|
Threat awareness is a critical part of annual security training. Effectively countering threats begins with understanding the threats the U.S faces every day.
Three key U.S. government assessments help us understand the scope, complexity, and persistence of threats confronting the United States. The Defense Counterintelligence and Security Agency (DCSA) Protecting U.S. Technologies in the Cleared Industrial Base highlights how foreign actors target U.S. technologies and cleared industry; The Department of Homeland Security (DHS) Homeland Threat Assessment outlines risks to public safety and critical infrastructure; and the Office of the Director of National Intelligence (ODNI) Annual Threat Assessment provides a global assessment of threats to U.S. national security. Taken together, these reports underscore a central reality: foreign adversaries, criminal networks, and extremist actors are increasingly interconnected, technologically enabled, and willing to exploit U.S. vulnerabilities across domains—from cyber and supply chains to public discourse and physical infrastructure. They paint a picture of a strategic environment that is interconnected, multifaceted, and evolving more rapidly than many traditional policy responses. Below, we break down the important threat trends. DCSA: Targeting U.S. Technologies DCSA’s Targeting U.S. Technologies: A Report of Threats to Cleared Industry report assesses how foreign intelligence entities (FIEs) and other adversaries target the U.S. cleared industrial base (the network of companies, organizations, and research institutions that handle classified or sensitive information and technologies) and informs us about foreign efforts to compromise technology, classified information, and personnel. KEY FINDINGS Rising Threat Volume: Cleared contractor facilities report tens of thousands of suspicious contacts annually, reflecting sustained and persistent attempts to illicitly access sensitive and classified information and technologies. Targeted Technologies: The most frequently targeted technologies include software, electronics, and aeronautic systems — collectively accounting for over one-third of all reports. Adversaries also pursue microelectronics, AI tools, advanced materials, and export-controlled devices. These remain prime targets due to their military and commercial value. Primary Geographical Threat Sources: Entities from the East Asia and Pacific region and the Near East account for the largest share of reported incidents — roughly 62% of all targeting activity. These actors leverage formal and informal collection methods to acquire sensitive technologies. Evolving Collection Methods: Adversaries increasingly rely on non-traditional collectors, including business partnerships, academic collaboration, supply chains, cyber intrusions, and recruitment of insiders. Foreign actors use a range of tactics including traditional espionage, supply chain exploitation, cyber intrusions, and non-traditional means such as employment recruitment, academic exchanges, and commercial partnerships. These methods blur the line between legitimate interactions and covert collection. Why does this matter? Technological superiority underpins U.S. military readiness and economic strength. Successful exploitation of cleared industry shortens adversary development timelines, erodes deterrence, and introduces long-term strategic risk. DHS: Homeland Threat Assessment The Department of Homeland Security (DHS) Homeland Threat Assessment (HTA) examines risks directly affecting the U.S. population and domestic systems — from terrorism to drug trafficking and critical infrastructure attacks. It serves as a strategic overview of the nation’s security landscape to help us understand the evolving threat environment so we can better prepare for, prevent, and respond to risks to public safety and national security. TOP THREAT AREAS Terrorism & Violent Extremism: The assessment finds that the overall terrorism threat is expected to remain high, driven by domestic sociopolitical dynamics and international conflicts. Lone actors and small cells continue posing the most immediate risks, while extremist groups retain intent and capability to inspire or execute attacks on U.S. soil. Illegal Drugs & Transnational Crime: Transnational criminal organizations trafficking illegal drugs — especially fentanyl and synthetic opioids — are a severe public safety and national risk. Seizures have increased significantly, and efforts are ongoing to enhance detection technologies and enforcement actions. Influence Operations & Transnational Repression: Foreign state actors use digital platforms and social networks to influence U.S. public opinion, target communities, and undermine trust in institutions. These influence campaigns increasingly coincide with strategic geopolitical tensions. Border & Immigration Security: While migrant encounters have declined, the risk of individuals posing security threats entering through irregular channels remains a focus of DHS screening and vetting efforts. Critical Infrastructure Security: Cyber-attacks, physical threats, and preparation for disruptive operations against critical infrastructure — power grids, communications networks, and transportation systems — persist as priority concerns. Nation-state actors such as China, Russia, and Iran remain principal threats, alongside cybercriminal groups. DNI: Annual Threat Assessment The Director of National Intelligence (DNI) Annual Threat Assessment provides a comprehensive evaluation of the most direct and serious threats to U.S. national security. It informs us about evolving global risks so that informed strategic decisions can be made to protect American lives and interests at home and abroad. KEY TAKEAWAYS Diverse and Intensifying Threat Environment: The assessment highlights a broad spectrum of threats posed by both state and non-state actors that target U.S. citizens, critical infrastructure, economic strength, and government institutions. Major State Adversaries: The report identifies China, Russia, Iran, and North Korea as the principal state actors challenging U.S. interests:
Transnational Criminal Organizations (TCOs): Transnational criminal groups — especially drug cartels — are identified as immediate threats to public safety, with illicit fentanyl and synthetic opioids linked to tens of thousands of U.S. deaths and significant social harm. These groups also exploit smuggling networks that contribute to irregular migration pressures. Traditional Terrorism: Islamist extremist groups such as ISIS and al-Qa’ida remain active threats, with affiliates continuing to plan and inspire attacks against Western targets, including the United States. Adversarial Cooperation: The assessment notes growing cooperation among these major adversaries, strengthening their collective capabilities and resilience against Western strategies, which can amplify threats to U.S. security. Big Picture Threat Awareness COMMON THEMES Despite differing missions, the DCSA, DHS, and DNI assessments converge on several critical themes: Threats are multi-domain: Cyber, economic, ideological, physical, and informational threats are deeply interconnected and reinforce one another. Technology is both an asset and a vulnerability: AI, cyber tools, and global connectivity accelerate both innovation and exploitation. State and non-state actors both matter: From sophisticated foreign intelligence services to lone extremists and criminal networks, adversaries exploit vulnerabilities at home and abroad. Non-traditional actors matter (criminal networks, lone offenders, insiders, and influence operators) play increasingly prominent roles. Prevention depends on partnership: Effective risk mitigation requires coordination and collaboration is critical. Government agencies, the defense industrial base, academia, private sector partners, and local stakeholders must coordinate intelligence sharing, risk mitigation, and resilience planning across all levels of society. LOOKING AHEAD: EMERGING TECHNOLOGIES AND CHALLENGES Emerging technologies are expected to remain the most attractive targets for adversaries. Artificial intelligence, microelectronics, quantum computing, space systems, advanced manufacturing, and critical software supply chains are increasingly sought after for their military, economic, and strategic value. At the same time, efforts to protect these technologies will be challenged by the growing sophistication of cyber operations, the use of trusted insiders and non-traditional collectors, and the difficulty of distinguishing legitimate collaboration from illicit technology transfer. Rapid innovation cycles, globalized supply chains, and the convergence of cyber and physical threats will further complicate detection and prevention. Protecting national security will require Sustained vigilance, stronger partnerships, and adaptive security strategies across government and industry. We will need to implement holistic security strategies that address modern threats with an integrated approach that incorporates:
CONCLUSION As these reports collectively make clear, the threat environment facing the United States is persistent rather than episodic and expected to continue. The DCSA, DHS, and DNI assessments together offer a comprehensive picture of the challenges ahead. From foreign intelligence targeting U.S. technologies, to criminal and extremist threats at home, to strategic competition abroad, the risks facing the nation are interconnected and evolving. Awareness, preparedness, and collaboration remain the most effective tools for safeguarding U.S. security and resilience in 2026 and beyond. Resources and Additional Learning: DCSA Methods of Operation and Methods of Contact (MCMO) 2025 DNI Annual Threat Assessment 2025 DHS Homeland Threat Assessment DCSA Counterintelligence Trend Analysis Reports CDSE Thwarting the Enemy DoD Annual Security Awareness Refresher Counterintelligence Awareness and Security Briefing As always, if you have any questions...ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate all things security and ensure you fulfill all security requirements. Safeguarding Our Information: Protecting Classified and Controlled Unclassified Information (CUI)12/16/2025
In today’s digital environment, information is one of our most valuable assets. It is also the most targeted. Protecting classified information and controlled unclassified information (CUI) is not just an IT responsibility; it is a shared obligation that applies to every employee, contractor, and partner within your organization.
