than an accomplished fact.

The program “will ensure the security and safety of Army computer networks by establishing an integrated capability to monitor and audit user activity across all domains to detect and mitigate activity indicative of insider threat behavior,” wrote Army Secretary John M. McHugh in Army Directive 2013-18.

The directive requires development and implementation of “a technical capability to monitor user activity on the Secure Internet Protocol Router Network” used by Manning as well as on the Joint World Intelligence Communication System.

In order to facilitate the identification of insider threats, the directive authorizes the sharing of counterintelligence and a variety of other sensitive information, including personal medical information.  (“The Surgeon General will provide information from medical sources, consistent with privacy laws and regulations, to authorized personnel to help them recognize the presence of an insider threat.”)

The new Army directive was issued in response to a November 21, 2012 Obama White House memorandum on “National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs.”

Some government insider threat programs go beyond encouraging sensible security practices, and seem to promote free-ranging suspicion in the workplace.

A slide prepared by the Defense Information Systems Agency for an online training module on insider threats suggests that an employee who “speaks openly of unhappiness with U.S. foreign policy” may represent a risk.  (The only thing more troubling might be someone who speaks openly of happiness with U.S. foreign policy.)  See “Unhappy With U.S. Foreign Policy? Pentagon Says You Might Be A ‘High Threat'” by Matt Sledge, Huffington Post, August 7.

On June 21, 2013 the Director of National Intelligence issued Intelligence Community Directive 703 on “Protection of Classified National Intelligence, Including Sensitive Compartmented Information.”

The directive summarizes and re-states classified information security policy, including little-known facts such as: “The Director of the Central Intelligence Agency (CIA) provides SCI access determinations and Sensitive Compartmented Information Facility (SCIF) accreditation for the legislative and judicial branches of the U.S. Government.”