Nearly two years after President Obama issued a National Insider Threat Policy “to strengthen the protection and safeguarding of classified information” against espionage or unauthorized disclosure, the effort is still at an early stage of development.
Only last week, the U.S. Air Force finally issued a directive to implement the 2012 Obama policy. (AF Instruction 16-1402, Insider Threat Program Management). And even now it speaks prospectively of what the program “will” do rather than what it has done or is doing.
The new Air Force Instruction follows similar guidance issued last year by the Army and the Navy.
The Air Force Insider Threat Program includes several intended focus areas, including continuous evaluation of personnel, auditing of government computer networks, and procedures for reporting anomalous behavior.
“Procedures must be in place that support continuous evaluation of personnel to assess their reliability and trustworthiness,” the AF Instruction says.
Such continuous evaluation procedures may eventually sweep broadly over many domains of public and private information, but they are not yet in place.
“There are a number of ongoing pilot studies to assess the feasibility of select automated records checks and the utility of publicly available electronic information, to include social media sites, in the personnel security process,” said Brian Prioletti of the Office of the Director of National Intelligence in testimony before the House Homeland Security Committee last November.
The Air Force directive also encourages reporting of unusual behavior by potential insider threats.
“Insider threat actors typically exhibit concerning behavior,” the directive says. But this is not self-evidently true in all cases, and the directive does not provide examples of “concerning behavior.”
A Department of Defense training module recently identified expressions of “unhappiness with U.S. foreign policy” as a potential threat indicator, the Huffington Post reported last week. (“Pentagon Training Still Says Dissent Is A Threat ‘Indicator'” by Matt Sledge, August 4.) If so, that criterion would not narrow the field very much.
The “CORRECT Act” (HR5240) that was introduced last month by Rep. Bennie Thompson and Sen. Ron Wyden would require any insider threat program to meet certain standards of fairness and employee protection, and “to preserve the rights and confidentiality of whistleblowers.”
That message may have been partially internalized already. The terms “civil liberties” and “whistleblowers” are each mentioned four times in the eight-page Air Force Instruction.
To what extent does EPA have ready access to data to measure drinking water compliance reliably and accurately?
Our Director of Government Affairs gives you the skinny on the latest from the Hill and White House – and what it means for S&T policy.
How do the impacts, costs, and resulting needs of slow-onset disasters compare with those of declared disasters, and what are implications for slow-onset disaster declarations, recovery aid programs, and HUD allocation formulas?
FAS’s new Resilient Cooling Strategy and Policy Toolkit is designed to help state and local policymakers implement resilient cooling in ways that cut costs, protect public health, and reduce grid strain.