Understanding What We Protect Classified Information includes data formally designated as Confidential, Secret, or Top Secret and requires the highest levels of protection due to national security implications. Controlled Unclassified Information (CUI) is sensitive information that is not classified but must be safeguarded under applicable laws, regulations, and government-wide policies. This includes personally identifiable information (PII), export-controlled data, proprietary information, certain technical or research data, and more. Correctly identifying and marking information is the first step in ensuring it is protected appropriately. Why Protection Matters Threat actors are constantly seeking to exploit weak points. Whether through phishing emails, unsecured devices, or improper data handling. A single lapse can result in:
Strong information security practices help prevent these outcomes and ensure compliance with applicable requirements. Regulatory Frameworks That Guide Our Security Practices Our information security requirements are grounded in established federal standards and regulations, including:
Understanding these frameworks helps ensure compliance and supports our broader mission. Everyday Actions That Make a Difference Protecting sensitive information doesn’t always require complex tools—often, it starts with simple, consistent habits:
Security Is a Shared Responsibility Information security is not about slowing down operations, it is about protecting our mission, our partners, and our nation. Compliance with NIST, CMMC, ITAR, and NISPOM requirements depends on informed, vigilant individuals who understand their role in safeguarding sensitive information. Every person in an organization plays a critical role in protecting the information entrusted to us. By staying alert, following established policies, remaining vigilant, and reporting concerns quickly, we each contribute to a stronger security posture and a safer information environment. Together, we can strengthen our security posture and ensure that classified and controlled unclassified information remains protected—today and into the future. Why Reporting is Critical & How to Report Concerns Timely reporting is a critical component of information protection and is required under multiple security and regulatory frameworks, including NIST, CMMC, ITAR, and the NISPOM. Prompt reporting enables swift containment, reduces potential damage, and helps ensure regulatory compliance. Report to your FSO, immediately, any actual or suspected incident involving Classified Information or Controlled Unclassified Information (CUI), including:
When in doubt, report the incident. Reporting a concern that turns out to be benign is always preferable to failing to report a real issue. Delays in reporting can significantly increase risk, impact investigations, and lead to compliance findings or penalties. If you suspect an incident:
Reporting security concerns is not about blame; it is about protection. A strong security culture encourages early, honest reporting to safeguard information, support compliance obligations, and protect our mission. Your awareness and prompt action play a vital role in keeping classified and controlled unclassified information secure. Resources and Additional Learning Information Protection Security Shorts Suspicious Emails Information Security Toolkit Deliver Uncompromised Toolkit Case Study Library 32 CFR Part 117 (NISPOM Rule) 32 CFR Part 147 (Adjudicative Guidelines) As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate things to ensure you fulfill all requirements. The holiday season is approaching quickly! While maintaining strong security practices should be a primary focus throughout the year, it is important to understand the increased threats during the holiday season.
The hustle, bustle, general spirit of celebration and goodwill that we experience during the holidays can lead to distraction and lower our guard. Unfortunately, criminals and our adversaries don’t slow their nefarious goals simply because we are busy, distracted, or nurturing kindness during the holidays. In fact, this gives them a better opportunity to exploit us. It is vital that we be aware of increased risks during this time of year and take extra precautions while preparing for and celebrating year-end festivities. Holiday OPSEC As discussed in previous editions, OPSEC (Operations Security) is a five-step process used to identify and protect sensitive information from our adversaries.
These same concepts can, and should, be used to protect ourselves, our families, our homes, and our data, during the holiday season. Safety in Public and Crowded Places Crowded malls and stores, and any place where people congregate, are prime targets for nefarious activities, from pick pocketing to threats of terrorism. We must always remain watchful and aware of our surroundings. Furthermore, many people are simply stressed out this time of year. The pressure of holiday preparations, financial stressors, and even the desire to get a good deal, can lead to unruly and disorderly behavior. Here are some basic things you can do to keep yourself and your loved ones safe.
Data Security The holidays are not the time for us to lower our defenses regarding data security, personally or professionally. Here are some tips to keep information safe.
Online Shopping Almost all of us participate in online shopping. Scammers and bad actors are at peak activity during the holiday season. They know we are distracted, which makes us far more vulnerable, offering them the perfect opportunity to catch us off-guard. Here are some tips to protect yourself when shopping online.
Securing Your Home During the Holidays Home Security Our home should be a safe space. Unfortunately, the threat of burglary, robbery, and home invasion are significantly higher during the holiday season. Here are some tips to deter and detect threats at home.
Protect Your Home When You're Gone It is estimated that more than 80 million Americans travel 50+ miles from home during the holidays, leaving our personal space vulnerable. Studies show that 40% of burglaries do not involve forced entry and most burglars are deterred by simple safeguards that are easy to implement. Here are some tips to keep your home and valuables safe while you are away. Secure your home:
Ask a trusted neighbor to:
Don’t make it look like you are not home:
Package Theft Surveys suggest that 100 million+ packages have been stolen in the last year, amounting to more than $12 billion in lost merchandise. Those numbers are enormous! Package theft is a problem throughout the year, but the sheer volume of deliveries during the holidays, create a huge opportunity for porch pirates. Here are some tips to protect against package theft.
Holiday Trash It is fascinating what you can learn from a person’s trash. Don’t make yourself a target! Boxes from large ticket items tell criminals (and nosey neighbors) that you may have high value items in your home. Here are some tips to protect you.
Travel Safety and Foreign Travel Travel can be frustrating. Heavy traffic, stranded vehicles, delayed or cancelled flights can increase tension. Delayed and stranded travelers may act out and cause disturbances in crowded airports, in hotels, or on roadways. This can also strain law enforcement resources. Always maintain constant awareness of your surroundings and be prepared to protect yourself, your family, and your belongings. Foreign Travel If you are traveling outside the US, don’t forget to report it to your FSO! For most of us, all personal and professional foreign travel requires reporting. If you are traveling to any country outside the United States (including Mexico or Canada) you must contact your FSO and complete all briefing and reporting requirements. Ideally, foreign travel should be reported 30 days in advance of departure. Why Reporting is Critical & How to Report Concerns We must always keep company and government security policies and procedures in mind, even during the holidays. This includes reporting.
