The Department of Defense has issued a new Instruction defining its response to the “insider threat” from Department personnel who engage in unauthorized disclosures of information or other activities deemed harmful to national security.
The new Instruction assigns responsibilities and authorities for systematically detecting “anomalous” employee behavior that may be an indication of an insider threat.
An insider threat is defined as “A person with authorized access, who uses that access, wittingly or unwittingly, to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.”
A subset of the insider threat is the counterintelligence (CI) insider threat, which refers to an authorized individual who uses his access on behalf of a “foreign intelligence entity.”
A foreign intelligence entity (FIE) is “Any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire U.S. information, blocks or impairs U.S. intelligence collection, influences U.S. policy, or disrupts U.S. systems and programs.”
All heads of DoD components are now instructed to “implement CI insider threat initiatives to identify DoD-affiliated personnel suspected of or actually compromising DoD information on behalf of an FIE.”
All military departments are expected to “conduct anomaly-based detection activities.”
See “Countering Espionage, International Terrorism, and the Counterintelligence (CI) Insider Threat,” DoD Instruction 5240.26, May 4, 2012.
The new Instruction complies with a congressional mandate in the FY2012 defense authorization act that was passed last year in response to the WikiLeaks disclosures.
January saw us watching whether the government would fund science. February has been about how that funding will be distributed, regulated, and contested.
This rule gives agencies significantly more authority over certain career policy roles. Whether that authority improves accountability or creates new risks depends almost entirely on how agencies interrupt and apply it.
Our environmental system was built for 1970s-era pollution control, but today it needs stable, integrated, multi-level governance that can make tradeoffs, share and use evidence, and deliver infrastructure while demonstrating that improved trust and participation are essential to future progress.
Durable and legitimate climate action requires a government capable of clearly weighting, explaining, and managing cost tradeoffs to the widest away of audiences, which in turn requires strong technocratic competency.