According to a 2011 Presidential Executive Order, an Insider Threat is “a person with authorized access who uses that access to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.” Put simply, Insider Threat means the unauthorized disclosure of classified information that damages national security, or violence that results in injury/loss of life and damage to operational resources.
Although the Navy has experienced a number of destructive and debilitating insider incidents over the years (the Walker-Whitworth espionage case of the 1980s, for example), the recent spate of information disclosures and workplace violence has compelled a more focused institutional examination of the threat. The tragic events at the Washington Navy Yard in September, the shooting at Fort Hood in 2009, the damage to USS Miami (SSN-755) in 2012, during a shipyard availability, and massive classified information disclosures by a National Security Agency contractor in 2013 and Army Pfc. Bradley Manning in 2010, all clearly fall within the definition. In each case, the actions of these perpetrators could likely have been prevented had their colleagues been alert and attentive to their behaviors and reported it.
Why is This Such a Big Threat?
With the most powerful military and the largest economy in the world, the United States is an attractive target not only to our adversaries, but to insiders who seek to harm us. Insiders are particularly pernicious because they have managed to gain our confidence and, with that trust, obtained access to systems, capabilities or people they would otherwise not be authorized to access. To cause damage, insider threats to cyber security may target specific sensitive information on programs or operations and reveal what they perceive to be an unjust policy or disclose intelligence.
And, as the recent high profile cases have demonstrated, systems administrators with privileged user accounts, the ubiquity of our information systems, our workforce's broad access to these systems, and the comparative ease with which data can be transferred all greatly compound this problem.
What Motivates Someone to Consider Acting in This Way?
A feeling of injustice, a loss of something valuable, the need to feel important, or an antithetical moral obsession could transform an otherwise trustworthy service member or employee into a disgruntled insider or potential target for an adversary to exploit. Equally threatening are those who may be stressed by circumstances beyond their control, and who may choose violence in retaliation for some perceived wrongdoing. Criminal behaviors that may manifest as a consequence of these motivations include espionage, unauthorized disclosure of sensitive information, sabotage against the United States, and workplace.
The Navy Insider Threat Program
To combat the Insider Threat, Secretary of the Navy Ray Mabus recently signed SECNAV Instruction 5510.37, implementing the Department of the Navy (DON) Insider Threat Program (InTP). According to the instruction, the DON shall:
- Ensure existing and emerging insider threat training and awareness programs are developed, updated and implemented.
- Enhance technical capabilities to monitor user activity on all systems in support of a continuous evaluation program.
- Leverage Antiterrorism/Force Protection (AT/FP), Counterintelligence (CI), Human Resources (HR), Information Assurance (IA), Law Enforcement (LE), Security and other authorities to improve existing insider threat detection and mitigation efforts.
- Detect, mitigate, and respond to insider threats through standardized processes and procedures.
- Ensure legal, civil and privacy rights are safeguarded.
- Promote awareness and use of employee assistance programs to enhance interventions for employees in need. This link provides additional information, resources and guidance available through the Navy Insider Threat Program: http://www. militaryonesource.mil.
In support of SECNAV’s policy and to elevate attention Navywide on this issue, the Chief of Naval Operations has organized a team to address the Insider Threat. CNO’s InTP team will focus on measures aimed at preventing future workplace violence as well as the intentional disclosure of classified information. In close coordination with stakeholders from across the Navy, this team will issue directives and recommend policy changes that reinforce the safety and security of both our people and our information. A core member of the team, OPNAV N2/N6 will focus on the cyber security aspects of Insider Threat.
Under this initiative, OPNAV N2/N6 recently established an Insider Threat to Cyber Security (ITCS) Office to lead the focus on the intelligence, counterintelligence, information assurance, anomaly detection, and continuous evaluation elements of Navy Insider Threat. The ITCS Office is charged with overseeing Insider Threat activities within these specific areas, and coordinating with related efforts across the antiterrorism/force protection, human resources, law enforcement, security and other mission areas within the operational Navy. The ITCS Office is also charged with improving information sharing on insider threat deterrence, detection and mitigation efforts.
Major elements of ITCS
Mission
To deter, detect, assess, exploit and deny the activities of insider threats operating against DON programs, information, and operations, while fostering a workforce environment in which employee issues are identified and addressed prior to the advent of inappropriate behavior.
Vision
To implement and execute the full scope of ITCS, consisting of policies and procedures; a governance structure, employee assistance activities, enhanced continuous evaluation, centralized user activity monitoring, and an analytic and response capability that provides a timely response to potential threat information derived from AT/FP, CI, IA, HR, LE, security, and other sources, as necessary.
Guiding Principles
We will effectively and efficiently develop and execute U.S. Navy ITCS. We will also align it with national, Department of Defense, SECNAV, and the larger U.S. Intelligence Community Insider Threat activities, while partnering to increase effectiveness and efficiencies.
The Effort
- Deterrence and sustained vigilance. Taking immediate actions to enhance safeguards and decrease the likelihood of insider activity, focusing on the compromise or loss of sensitive or classified information. These actions include:
- Enhanced continuous evaluation of those in trusted positions;
- Security review and update;
- Network upgrades and network hardening efforts;
- Deploying Two-Person Integrity in case of sensitive networks and critical infrastructure;
- Expanded random polygraphs for privileged users and system administrators;
- Revalidating the need for privileged user accounts;
- Training the workforce; and
- Creating an environment of trust.
- Compliance: An All Hands issue. Sailors, civilians and contractors have been entrusted with unique access to information and information systems, most of which are directly or indirectly related to our national security. As a consequence they must adhere to appropriate security policies and procedures designed to safeguard personnel, facilities, information and the systems. Compliance with governing law, policies and procedures is a command responsibility and commanders will be held accountable for ensuring security policies, processes and procedures are followed.
Insider Threats Are Real
The highly publicized Insider Threat incidents discussed earlier represent extreme cases where lives were lost and classified information was leaked on an unprecedented scale. A successful Insider Threat incident, however, doesn’t have to be as dramatic or explosive as these to cause serious or grave damage to the national security. The threat can be much more subtle, and still have crippling consequences. But no matter how subtle it may be, it is still real and we must be both cognizant of the motivations and vigilant of behaviors that could lead a Sailor or employee to become Insider Threats. This is particularly the case in times of fiscal uncertainty and declining budgets when the impacts of sequestration and work furloughs may stress otherwise stable and highly dependable people. The fact that SECNAV has instituted an Insider Threat program for the department reinforces the concern.
Information Dominance Corps (IDC) members should be especially observant. Be wary of those who ask for information for which they don’t have a need to know. Be cautious of anyone showing unusual or unnecessary interest in your job, or who may inquire about deployment plans, mission, readiness, time-tables for activity, technology, organizational morale, or personally identifiable information. Follow the common sense rules that protect access to your Navy accounts. Be particularly mindful of information you post on social media sites and do not broadcast your financial concerns or personal challenges. Instead, seek support through the numerous resources the Navy, Marine Corps and federal government have to offer. The information you make available can add up to a bigger picture, one that may make you a potential target for exploitation. Remember, you do not have to be the most valuable target, just the most available one.
Espionage, workplace violence and other national security crimes leave a long line of victims. Recognize the indicators. Prevent harm. Report!
Additional Insider Threat Definitions and Resources:
http://www.ncis.navy.mil/COREMISSIONS/CI/Pages/default.aspx
– From the Information Dominance Corps Newsletter September 2013