Also important to remember… Places where large groups of people congregate are at high risk for physical threats. If you suspect any danger at work, contact security immediately. If you suspect any danger when not at work, contact local law enforcement immediately. Pay mind to your coworkers. Many struggle emotionally during the holiday season. While kindness and compassion go a long way, we must always be mindful of insider threat concerns. If a co-worker is displaying any concerning behavior, report it to your FSO immediately. Report any concerns to your company’s FSO! Want to learn more? Resources and Additional Learning:
As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate things to ensure you fulfill all requirements. Have you ever received a phishing email? If so, you have experienced an attempted cyber-attack.
Cyber threats are a very real and persistent risk to us all, both personally and professionally. Cyber-attack attempts happen every single day. They are low-risk, potentially high-reward, and advances in technology have made it easier than ever. No one is immune to a cyber-attack and everyone is a target. Even the most experienced technical professionals can fall victim to a cyber-attack, so vigilance is critical. We must understand what a cyber-attack is, what cyber-criminals hope to gain, how to identify suspicious requests and network activity, and how to implement proper countermeasures to foil their attempts. Understanding Cyber Threats and Attacks A cyber-criminal is any individual or group that uses technology to commit illegal acts, such as stealing data, conducting fraud, or disrupting services. They can be petty criminals, hackers, terrorists, foreign intelligence agents, or even a compromised insider. Cyber-criminals exploit vulnerabilities to obtain information they can sell or use to exploit people or organizations. They may be lone actors or part of organized, sophisticated teams. They will use anyone, they can attack from anywhere, they can obfuscate their trail and may target multiple assets at one time. Worse still, they do this behind a keyboard from place of total anonymity. A cyber-threat is any malicious act with the intent to steal data, disrupt digital systems, damage information, or gain unauthorized access to a computer network or sensitive data. A cyber-attack is any deliberate attempt to access, damage, or disrupt a computer system, network, or digital device. With technology, the possibilities are endless, and cyber-attacks can be carried out through various methods. Common Types of Cyber-Attacks
Cyber-criminals intentionally design their actions to appear harmless and legitimate. They know that humans are a weak link in cybersecurity and count on us being uniformed or simply too busy to pay close attention to their attempts. That email asking you to login and fix your account settings…could be a cyber-attack. That text message from a manager asking you to send them a password they forgot…could be a cyber-attack. That attachment or link you received…could be a cyber-attack. That weird, unexpected phone call asking you to provide or verify information…likely a cyber-attack. That unknown person looking to collaborate on a business opportunity…could be a cyber-attack. What is the Goal of a Cyber-Attack? Ultimately, cyber-criminals want to obtain or steal information that can be sold or used to exploit an individual or organization. They do this for many reasons, such as personal gain, financial gain, espionage, disruption, to damage reputations, etc. Some go for a simple cash grab. Some want to steal personal, sensitive, or even classified information or technology. Foreign intelligence agents will aggregate unclassified or proprietary data to paint a picture of CUI or classified. Cyber criminals will seek personal data, business data, passwords, usernames, bank data, contract data, CUI, classified information, military information, defense information… anything that could lead to information they can use is of interest to a cyber-criminal and even partial data can be helpful. High value targets include, but are not limited to:
Spotting a Cyber-Attack Identifying a potential cyber-attack can be tricky. Cyber-criminals have become increasingly sophisticated in their attempts and will do their best to hide their true intentions. Below are some examples of activities that should raise a red flag. Phishing/Spear Phishing/Vishing/Smishing/Spoofing/etc.
Unusual System and Performance Issues:
Suspicious Network and Internet Activity
Unauthorized Access and Account Changes
All data is useful to a cyber-criminal in their efforts. They are patient, they are persistent, and they have time. This is why protecting both personal and professional is imperative. Applying Countermeasures to Protect Against a Cyber-Attack Countermeasures are critical to safeguarding against cyber-attacks. This is not an exhaustive list but, here are some things that you can do to protect yourself and your organization. All Personnel
Management and IT Departments
In many situations, attackers will attempt to disguise themselves as a trustworthy entity and contact their target via email, social media, phone calls (“vishing” / voice-phishing), and text messages (“smishing” / SMS-phishing). Don’t fall for it! Do not click on links in emails or text messages unless you know they are legitimate and safe. If it seems off in any way, verify with the individual through a known and confirmed email address or phone number! Care what you share! Publicly available information helps cyber-criminals and foreign intelligence agents identify people who may potentially have access to information they want. Whether you have access, or not, every one of us is a potential steppingstone. Information on public facing sites can help them identify people of interest, and any information they can obtain from a person of interest is useful to them in putting together a bigger picture. Why Reporting is Critical & How to Report Concerns Personnel should report any suspected cyber-attack to the company’s IT department and their FSO immediately. A good rule of thumb is: If anything seems off, or you suspect you have been the target of a cyber threat, report it. Organizations that do business with the U.S. Government must report any cyber intrusion or attempted intrusion through proper USG channels. Cyber intrusions must be reported within 24 hours of occurrence! Report all Cyber threat concerns to your organization's IT Dept and FSO! Want to learn more? Resources and Additional Learning:
As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate things to ensure you fulfill all requirements September is Insider Threat Awareness month! While insider threat is a significant concern that must be considered throughout the year, we would like to take a little time this month to emphasize the importance of deterring, detecting, and mitigating threats posed from trusted insiders, and foster a deeper understanding of indicators and reporting requirements related to insider threat.
