FAS

Insider Threat Program Advances, Slowly

08.13.14 | 2 min read | Text by Steven Aftergood

Nearly two years after President Obama issued a National Insider Threat Policy “to strengthen the protection and safeguarding of classified information” against espionage or unauthorized disclosure, the effort is still at an early stage of development.

Only last week, the U.S. Air Force finally issued a directive to implement the 2012 Obama policy. (AF Instruction 16-1402, Insider Threat Program Management). And even now it speaks prospectively of what the program “will” do rather than what it has done or is doing.

The new Air Force Instruction follows similar guidance issued last year by the Army and the Navy.

The Air Force Insider Threat Program includes several intended focus areas, including continuous evaluation of personnel, auditing of government computer networks, and procedures for reporting anomalous behavior.

“Procedures must be in place that support continuous evaluation of personnel to assess their reliability and trustworthiness,” the AF Instruction says.

Such continuous evaluation procedures may eventually sweep broadly over many domains of public and private information, but they are not yet in place.

“There are a number of ongoing pilot studies to assess the feasibility of select automated records checks and the utility of publicly available electronic information, to include social media sites, in the personnel security process,” said Brian Prioletti of the Office of the Director of National Intelligence in testimony before the House Homeland Security Committee last November.

The Air Force directive also encourages reporting of unusual behavior by potential insider threats.

“Insider threat actors typically exhibit concerning behavior,” the directive says. But this is not self-evidently true in all cases, and the directive does not provide examples of “concerning behavior.”

A Department of Defense training module recently identified expressions of “unhappiness with U.S. foreign policy” as a potential threat indicator, the Huffington Post reported last week. (“Pentagon Training Still Says Dissent Is A Threat ‘Indicator'” by Matt Sledge, August 4.) If so, that criterion would not narrow the field very much.

The “CORRECT Act” (HR5240) that was introduced last month by Rep. Bennie Thompson and Sen. Ron Wyden would require any insider threat program to meet certain standards of fairness and employee protection, and “to preserve the rights and confidentiality of whistleblowers.”

That message may have been partially internalized already. The terms “civil liberties” and “whistleblowers” are each mentioned four times in the eight-page Air Force Instruction.

publications
See all publications
Emerging Technology
day one project
Policy Memo
Strategies to Accelerate and Expand Access to the U.S. Innovation Economy

With targeted policy interventions, we can efficiently and effectively support the U.S. innovation economy through the translation of breakthrough scientific research from the lab to the market.

11.27.24 | 16 min read
read more
Government Capacity
day one project
Policy Memo
Collaborative Intelligence: Harnessing Crowd Forecasting for National Security

Crowd forecasting methods offer a systematic approach to quantifying the U.S. intelligence community’s uncertainty about the future and predicting the impact of interventions, allowing decision-makers to strategize effectively and allocate resources by outlining risks and tradeoffs in a legible format.

11.27.24 | 5 min read
read more
Clean Energy
day one project
Policy Memo
The Energy Transition Workforce Initiative

The energy transition underway in the United States continues to present a unique set of opportunities to put Americans back to work through the deployment of new technologies, infrastructure, energy efficiency, and expansion of the electricity system to meet our carbon goals.

11.27.24 | 5 min read
read more
Clean Energy
day one project
Policy Memo
Promoting Fusion Energy Leadership with U.S. Tritium Production Capacity

The United States has the only proven and scalable tritium production supply chain, but it is largely reserved for nuclear weapons. Excess tritium production capacity should be leveraged to ensure the success of and U.S. leadership in fusion energy.

11.26.24 | 12 min read
read more