insider threat

Federal departments and agencies under an executive order are establishing programs to identify potential insider threats that could lead to leaks of classified information, but behavioral experts question whether such profiling will work. (Image: Shutterstock.com)

In light of the recent whistleblowing about classified government surveillance programs, there has been a renewed interest in President Barack Obama’s “Insider Threat” program, an internal policy for federal employees and contractors to police each other to prevent national security leaks. But some experts are saying they doubt the policy will truly put a stop to leaks.

Obama signed an executive order in 2011 establishing the Insider Threat Task Force. As TheBlaze has previously pointed out, the following year, Obama issued a memorandum called “National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs,” which stated in part that the point of the program was to “to deter, detect, and mitigate actions by employees who may represent a threat to national security.”

To accomplish this goal, it would include the government monitoring employees use of classified networks and training the workforce on threat awareness, while still protecting the “civil liberties and privacy of all personnel.”

The recent leaks by former government contractor Edward Snowden of National Security Agency programs, showing that it collected phone and Internet metadata both internationally and domestically, a revelation that sparked national outcry, had many wondering if the “Insider Threat” program was doing its job.

“Nothing that’s been done in the past two years stopped Snowden, and so that fact alone casts a shadow over this whole endeavor,” Steven Aftergood, director of the non-profit Federation of American Scientists’ Project on Government Secrecy, told McClatchy in an article last month. “Whatever they’ve done is apparently inadequate.”

In a more recent article, McClatchy’s Washington Bureau reported that although agencies and departments are still establishing their programs, experts believe certain profiling to identify potential internal threats won’t really cut down on leaks:

But research and other programs that rely on profiling show it remains unproven, could make employees more resistant to reporting violations and might lead to spurious allegations.

The Pentagon, U.S. intelligence agencies and the Department of Homeland Security have spent tens of millions of dollars on an array of research projects. Yet after several decades, they still haven’t developed a list of behaviors they can use to definitively identify the tiny fraction of workers who might some day violate national security laws.

“We are back to the needle-in-a-haystack problem,” said Fienberg, the Carnegie Mellon professor.

“We have not found any silver bullets,” said Deana Caputo, the lead behavioral scientist at MITRE Corp., a nonprofit company working on insider threat efforts for U.S. defense, intelligence and law enforcement agencies. “We don’t have actually any really good profiles or pictures of a bad guy, a good guy gone bad or even the bad guy walking in to do bad things from the very beginning.”

[...]

“Anyone is an amateur looking at behavior here,” said Thomas Fingar, a former State Department intelligence chief who chaired the National Intelligence Council, which prepares top-secret intelligence analyses for the president, from 2005 to 2008.

Co-workers, Fingar said, should “be attentive” to colleagues’ personal problems in order to refer them to counseling, not to report them as potential security violators. “It’s simply because they are colleagues, fellow human beings,” he said.

Eric Feldman, a former inspector general of the National Reconnaissance Office, the super-secret agency that oversees U.S. spy satellites, expressed concern that relying on workers to report colleagues’ suspicious behaviors to security officials could create “a repressive kind of culture.”

“The answer to it is not to have a Stasi-like response,” said Feldman, referring to the feared secret police of communist East Germany. “You’ve removed that firewall between employees seeking help and the threat that any employee who seeks help could be immediately retaliated against by this insider threat office.”

McClatchy contacted several agencies and departments to talk about their Internal Threat programs, but only the U.S. Army agreed to speak with them with details.

“What we really point out is if you’re in doubt, report, because that’s what the investigative personnel are there to do, is to get the bottom of ‘is this just noise or is this something that is really going on?’” Senior Army Counterintelligence and Security Official Larry Gillis told McClatchy.

Gillis also said the intent of the Army’s program, which was established after the Fort Hood shooting before Obama’s executive order, was never to stereotype or encourage tattling.

In another post last month, McClatchy posted a Q&A it had with the Department of Defense and the Peace Corps about the “Insider Threat” program.

The DOD said it is currently drafting the policies for its program.

“DoD personnel may report a suspicious incident or behavior to the appropriate officials based upon briefings they have received, training or simply their concern about a situation. Law enforcement, security, counterintelligence or other officials will assess the information and in collaboration with legal support, the chain of command and other required stakeholders will make a determination on any future action. The individual is not penalized for reporting something in good faith that may turn out to be unfounded. Pursuant to DoD directive 5240.06, Counterintelligence Awareness and Reporting, department personnel are required to report suspicious incidents concerning possible foreign intelligence service or international terrorist threats to the department based upon a number of indicators provided in that document,” the DOD said in its response.

The Peace Corps told McClatchy is had “identified a senior official to oversee classified information sharing, safeguarding efforts, and implementation of an insider threat detection and prevention program.” It has also completed an internal assessment and trained employees to support the program.

Featured image via Shutterstock.com.