What is an Insider? An insider is anyone that has, or has had access to an organization's resources, facilities and information, network or systems. What is an Insider Threat? The threat that an insider will use their authorized access, wittingly or unwittingly, to do harm to their organization or the security of the United States. Who is at risk of becoming an Insider Threat? Anyone can be at risk of becoming a threat, whether intentionally or unintentionally. Who are our adversaries? Adversaries include foreign governments, foreign and domestic terrorist organizations, competitors, non-state actors, and anyone seeking to do harm to the U.S., our people, or your organization. Think back on our previous teachings about counterintelligence, suspicious contact, foreign activities, etc. Remember how and why adversaries seek to target us and elicit information. They will do whatever is necessary to get their hands on ANY non-public information that we, as insiders, can provide. Understanding Insider Threat Most insider threats do not start out as a threat; rather, they evolve into a threat over time. The pathway to an insider incident is often complex. Minor frustrations and stressors, both personal and professional, can add up and increase the possibility that an individual may become careless, negligent, or malicious. Insider threats occur for a wide variety of reasons and can be deliberate or unintentional. Insiders do not need to hold a high rank or position to inflict grave damage. Technology can empower individuals at all levels and it is possible for one person, regardless of rank or position in an organization, to do a lot of damage. Some individuals blatantly seek to do harm. They may become so disillusioned that they act with malice. They may feel sympathy for or be swayed by an adversary. They may have gotten themselves into a bad situation and see no other way out. Some individuals may have no active intent to do harm but commit unintentional acts, often through negligent or accidental behaviors, but the impact can be just as significant. If we are not careful with the information we share, we may unwittingly become an insider threat. In addition, while we often focus on unauthorized disclosure and the threat of adversaries stealing information, we must also consider workplace violence. Regardless of intent, an insider threat can cause grave and irrevocable damage. Damage from an insider threat can include, but may not be limited to resource degradation, harm to national security, reduced military strength and mission readiness; loss of organizational reputation, innovation, and industry advantage; financial instability; and even potential injury to persons or loss of life. We can reduce risk by promoting awareness, establishing an effective Insider threat Program, training our workforce, effective reporting, and providing resources to support individuals who may be struggling. When we recognize and report concerning behaviors and indicators, we can work to detect, deter, and mitigate potential threats before they escalate. Risk assessment must consider all possible threats, from theft of information to violent acts. Every organization should have an Insider Threat Program designed to deter, detect, and mitigate actions by insiders who may pose a threat. The Insider Threat Program must address and analyze information from multiple sources regarding behaviors and risks that could potentially do harm and should employ holistic and multidisciplinary responses for managing insiders who are at risk, while maintaining their privacy and civil liberties. The organization’s Insider Threat Program Senior Official (ITPSO) implements insider threat program activities, including daily operations, management, and ensuring standards of compliance. The Facility Security Officer (FSO) is in charge of managing security in the organization’s facilities. Leadership is responsible for promoting a protective and supportive culture throughout the organization to support their workforce and encourage understanding and compliance with the Insider Threat Program. Access Attributes: Access is at the heart of understanding and characterizing insider threats. Without access, there is no insider. That said, access comes in many forms. There is physical access to buildings, spaces, people, assets, etc., virtual access to computer networks and systems, access to organizational knowledge, acquired skills, specialized training, and more. In that light, every organization has some inherent insider threat risk. We cannot function without entrusting people with valuable tools and information, so every person within an organization typically has some form of access that could be exploited. Risk can be reduced when sensitive access is properly assigned, managed, and protected, and when individuals take their responsibility to report concerning behavior seriously. Recognizing Reportable Insider Threat Indicators As a staff member or employee of your organization, your responsibility is simple. You must report concerning behavior to the appropriate individuals within your organization. It is not your responsibility to know specifically what is going on, but you must be able to recognize concerning behaviors and know how to report them. Concerning behaviors is a broad term to describe any observable behaviors or actions that suggest an individual may be at risk of becoming an insider threat, may be acting in a way that is risky or negligent, may be planning to take a malicious act, or may be actively carrying out a malicious act. Some are easily defined and categorized, others are more subtle and difficult to identify. While we will not go into extreme detail here, we have listed below some common categories of concerning behaviors and shed a bit of light on some of the more nuanced categories. We encourage you to dive deeper on this list by reviewing the DCSA Insider Threat Indicators Job Aid and DITMAC – What Should I Report?
Interpersonal behaviors are actions, words, and body language we use when interacting with others in social situations. Personal Predispositions are personal characteristics, personality traits, and circumstances that make a person more likely to engage in risky behavior. Stressors are events or situations that cause an individual to feel pressure or anxiety and may lead them to act in ways they normally wouldn’t. Stressors can be personal, professional, financial, etc. Some indicators involving interpersonal behaviors, predispositions, and stressors would be significant changes in personality, behavior, or work habits, disgruntlement that could lead to a desire to retaliate, engaging in arguments or altercations, engaging in risky or inappropriate behavior, history of rule violations, untruthfulness, social network risks, etc. Insider threat case studies indicate that individuals with medical or psychiatric disorders, or personality or social skills issues are more likely to engage in risky behavior. Problematic Organizational Responses are a factor that should be considered. Inadequate organizational responses can escalate the actions of at-risk individuals who are more likely to plan and execute attacks. This includes, but is not limited to, inattention, lacking risk assessment processes, inadequate investigation, and other actions that escalate risk. Many past insider threat case studies indicate that there was insufficient concern prior to the incident, or a lack of organizational mechanism to organize and communicate potential threat information to the appropriate security officials to prevent, deter, detect, or mitigate malicious actions. Many known insider threats have been associated with one or more reportable indicators and bits of information, from differing perspectives, can add up to a bigger picture of a concerning landscape. Why Reporting is Critical & How to Report Concerns Insider threats can cause grave damage to an organization, to people, and to our country. An organization’s workforce is the first line of defense against insider threats, and we are all obligated to report concerning behavior. Any concerning behavior, any indicators, any information about any individual that could indicate that a person is, or could become, an insider threat, must be reported to your organization’s FSO and ITPSO immediately upon discovery. NEVER assume someone else has or will report a concern! If you have a concern or suspect someone is at risk of becoming a threat, you must report it. Failure to report can result in fines, prison, or both. Security is everyone’s responsibility. Protecting our organization, our coworkers, and our country should always be our top priority. Report all insider threat concerns to your organization’s FSO and ITPSO! It is our job as security professionals to help you navigate any situations that arise. Whistleblower Protection It is important to note that making a protected disclosure does not indicate an insider threat. Whistleblowing is the reporting of waste, fraud, abuse, corruption, or dangers to public health and safety to someone who is in the position to rectify the wrongdoing. Employees are protected from employer retaliation via the Whistleblower Protection Act and Security Executive Agent Directive (SEAD) 9: Whistleblower Protection. It is unlawful for your employer to take any action affecting your access to classified information in reprisal for making a protected disclosure. A disclosure is protected if it meets two criteria.
Organizations should have whistleblowing policies defining the correct way to report as opposed to releasing the information to the media or an unauthorized source. Releasing information to the media or an unauthorized source is unauthorized disclosure. It is a crime and is not whistleblowing nor applicable to whistleblower protection. The DoD National Hot Line is always available to all individuals to report fraud, waste, abuse, corruption, or dangers to public health and safety. Email: [email protected] | Phone: 1-800-424-9098 | Website: https://www.dodig.mil/Hotline | Mail: Defense Hotline, The Pentagon, Washington, DC 20301-1900 Resources and Additional Learning Additional information about this topic can be found:
As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate things to ensure you fulfill all requirements. Every federal contractor facility has access to U.S. government information, in some form or fashion. As such, every person that works for or with a federal contractor facility has a direct impact on the security of our country and the safety of our people and technology.
