Insider Threat Awareness
September is Insider Threat Awareness month! While insider threat is a significant concern that must be considered throughout the year, we would like to take a little time this month to emphasize the importance of deterring, detecting, and mitigating threats posed from trusted insiders, and foster a deeper understanding of indicators and reporting requirements related to insider threat.
What is an Insider? An insider is anyone that has, or has had access to an organization’s resources, facilities and information, network or systems.
What is an Insider Threat? The threat that an insider will use their authorized access, wittingly or unwittingly, to do harm to their organization or the security of the United States.
Understanding Insider Threat
Most insider threats do not start out as a threat; rather, they evolve into a threat over time. The pathway to an insider incident is often complex. Minor frustrations and stressors, both personal and professional, can add up and increase the possibility that an individual may become careless, negligent, or malicious.
Insider threats occur for a wide variety of reasons and can be deliberate or unintentional. Insiders do not need to hold a high rank or position to inflict grave damage. Technology can empower individuals at all levels.
Regardless of intent, an insider threat can cause grave and irrevocable damage, including: resource degradation, harm to national security, reduced military strength; loss of organizational reputation, innovation, and industry advantage; financial instability; and even potential injury to persons or loss of life.
Every organization should have an Insider Threat Program designed to deter, detect, and mitigate actions by insiders who may pose a threat. The organization’s Insider Threat Program Senior Official (ITPSO) implements insider threat program activities. The Facility Security Officer (FSO) is in charge of managing security in the organization’s facilities.
Recognizing Reportable Insider Threat Indicators
Your responsibility is simple: report concerning behavior to the appropriate individuals within your organization. Common categories of concerning behaviors include:
- Professional Lifecycle and Performance Indicators
- Security/Compliance Incidents
- Technical Activities and Technology Related Indicators
- Questionable Allegiance to the United States
- Foreign Considerations, Influence, and Preference
- Financial Considerations
- Criminal, Violent, and Abusive Conduct
- Substance and Alcohol Abuse or Misuse
- Judgment, Character, and Psychological Conditions
- Violent Behavior and Violent Extremist Mobilization Indicators
- Suspicious Contact and Unauthorized Disclosure
Whistleblower Protection
It is important to note that making a protected disclosure does not indicate an insider threat. Whistleblowing is the reporting of waste, fraud, abuse, corruption, or dangers to public health and safety to someone who is in the position to rectify the wrongdoing. Employees are protected from employer retaliation via the Whistleblower Protection Act and Security Executive Agent Directive (SEAD) 9.
The DoD National Hot Line is always available to all individuals to report fraud, waste, abuse, corruption, or dangers to public health and safety.
Email: dodighotline@dodig.mil | Phone: 1-800-424-9098 | Website: https://www.dodig.mil/Hotline
Why Reporting is Critical
An organization’s workforce is the first line of defense against insider threats. Any concerning behavior must be reported to your organization’s FSO and ITPSO immediately upon discovery.
NEVER assume someone else has or will report a concern! Failure to report can result in fines, prison, or both.
Resources and Additional Learning
- CDSE Insider Threat Awareness
- DITMAC – DOD Insider Threat Management and Analysis Center
- Insider Threat Toolkit
- 32 CFR Part 117 (NISPOM Rule)
As always, if you have any questions, ask your FSO!
