Insider Threat Program May Not Be Ready by 2017

Security policies in the executive branch are being overhauled in response to a potential “insider threat.” But while some progress is being made, the intended functionality will not be available for several more years to come.

The insider threat includes “the threat of those insiders who may use their authorized access to compromise classified information.” Three years ago, due in part to the unauthorized disclosures by then-Pfc. Bradley Manning to WikiLeaks, President Obama issued Executive Order 13587 directing agencies to “implement an insider threat detection and prevention program.”

Last week, the Department of Defense finally issued an internal directive establishing department policy on the subject. The policy aims to establish “an integrated capability to monitor and audit information for insider threat detection and mitigation,” including “the monitoring of user activity on DoD information networks.” See “The DoD Insider Threat Program,” DoD Directive 5205.16, September 30, 2014.

But that is easier said than done. The timetable for achieving a government-wide insider threat program does not envision an Initial Operating Capability until January 2017, and even the achievement of that operational milestone is considered to be “at risk,” according to the latest quarterly report on Insider Threat and Security Clearance Reform (at p. 15).

Prior to 2010, Army regulations “never adequately addressed the ‘insider threat’,” said a 2011 Army investigative report on the Compromise of Classified Information to Wikileaks that was released by the Army in redacted form last month.

“Disenchanted idealists are… a fertile source of information” for adversaries, according to Army Regulation 530-1 on Operations Security, updated 26 September 2014.