Due to technological advances, the threat from adversaries looking to do harm to the United States has never been greater. The ease of connecting with people across the globe, and increasingly advanced capabilities to hide or steal someone’s identity, have made it simple for bad actors to contact, and potentially exploit, anyone that could potentially help them obtain information to further their malicious objectives. Our work for the U.S. government, and all information obtained through that work, must be protected from these threats. Every person, at every level of business, plays an important role in that protection as we all have at least one piece of information that would be beneficial to a U.S. adversary. You may think you don’t know anything that would be helpful but, one seemingly small piece of information could be the missing link that an adversary needs to do harm. As such, we must all be aware of the ways that our adversaries will attempt to exploit us to obtain information. We must know what suspicious contact looks like and how to report it. It is important to consider the possibility of suspicious contact in every professional and personal interaction. What is Suspicious Contact? Consider this. You are out celebrating your promotion with some colleagues. A nice couple at the bar overhears your celebration, so they come over and engage you in conversation. Initially, they simply congratulate you and ask a few seemingly innocent questions, but their questions turn into deeper inquiries about your company and the work you do. Should you report this interaction to your FSO? Now consider this. You are at a seminar. You strike up a conversation with a fellow attendee, who tells you that they are a college student looking to land an opportunity in your field. They ask a lot of questions about a government project you did work on. You evade the questions and turn the conversation elsewhere, however, after the seminar they begin emailing you, continuing to probe about your work and persistently ask if you can get them onto your latest project. Should you report this interaction to your FSO? Finally, consider this. You are a recruiter considering candidates for a position supporting a government contract that states U.S. citizenship or security clearance is required. You receive a resume from an individual and it is evident that the person does not meet the citizenship requirements. Should you report this to your FSO? In all of these scenarios, the answer is YES. These are all examples of reportable suspicious contact. Suspicious contact is any effort by any individual, regardless of nationality, to obtain illegal or unauthorized access to information or to compromise an individual, as well as all contacts with known or suspected intelligence officers from any country, or any contact which suggests the individual concerned may be the target of an attempted exploitation. Suspicious Contact Tactics Not all suspicious contact is obvious. While it is possible that a foreign spy will walk up to you and simply ask for sensitive or classified information, elicitation is typically more subtle. Elicitation is the strategic use of conversation to extract information from people, without giving them the sense that they are being interrogated, to facilitate future targeting attempts. Information collectors for foreign intelligence entities (FIE) commonly use elicitation to collect sensitive and/or classified information through what appears to be normal, even mundane, social or professional contact. They attempt to confirm or expand upon their knowledge or gain clearer insight into a person’s placement and access to assess the possibility of exploitation or recruitment. These attempts can come in many forms, from many places, all of which are relevant and must be reported appropriately. Information collectors come from all over the world, even from “friendly” countries. They target a variety of technologies and information, through many operational methods, utilizing a wide range of contact methods. DCSA and DNI both put out a report each year regarding the top threats and mechanisms. According to the DCSA 2024 Report on Targeting U.S. Technologies and the DNI 2025 Annual Threat Assessment, the following are the most prevalent concerns and methods. Top 3 Information Collector Regions are:
Top Targeted Technologies are:
Top Methods of Operation are:
Top Methods of Contact are:
Information Collectors may be commercial sector affiliated, foreign government affiliated, or individuals of unknown affiliation. Though these reports rate the top methods of contact, it is important to note that suspicious contact occurs through a wide variety of methods and all should be considered.
Recognizing Suspicious Contact and Applying Countermeasures Suspicious contact can occur by any means where a foreign actor, agent, or recruiter is in direct or indirect contact with the target. They may even work through known and trusted contacts to do so. Likely indicators of elicitation and suspicious contact include, but may not be limited to:
Examples of reportable suspicious Contact include, but may not be limited to:
Things you can do to reduce the risk of exploitation:
If you believe someone is actively attempting to elicit information from you, you can:
At the heart of it all is this: No matter where you are, no matter who you are communicating with…Care what you share and report suspicious interactions! Do not take anything for granted when being asked for information. It is always important to be situationally aware when we are discussing work, and we should never assume that someone is simply curious when they are asking questions. Why Reporting is Critical & How to Report Concerns You are a target because of where you work, who you work with, and the sensitive or classified information you could potentially have access to. Every individual that works for or with an organization that performs on U.S. Government contracts should be wary of anyone that tries to obtain information that they are not authorized to have. Elicitation can be subtle. Requests from professional or personal contacts may seem harmless, however, you should report any odd or suspicious conversations to your company’s FSO immediately upon occurrence. It is important to note that it is NOT your job to determine if suspicious communications present a legitimate concern or threat. It IS your responsibility to simply report any suspicious interactions to your FSO. The FSO is in the best position to assess the situation and ensure the information gets to the appropriate government officials for investigation. A good rule of thumb when interacting with others, is this: If you have to say “No” let your Facility Security Officer know. You must report the following to your FSO immediately:
Resources and Additional Learning: DNI 2025 Threat Assessment Report DCSA 2024 Targeting U.S. Technologies Report Identifying Suspicious Contact What to Report – Examples of Suspicious Contact Suspicious Emails Reporting Job Aid Case Study Library 32 CFR Part 117 (NISPOM Rule) 32 CFR Part 147 (Adjudicative Guidelines) As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, FSO PROS® is here to help you navigate things to ensure you fulfill all requirements. We may think it only happens in movies, but espionage is a very real threat. Spies are out there, they are targeting our nation’s most valuable information and technology, and they are more active than ever before.
The truth is that U.S. information and technologies are targeted every day. Advancements in technology have only made the modern day spy’s job easier. Our position as the dominant political, economic, and military force in the world means that every country, friendly or not, wants to know our secret sauce and they will do whatever it takes to get it. Every one of us plays a role in protecting our country and we must be vigilant. What is Counterintelligence? Counterintelligence is information gathered, and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities. The goal of counterintelligence is to:
The U.S. technological lead, competitive edge, and strategic military advantage are at risk. If not protected, our national security interests could be compromised. Countering this threat requires knowledge of the threat and diligence on the part of all personnel charged with protecting information. Are You a Potential Target? In short, anyone that has, or could have, access to targeted information, knowledge of information systems, or security procedures, is a potential target to foreign intelligence services. As individuals working in the U.S. government space, we are all part of the process and, as such, we are all targets. This includes, but is not limited to:
