The administration last year mandated a national program to defend against insider threats in government, and a national policy with standards for enforcement are expected by year’s end, officials said.
“It’s going to take a while to implement,” said John E. Swift III of the Office of the Director of National Intelligence and assistant director of the Insider Threat Task Force.
A policy is in draft form and is expected to go to the White House for review by the national security staff in the next month or two, Swift said April 4 at the FOSE conference in Washington. Standards development is waiting for the police to be completed, but are due to be issued by October.
“It’s going to take a while before agencies have a hard list of standards to follow,” Swift said, and it will take a “considerable time” to implement them once available. But although the creation of a coherent national program on insider threats is new, most agencies already are collecting data and have some components of a program in place. “No agency is starting from scratch.”
The insider threat program was called for in Executive Order 13587, in October 2012 in the wake of the Wikileaks exposure of a cache of classified documents. The order’s goal is “to ensure the responsible sharing and safeguarding of classified national security information on computer networks.”
Combining the appropriate levels of security while enabling necessary sharing and respecting the privacy of employees is a delicate balance, said Gordon Snow, assistant director of the FBI’s Cyber Division.
The FBI and ODNI are the lead agencies in a Senior Information Sharing and Safeguarding Steering Committee that is developing the policy.
“The insider threat has existed for as long as we have had secrets,” Snow said. “What makes it difficult today is the amount and the speed with which that information can be exploited.”
Technology is one key to protecting data and ensuring accountability, and tools such as the smart ID cards mandated for government use are only part of the solution. But it is not a panacea, officials said, and implementing use of a common, electronic ID for both logical and physical access is not a simple process.
“We have a cultural acceptance problem with many of the agencies,” Snow said.
“Thinking that we can tackle the problem with only a technology solution is a mistake,” said Deanna Caputo, lead behavioral psychologist at Mitre Corp.
Behavioral profiling has been identified as a priority for identifying potential insider threats, and Caputo is working with the task force to develop a set of indicators that can be used to predict risk. The goal is to create clusters of indicators so that potential problems can be identified at a high level without violating privacy, using information already being gathered routinely on government employees, especially those with high security clearances.
Late last week President Obama signed The National Defense Resources Preparedness Executive Order. This order gives him the authority to take hold of all of the US assets that are necessary to secure peace in times of war, essentially declaring martial-law in America. Many believe that this step was taken to prepare for a war with Iran. Reporters have questioned the Obama administration on if the recent move was in preparation for war with Iran, but the question was laughed off. Charlie McGrath, founder of WideAwakeNews.com, joins us to discuss if this new Executive Order is a laughing matter.