COUNTERESPIONAGE.US

PROTECTING CLASSIFIED INFORMATION IS OUR BUSINESS

OVERVIEW OF INSIDER THREATS
Who Is An Insider? What Is The Insider Threat?
Insider: A person under the statutory, regulatory, or contractual authority of the U.S. Federal Government (USFG), Department of Defense (DoD) or Intelligence Community (IC) or any other person who has been granted access to USFG, DoD or IC resources, which includes, but are not limited to, information, information systems, networks, technologies, facilities and operations.
 

Insider Threat: Acts of commission or omission by an Insider that intentionally or unintentionally compromises the USFG, DoD or the IC abilities to accomplish its mission. These acts include, but are not limited to, espionage, sabotage, criminal activities, unauthorized disclosure of information, or any other activity resulting in the less or degradation of departmental resources or capabilities.
Please Note: Definitions may vary slightly across the USFG, DoD and IC.
 

What Is Counterintelligence, Counterespionage?
Counterintelligence (CI): Information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons, or their agents, or international terrorist organizations or activities. (Executive Order 12333, as amended 30 July 2008)
 

Counterespionage: That aspect of counterintelligence designed to detect, destroy, neutralize, exploit, or prevent espionage activities through identification, penetration, manipulation, deception, and repression of individuals, groups, or organizations conducting or suspected of conducting espionage activities. (JP 1-02)

The Insider Threat is real and can be silently hidden in many organizations. As recent and past new events have indicated, (July 2010 WikiLeaks Incident / Insider Threat DoD-Army) the greatest security threats to U.S. National Security may lie within USFG, DoD and IC agencies. Insider Threats are not new to USFG, DoD and IC agencies. The Defense Personnel Security Research Center (PERSEREC) has produced numerous Espionage Reports on spy’s. These reports cover the history of spy’s as far back 1947. Additional reports show how serious the Insider Threat is. (Insider Threat Timeline) Why are the risks from Insiders still so high? Past reports show that the Insider Threat problem stems from weak or absence security training and security control implementation. Additionally, the risk mitigation strategies that are currently being used in some USFG, DoD and IC agencies, are only focusing on the risks posed by the Outsiders, but not also the Insiders.

The Insider Threat can affect more then just USFG, DoD and IC agencies. The Defense Industrial Base (DIB) / Cleared Industry is home to some of the United States most critical classified and sensitive information. The DIB develops and produces the majority of U.S. defense technology, much of which is classified. The DIB Sector includes tens of thousands of private companies and their subcontractors who perform under contract to DoD, and companies providing incidental materials and services to DoD. The DIB Sector provides products and services that are essential to mobilize, deploy, and sustain military operations. Counterintelligence and Security specialists believe that the greatest threat to the confidentiality, integrity, and availability of this information in the DIB Sector, is the Insider Threat.

With all of the advances in technology, we ultimately still depend on the Insider who have varying roles and responsibilities, to protect the classified and sensitive information stored on U.S. Government and DIB Contractor Information Systems. Insiders have already obtained a badge to access significant portions of an organization’s facilities, and a login and password to access significant amounts of highly classified information stored on classified networks. Espionage reports have shown that Insiders attempting to commit espionage will in most cases exploit an organizations weakest links that give them the greatest chance of success, without being caught. Insiders in most cases know an organizations environment and its security policies and procedures. Insiders know what is checked and not checked, and know when they won’t be checked or challenged. Just trying to use technology to detect and mitigate Insider Threats, will provide the organization with a false sense of security. The best Intrusion Detection Systems and Firewalls may be useless in protecting an enterprise from the Insider Threat, as they are only part of the Defense-In-Depth security strategies required to mitigate the Insider Threat.
 

For many years individuals have downplayed or ignored the Insider Threat. The WikiLeaks incident opened may individuals eyes, and has shown that the Insider Threat is very real and can cause significant damages to U.S. National Security.  The risk is that some Insiders may violate the trust the U.S. Government has placed in them. Basic sources of Insider Threats are; 1) Espionage 2) Maliciousness, 3) Sabotage, 4) Fraud, 5) Disgruntled Employee   6) Carelessness, 7) Disdain, ignorance and/or violations of organizational security policies, security practices and improper information system use, 8) Violations of Federal or State Laws.

The reality is that it only takes one Insider who is disgruntled, who has the right motivations, who has non- traditional beliefs, who has divided loyalties between the U.S. and a hostile Foreign Intelligence Service or Terrorist Infiltration Organization, to make unauthorized disclosures of classified information. This can cause exceptionally grave damage to U.S. National Security, human life, or to an organizations mission and reputation.

Per a recent White House Press Release, it is very clear that the USFG, DoD and IC are focusing much more attention on the protection of classified information since the WikiLeaks incident.

OMB Memo M-11-06:
WikiLeaks - Mishandling of Classified Information
Summary: On November 28, 2010, the OMB directed departments and agencies that handle classified national security information to establish security assessment teams consisting of Counterintelligence (CI), Security, and Information Assurance (IA) experts to review the agency’s implementation of procedures for safeguarding classified information against improper disclosures.

OMB Memo M-11-08:
Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems
Summary: In furtherance of the OMB M-11-06 directive, please find attached a list of existing requirements and questions your department or agency assessment team should utilize, as an initial step, to assess the current state of your information systems security. As such, you also have a significant role regarding compliance by your department or agency with the subject of this memorandum.

Questions In The Memo:
Do you have an Insider Threat Program or the foundation for such a program?
Have you instituted an “Insider Threat” Detection Awareness Education and Training Program?
 

Mitigating The Insider Threat
The Insider can be a powerful weapon in committing espionage, but the Insider Threat can be greatly mitigated. It will require; 1) Senior leadership support from USFG, DoD and IC agencies.2)Establishment of Insider Threat Defense Programs, across all USFG, DoD, IC agencies and the DIB Sector. 3) A comprehensive and structured Counterespionage / Insider Threat Defense Program Training Course for CI, Security and Information Assurance Professionals.

Increased attention and vigilance to the Insider Threat problem is a #1 Priority at Counterespionage.Us (CEUS). In response to the White House Press Release and OMB Memo’s referenced above, CEUS developed the Counterespionage / Insider Threat Defense Program Training Course (CE-ITDP). The CD-ITDP Training Course will meet or exceed the objectives and mitigation strategies outlined in the White House Press Release and OMB Memo’s. Protecting classified information and national security systems will require more then just establishing security assessments teams and conducting security assessments per the OMB requirements stated above.

Click Here For Information On:
Counterespionage / Insider Threat Defense Program Training Course

To All The Men And Women Of The Armed Forces

Thank You For All Your Efforts And Sacrifices

CEUS Is Not Affiliated With Or Endorsed By The Federal Government, The Department of Defense  Or Any Intelligence Community Agency.

WARNING:

This message applies to this website and all linked pages. Unauthorized attempts to deny service, upload information, change information, delete information, or any attempts to access a non-public portion of this website, are strictly prohibited. Use of this website, authorized or unauthorized, constitutes consent to the monitoring and auditing for security purposes. Unauthorized use may result in criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal, or other adverse action.