MCMO (Methods of Contact and Methods of Operation) Those seeking to steal protected data and technology use a variety of collection methods to further their agenda. It is important to understand that protected information includes both Controlled Unclassified (CUI) and Classified information, as both are of interest to foreign entities and must be protected. Common collection methods include, but may not be limited to: Requests for Information (RFI) and Solicitations: Attempts to collect protected information, directly or indirectly, by asking, petitioning, requesting, or eliciting protected information, technology, or persons. Exploitation of Relationships: Attempts to leverage personal or authorized relationships to gain access to protected information. Attempted Acquisition of Technology: Attempts to acquire controlled information or technology through direct contact, front companies, or intermediaries. Of particular interest are equipment, diagrams, schematics, plans, or product spec sheets, etc. Exploitation of Business Activities: Attempts to establish or leverage relationships to obtain access to protected information and/or technology. Most commonly through joint ventures, partnerships, mergers and acquisitions, foreign military sales, service providers. Exploitation of Cyber Operations: Attempts to conduct actions that could compromise or risk confidentiality, integrity, or availability of targeted networks, applications, credentials, or data to obtain access to, manipulate, or exfiltrate protected information, technology, or personnel information. Exploitation of Experts: Attempts to obtain access to protected information, technology, or people through requests for peer or scientific review of academic papers, presentations, requests to consult with faculty members or subject matter experts, invites to participate in foreign conferences, lectures, tradeshows, requests to collaborate with foreign academic institutions, or attempts to entice subject matter experts to travel abroad or consult for foreign entities. Exploitation of Insider Access: Attempts by trusted insiders to exploit their authorized placement or access or to cause other harm to compromise protected information, technology, or persons. Exploitation of Security Protocols: Attempts by visitors or unauthorized people to circumvent or disregard security procedures, or behaviors by cleared or otherwise authorized individuals that may indicate a risk to protected information, technology, or people. Exploitation of Supply Chain: Any activities intended to compromise supply chains. May include introduction of counterfeit or malicious products or materials to gain unauthorized access to protected data, alter data, disrupt operations, or interrupt communications. Resume Submission: Applications and/or submission of resumes by foreign individuals seeking academic or professional placement that could facilitate access to protected information, whether by need or proximity. Search and Seizure: Temporarily accessing, taking, or permanently dispossessing an individual of property or restricting freedom of movement via tampering or physical searches of persons, environs, or property. Surveillance: Observation of equipment, facilities, sites, or personnel associated with classified contracts to identify vulnerabilities and/or collect information, through visual, aural, electronic, photographic, or other means Theft: Attempts to acquire protected information with no pretense or plausibility of legitimate acquisition. Common methods of contact include, by may not be limited to:
Countermeasures Countermeasures are actions we can take to protect against threats that aim to neutralize or mitigate threats posed by foreign intelligence entities or individuals acting on their behalf. Deploying countermeasures is critical to protecting information, technology, and people. A strong countermeasures plan utilizes defensive, offensive, and investigative measures to both detect and deter threats. The plan should be proactive, adaptive, and integrated throughout the organization. Countermeasures may include:
Clearance Advertising is Prohibited The simple fact that an organization has been granted the ability to perform work in the U.S. Government space makes that organization, and everyone in it, a target for exploitation. Organizations that have been granted facility clearance under the National Industrial Security Program (NISP) are bound by 32 CFR Part 117 (NISPOM) which states that a cleared contractor may not use its favorable entity eligibility determination for advertising or promotional purposes. “Advertising” that a company has a facility clearance is strictly prohibited. You may never state that your organization is a cleared facility, nor include any facility clearance information in any public facing space (on websites, social media, etc.), nor in any promotional or marketing materials. Advertising that you, personally, have been granted a security clearance puts a bullseye on you and your organization. While not expressly prohibited, as with facility clearances, individuals that have been granted a security clearance should take extreme caution when sharing information about their clearance and the work that they do, with anyone, and should NEVER:
Reporting Requirements If you have any reason to suspect that you, someone you know, or your company is being targeted by a foreign intelligence service or any other potentially malicious actor, please contact your FSO immediately. Recognizing and reporting indicators is critical to disrupting counterintelligence threats and mitigating risks. Resources and Additional Learning
As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, FSO PROS is here to help you navigate things to ensure you fulfill all requirements. The United States is the dominant political, economic, and military force in the world. We have power, information, and technology that other countries want, and they will not hesitate to harm or exploit U.S. persons to obtain it.
The mission of foreign intelligence services is to obtain or steal any information that could be useful to their country, and they will exploit whomever they can to meet this objective. For a foreign intelligence agent, every interaction is a potential data mine. Even if a person does not have direct access to information, they are a step on the pathway to someone who does. Your spouse, children, relatives, and friends are steppingstone to you. You are a step toward your boss or a government customer. Foreign intelligence agents are patient. They will spend years cultivating relationships, and will use anyone they can get access to, to connect dots along the way. Every U.S. person is a potential target for exploitation. Our work in the government space means that we are of particular interest to foreign actors. It makes us, and our loved ones, far more likely to be targeted. For this reason, we must take extra precautions when interacting with any foreign person(s), foreign entity, foreign business, or foreign organization. We must know what we are required to report and when we must report it. Foreign Travel U.S. Citizens are often targeted while traveling outside the U.S. Even in “safe” countries, there are risks and precautions we must take to ensure safety and awareness when traveling. The threat landscape is vast. Tourist attractions and high traffic areas are prime targets for terrorist attacks. The presence of foreign intelligence agents is exponentially increased in other countries. Even simple criminal elements, like petty thieves, are a much greater risk to our safety and data when we are traveling. We are on their turf, and they know it, so it is crucial that we be hypervigilant in protect ourselves and our belongings when traveling. Foreign intelligence agents may go for a quick grab, breaking into your vehicle or hotel room to see if there is easy info to steal. They will pose as friendly helpers such as tour guides, hotel workers, restaurant workers, taxi drivers, etc., just going about their business with open ears or waiting for an opportunity to connect and establish that first pathway toward exploitation. Foreign agents are often placed in positions where they have a strategic authoritative role such as police, emergency services, or airport security. Here they will have the ability to detain and questions U.S. citizens under laws that are much different than those we are accustomed to in the U.S. Any information we may have due to our work with the Federal government is of value to them. The threat of targeting and exploitation is significantly higher when an individual travels outside the U.S. As such, federal contractor facilities and their personnel are subject to foreign travel briefing and reporting requirements as outlined in 32 CFR Part 117, SEAD 3, and certain program specific reporting guidelines. FSOs are required to provide travel safety briefings, country specific briefings, and post-travel debriefing. Travel to certain locations will require special pre and post travel briefings with a DCSA CISA and almost all travel must be formally reported to the DoD and/or the government customer prior to the person’s departure. These briefing and reporting requirements must be considered any time we are planning to travel outside the U.S., even to Mexico and Canada. Whether your travel is personal in nature, business related, government contract related, etc., reporting it to your FSO will ensure proper briefing and reporting can be identified and administered relevant to your specific circumstances. For this reason, we recommend that all contractor personnel (employees and consultants) report any travel outside of the United States, both personal and professional, to their company’s FSO at least 30 days prior to departure (whenever possible). Your company’s FSO is in the best position to determine what types of briefing and reporting are required for you and your specific travel occurrence. Pre-Travel: Ideally any travel outside the US should be reported to your FSO at least 30 days prior to your departure to allow appropriate time to prepare your travel briefings and complete any necessary reporting. When 30 days’ notice is not possible, the travel should be reported immediately upon booking. For those that live in border areas, unexpected day trips to Mexico and Canada should still be reported prior to departure but MUST be reported within 5 days of return. Changes to your travel itinerary should be reported to your company’s FSO as soon as possible. Post-Travel: Foreign travel debriefing is required. Covered individuals should contact their company’s FSO immediately upon return to complete post travel debriefing requirements. Also important to note: If you are assigned or stationed at a location outside of the US, and travel outside of the country of your duty location, this is required foreign travel reporting! Foreign Considerations (Contact, Influence, Interests, Activities, Conflicts of Interest) Foreign contact, foreign influence, and foreign activities are a significant consideration for