Insider Threat Program Advances, Slowly
The Department of Defense recently demonstrated the “Continuous Evaluation” of approximately 100,000 cleared military, civilian and contractor personnel, in order to validate their eligibility for access to classified information on an ongoing basis.
Continuous Evaluation (CE) refers to the automated monitoring of government and commercial databases for signs of criminal behavior, irregular financial activity, or other “triggers” that could lead to suspension of a security clearance. CE is a central feature of the emerging Insider Threat program that is intended to deter and detect espionage, terrorism, unauthorized disclosures of classified information, and other offenses by security-cleared personnel.
According to a new quarterly report on the Insider Threat program, the Department of Defense is on track to expand its Continuous Evaluation capability to 225,000 persons by the end of 2015, to 500,000 persons by the end of 2016, and to 1 million persons during 2017. (There are approximately 4.5 million cleared personnel in government and industry.) See Insider Threat and Security Clearance Reform, Quarterly Report, FY 2015, Quarter 2, June 2015.
But progress has been uneven. The Office of the Director of National Intelligence missed a December 2014 milestone for Continuous Evaluation of the most sensitive Top Secret and TS/SCI (Top Secret/Sensitive Compartment Information) clearance holders in government and industry. The revised goal is “to have CE completed on a portion of the TS and TS/SCI population in the Executive Branch by the end of FY 16,” the new quarterly report said.
The Insider Threat problem is a difficult one particularly since the fraction of employees who are spies, terrorists, or leakers is minuscule. Nor does this tiny contingent have a simple, readily identifiable profile. (Convicted spy Aldrich Ames and fugitive unauthorized-discloser Edward Snowden, for example, seem to have few traits in common, although both apparently passed their polygraph examinations without difficulty.)
Therefore, even though Continuous Evaluation is years away from full implementation, security policy officials are already looking beyond it for other options.
Last week, the Intelligence Advanced Research Projects Agency (IARPA) invited researchers to submit proposals for its Scientific advances to Continuous Insider Threat Detection (SCITE) Program.
The SCITE Program seeks “a new class of insider threat indicators, called active indicators, where indicative responses are evoked from potential insider threats,” according to the June 18 Broad Agency Announcement issued by the IARPA “Office for Anticipating Surprise.”
“Current practice and research is heavily focused on passive indicators that monitor existing data sources for indicative behaviors,” IARPA said.
By contrast, “Active indicators introduce stimuli into a user’s environment that are designed to evoke responses that are far more characteristic of malicious users than normal users. For example, a stimulus that suggests that certain file-searching behaviors may be noticed is likely to be ignored by a normal user engaged in work-related searches, but may cause a malicious user engaged in espionage to cease certain activities.”
The FAS Nuclear Notebook is one of the most widely sourced reference materials worldwide for reliable information about the status of nuclear weapons, and has been published in the Bulletin of the Atomic Scientists since 1987.. The Nuclear Notebook is researched and written by the staff of the Federation of American Scientists’ Nuclear Information Project: Director Hans […]
On 14 April 2023, the Belarusian Ministry of Defence released a short video of a Su-25 pilot explaining his new role in delivering “special [nuclear] munitions” following his training in Russia. The features seen in the video, as well as several other open-source clues, suggest that Lida Air Base––located only 40 kilometers from the Lithuanian border and the […]
A photo in a Los Alamos National Laboratory (LANL) student briefing from 2022 shows four people inspecting what appears to be a damaged B61 nuclear bomb.
In early-February 2023, the Wall Street Journal reported that U.S. Strategic Command (STRATCOM) had informed Congress that China now has more launchers for Intercontinental Ballistic Missiles (ICBMs) than the United States. The report is the latest in a serious of revelations over the past four years about China’s growing nuclear weapons arsenal and the deepening […]