anyone working in the U.S. Government space. Everyone working with a Federal Contractor facility should be aware of foreign considerations that they must report whether that information is about themselves or another person. Covered individuals are required to self-report any contact with foreign nationals, potential foreign influence, foreign activities or interests, suspicious contact, any information that could raise concerns of a perceived conflict of interest, or any other information pertinent to connections with a foreign country or foreign persons. Foreign considerations may be considered a national security concern if they increase the risk of divided allegiance, create circumstances in which the individual may be manipulated or induced to help a foreign person, group, organization, or government in any way that is inconsistent with U.S. interests, or if the circumstances could make the individual vulnerable to pressure or coercion by a foreign interest. The U.S. Government assesses risk with consideration to the country involved. There are many factors to consider, such as, the foreign country’s history of criminal activity, government upheaval, terrorism, targeting U.S. Citizens to obtain classified or sensitive information, etc. It is the government’s job to determine the level of acceptable risk in these situations, so all foreign considerations must be reported to your company’s FSO. Failure to report or fully disclose association with a foreign person, group, government or country when required, could result in loss of eligibility. Foreign considerations can create a heightened risk of exploitation, inducement, manipulation, pressure, or coercion. They must be reported whether they are personal or business related. If it touches a foreign person, country, government, business, organization, etc., you will have reporting requirements. Conditions that must be reported include, but may not be limited to:
Foreign Preference When and individual gives preference to a foreign country over the U.S., they are far more vulnerable to exploitation, more likely to provide information to malicious actors, and more susceptible to making decisions that could be harmful to U.S. interests. Foreign preference can raise concerns about an individual’s judgement, reliability, and trustworthiness, especially when they try to conceal it or become involved in activities that could conflict with U.S. interests. Conditions that could raise concern, and must be reported, include but are not limited to:
By itself, a U.S. citizen also having citizenship in another country is not necessarily disqualifying or derogatory, however, it must be reported so that it can be appropriately adjudicated. The same is true for U.S. citizens that may exercise any right or privilege of foreign citizenship or any action to acquire or obtain recognition of a foreign citizenship. Suspicious Contact Suspicious contact is any effort by any individual, regardless of nationality, to obtain illegal or unauthorized access to information or to compromise an individual. This includes any contact with known or suspected intelligence officers from any country, or any contact which suggests the individual concerned may be the target of an attempted exploitation. Examples of Suspicious Contact that must be reported include, but are not limited to:
If you have any reason to believe that you have received suspicious contact, you must report it to your company’s FSO immediately upon occurrence. Outside Activities Involvement in certain types of outside employment or activities, whether foreign entity related or not, could be a security concern if it poses a conflict of interest that could interfere with an individual’s responsibilities, or if it could increase the risk of unauthorized disclosure of classified or sensitive information. Outside Activities Involving Foreign Entities (Foreign people, governments, businesses, organizations, etc.) Some conditions that could raise concern, and must be reported, include but are not limited to:
Outside Activities NOT related to Foreign Entities Failure to report any employment or service with another organization, when required by your company or the government program you support, whether foreign related or not, whether compensated or volunteer, is considered a security risk. For example, if your organization or the government program you are supporting prohibits you from having a second job, speaking at conferences, having self-employment activities, moonlighting, etc., Failure to report raises a big red flag so, reporting is critical. Why Reporting is Critical & How to Report Concerns Full transparency and self-reporting about any foreign considerations is vital. All of the scenarios detailed above can raise concerns about a person’s suitability for access to classified or sensitive government information and must be thoroughly vetted by U.S. Government adjudicators. Failure to report is always worse than reporting. Security clearance and suitability vetting are predicated on trust. If you have been entrusted with access to classified or sensitive government information, full transparency is expected. Failure to report will always be viewed by Adjudicators from a lens of, “what is this person trying to hide and why?” If investigators find information on their own before you self-report, the red flag is much bigger and brighter and, the majority of the time, will garner steeper consequences than if you had simply reported the information yourself. All covered individuals must report any foreign travel, foreign considerations, suspicious contact, and outside activities to their company’s FSO. Your company’s FSO is in the best position to ensure reporting is provided to the appropriate parties as required for individuals to maintain their eligibility for access to classified or sensitive information. Should you have any question about how these reporting requirements may be relevant to you, please contact your company’s FSO! Resources and Additional Learning
As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate things to ensure you fulfill all requirements May is Mental Health Awareness Month!
Mental health is a critical part of a person's overall wellness. According to the CDC, mental illnesses are among the most common health conditions in the United States. Approximately 50% of the population will experience a mental health condition in their lifetime and 1 in 5 Americans are affected by mental illness each year. In the past, there was a stigma about seeking mental health care. Psychological conditions can raise concerns about an individual’s eligibility for access to classified and sensitive information. For this reason, Federal workforce members may be apprehensive about seeking assistance when it is needed and beneficial for their overall wellbeing. During this month of awareness, we would like to spotlight this topic as it pertains to government contractor workforce members and, hopefully, alleviate common concerns about seeking care for your mental wellbeing as a federal contractor. Destigmatizing Mental Health Care Mental health care is a positive course of action that often mitigates security concerns. Avoiding care can increase risk and create deeper concern. In recent years, significant strides have been made within the federal government to destigmatize seeking support. The primary concern with psychological conditions is that certain emotional, mental, and personality ailments can impair judgement, reliability, or trustworthiness. While these factors do require consideration in the adjudicative process, DCSA is working diligently to raise awareness that seeking mental health care and services, on its own, does not affect one’s ability to obtain or hold clearance eligibility and will not impact your national security eligibility. The Benefits of Mental Health Care and Stress Management Strategies Developing healthy strategies to deal with difficult emotions or situations is critical to our overall well-being and mitigating the risk that these stressors will create deeper concerns. Seeking care that can help us develop healthy coping mechanisms and strong problem-solving skills allow us to feel healthier overall and perform better when we are under stress. We are all individuals and developing strategies for navigating stress is a personal journey. What works well for one person, may not be helpful for another. Some techniques that many find beneficial are:
There are numerous resources, books, apps, and such, readily available. These can be effective tools to help you explore and develop coping strategies that are healthy and work best for you. Important things to consider when developing your stress management strategy is to personalize your approach, be consistent, and seek professional help when needed. You don’t have to do it alone! Seeking support when you need it is critical to your well-being. It can mitigate risk and provide significant benefit to your work performance, and life in general. Seeking professional help from therapists, counselors, or other mental health professionals can provide valuable tools and strategies for managing stress and anxiety. Many companies offer Employee Assistance Programs (EAP) or other similar programs to assist their personnel when trouble arises. Don’t be afraid to tap into these resources if you need them. If you need support, please reach out to your company’s HR department or FSO. We’re here to help you navigate these waters. When Are Mental Health Concerns Reportable One of the biggest questions surrounding mental health and security is…What is reportable? Security Executive Agent Directive 3 (SEAD 3) states you must report any apparent or suspected mental health issues where there is reason to believe it may impact a cleared individual’s ability to protect classified or other information specifically prohibited by law from disclosure. The DoD Manual 5200.02, Enclosure 11, SEAD 3, and ISL 2021-02 outline possible thresholds for what would merit reporting. Examples of these include:
SEAD 4 Adjudicative Guideline I, Psychological Conditions, also lists concerns as: § Any behavior that casts doubt on an individual’s judgment, stability, reliability, or trustworthiness. § An opinion by a medical professional that the individual has a condition that may impair their judgment, stability, reliability, or trustworthiness. § Voluntary or involuntary inpatient hospitalization. § Failure by the individual to follow a prescribed treatment plan. § Pathological gambling. Other DoD Policies surrounding Insider Threat Indicators should also be considered. Insider threat policies were derived from security incidents that have occurred and the indicators leading up to those situations. Many of those indicators have involved mental health and psychological considerations. Outside of government policies and security procedures, a primary reason to report mental health and psychological concerns is simply to help those in need. If you are struggling, or if you recognize that a colleague or co-worker might be having a difficult time, reporting these concerns could be the thing that helps someone get the support they need before a situation becomes dire. Will Reporting a Mental Health Concern Affect an Individual’s Clearance or Public Trust? History dictates that, in most cases, the answer is No. Behavioral mental health treatment is not an automatic disqualifier for a security clearance. DCSA Adjudications looked at the 5.4 million adjudicative actions taken from 2012 to 2020 and found that 97,000 cases dealt with psychological-related issues. Of those cases, only 62 were denied or revoked for psychological concerns. This equates to only 0.00115% of the total adjudicative actions. It is important to note that there can be mitigating circumstances that may ease security concerns. Examples include: § The person’s condition is controllable with treatment, and the person has demonstrated ongoing and consistent compliance with a treatment plan § The person voluntarily enters a counseling or treatment program § The opinion of a qualified mental health professional that the person’s condition is under control § The issue was temporary and has since been resolved § There is no indication of a current problem Why Reporting is Critical & How to Report Concerns Looking back on some of the most devastating security incidents that have occurred in our Nation's history, mental health and psychological considerations were prevalent pre-incident indicators. In almost all cases there were indicators but, unfortunately, other people around the individual either missed the warning signs or were simply afraid to report for fear the person would lose their clearance or get in trouble. Covered individuals working in the federal contracting space, are required to self-report. If you are going through a difficult time, seeking treatment, have received a mental health diagnosis, etc., please DO NOT BE AFRAID to reach out to your company's FSO. Reporting concerns about our co-workers and colleagues is equally important. Recognizing when someone is struggling, and reporting it appropriately, can be a critical piece toward getting them help before a bad situation occurs. If you have any concerns about the mental health of yourself or anyone else, please seek guidance from your company’s Facility Security Officer (FSO). Reporting is about so much more than whether or not a person will lose their clearance or get in trouble. Your FSO's job is to help you navigate compliance with security and reporting requirements. More importantly, we care about you and your well-being! If we can intervene to assist someone before a situation becomes dire, we may be able to mitigate a major security concern before it happens. Reporting is the responsibility of every covered federal contractor, however, more importantly, REPORTING CAN SAVE LIVES. Report all concerns to your company’s FSO! It is out job as FSOs to help you navigate any situations or concerns that arise. Resources and Additional Learning
Tax season is a great time to discuss financial considerations, and life changes that federal contractors and federal contractor personnel must report.
Every individual that works in and around the U.S. Government is a potential target for exploitation by malicious actors intending to do harm to the United States and its people. If you have been granted eligibility for access to classified or sensitive government information, you are a prime target for exploitation and attempts to elicit US Government information. In tandem, anyone in close proximity to any individual that has been granted eligibility could also be a target. Certain situations make us more susceptible to compromise and we be aware of those that must be reported to our company’s Facility Security Officer (FSO). Financial Difficulties and Distress One of the easiest pathways for our adversaries to elicit information is through offers of gifts and money or threats of exposing our difficulties. Financial distress can happen to anyone and may be caused by a variety of circumstances. While some situations may be created or exacerbated by poor self-control, lack of judgement, excessive gambling, mental health issues, or alcohol/drug/substance abuse/misuse or dependence, many people experience financial difficulty due to circumstances beyond their control such as job loss, medical debt, family crisis, or simply not having enough money coming in to meet their financial obligations. Regardless of the reason, when a person is overextended, having difficulty satisfying debts, meeting financial obligations, living within their means, or is simply overextended, there is a greater risk that they might engage in illegal or questionable activity to generate additional funds. Financial pressure makes us a prime target for exploitation, as it can be incredibly tempting to take an easy path toward easing the burden. Unexplained Affluence Unexplained affluence refers to a lifestyle, standard of living, or accumulation of wealth that cannot be reasonably attributed to a person's known income or legal sources. It can be a red flag, suggesting that a person may have access to illegal or undisclosed sources of income, and raises concerns about the person’s trustworthiness or vulnerability to bribery or coercion. It can look like a sudden increase in net worth, lavish purchases, or the repayment of large debts that are inconsistent with a person's known income sources. Financial Awareness and Reporting Financial Considerations Keeping a close eye on your financial data and credit information can help you identify if you are running into financial difficulty and if there is any questionable activity happening in your name. Your social security number and other personally identifiable information (PII) can be used to steal your identity and even open lines of credit in your name. This is one of the reasons that protecting PII is so critical! Maintain awareness of your financial situation, especially if you are not the person handling your finances. Credit monitoring can help you catch concerns before they get out of hand and before they come to the attention of the government. There are several credit monitoring services available that offer services to monitor your credit record regularly. In addition, all 3 credit bureaus will allow you to run your own credit report for free each year. We recommend you run all 3 annually. Always keep data safety in mind with credit monitoring services. Be cautious of fake website that are just trying to steal your information. If you find an error on your credit report or if you see an account that you do not recognize, contact the credit bureau directly and file a dispute immediately. If you suspect your Social Security number is being used fraudulently for income declaration purposes, we highly recommend that you contact the Social Security Administration at www.ssa.gov or call toll-free at 1-800-772-1213. They will review your earnings with you to ensure their records are correct. Reporting Financial Considerations The following circumstances must be reported to your company’s FSO, whether they are about yourself or another covered individual:
Changes in Personal Status / Life Changes If you have been granted security clearance or suitability for access to sensitive information (public trust, suitability vetting, contractor fitness, etc.) there are several basic life events and changes that must be reported to your company’s FSO. The following circumstances must be reported to your company’s FSO, whether they are about yourself or another covered individual:
Why Reporting is Critical & How to Report Concerns Despite the cause, both financial difficulties and unexplained affluence can raise concerns about an individual’s reliability, trustworthiness and ability to protect classified or sensitive information, and can impact an individual’s clearance or eligibility for access to sensitive information. Financial considerations must be reported immediately upon occurrence. Changes in personal status (life changes) must be reported to your company’s FSO as soon as you become aware that the change will occur. Don’t be afraid to lean on your FSO for support! We are here to help you. Your FSO can provide reporting guidance and/or point you toward company resources that may be able to assist you if you are in your time of need. Resources and Additional Learning
As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate things to ensure you fulfill all requirements |
Sign up to receive our monthly Security Snippet Newsletter!
Archives
January 2026
Categories
All
|
© 2015-2026. All Rights Reserved. | FSO PROS® is a Registered Trademark of FSO Pros LLC | A Subsidiary of Dexterity Services Corp.
Terms of Use & Privacy Policy
Terms of Use & Privacy Policy