Reviews conducted after insider threat incidents — such as the loss of classified information or an active shooter — have shown that many of the insider’s colleagues were aware something was off, but they never said anything.
Throughout September, the Office of the Director of National Intelligence, the Department of Defense, the FBI, the Department of Homeland Security, the Department of State and other federal agencies will be holding events to emphasize the importance of safeguarding the nation from insider threats and to share best practices for mitigating those risks.
The first National Insider Threat Awareness Month aims to educate federal employees, private sector stakeholders and other audiences about the serious risks posed by insider threats, while encouraging employees to recognize and report anomalous activities so early intervention can occur, leading to positive outcomes for at-risk individuals and reduced risks to organizations.
“Insider threats are posed by persons who use trusted access to do harm to the department’s facilities, resources or people,” said Dr. Brad Millick, director of the Defense Department’s counter-insider threat program within the Office of the Undersecretary of Defense for Intelligence.
Spies, workplace shooters and disillusioned employees who post sensitive or classified documents on the internet are examples of insiders and their harmful activities. Their actions put lives, missions and dollars at risk.
Millick said an insider may be a DOD employee or contractor or others granted access to DOD facilities, and the threat posed to the department could involve more than stealing classified data. Malevolent insiders could commit workplace violence, sabotage, or unauthorized disclosure of protected information.
He advised that insiders who plot to do damage often talk about their plans before they act; a phenomenon psychologists call “leakage.”
“Workplace vigilance is the key to early detection of potential insider threats,” he added. “We want to provide employees with the knowledge to identify warning signs and the ability to report concerning behaviors or indicators.”
The National Counterintelligence and Security Center (NCSC) Director, William Evanina said all organizations are vulnerable to insider threats from employees who may use their authorized access to facilities, personnel or information to harm their organizations, be it intentionally or unintentionally. “The harm can range from negligence, such as failing to secure data or clicking on a spear-phishing link, to malicious activities like theft, sabotage, espionage, unauthorized disclosure of classified information or even violence,” Evanina said.
All federal agencies with access to classified information are required to have their own insider threat detection and prevention programs. The Executive Order also directed the creation of the National Insider Threat Task Force (NITTF) under the leadership of the Attorney General and the Director of National Intelligence. NITTF is co-directed by the FBI and NCSC.
The Center for Development of Security Excellence, an organization under the Defense Counterintelligence and Security Agency, has developed a communications packet to assist Counter-Insider Threat Program managers at each DOD organization in engaging with their respective workforce. The packet includes awareness training, eLearning games, case studies, posters and videos, and all can be found at cdse.edu.
On September 3, NCSC listed several examples which underscore the impact of insider threats to both government and businesses:
Violence — Coast Guard Lt. Christopher Hasson was arrested in February on weapons and drug charges after the FBI found 15 firearms and more than 1,000 rounds of ammunition in his residence. In court documents, prosecutors alleged Hasson is “a domestic terrorist, bent on committing acts dangerous to human life that are intended to affect governmental conduct.” In May, Virginia Beach city employee DeWayne Craddock opened fire inside a Virginia Beach municipal building, killing 12 people before police fatally shot him. In February, Gary Martin killed five co-workers at a manufacturing plant in Aurora, Ill., after being fired at a meeting.
Betrayal — In July, former State Department employee Candace Claiborne was sentenced to prison for lying about receiving tens of thousands of dollars in gifts from Chinese intelligence agents in exchange for providing them with internal State Department documents. In February, former U.S. service member and counterintelligence agent Monica Witt was indicted for conspiracy to deliver and delivering national defense information to the Iranian government. As part of this effort, she allegedly helped Iranian hackers target her former U.S. Intelligence Community co-workers and colleagues with cyberattacks.
Cyber Incidents — An Office of Management and Budget report released in August found that more than half (16,604) of the 31,107 reported cybersecurity incidents suffered by the federal government in Fiscal Year 2018 resulted from email/phishing attacks that federal employees fell for, or from improper use of computer systems by employees with authorized access. Meanwhile, an indictment unsealed in August detailed how a Pakistani national and his co-conspirators paid AT&T insiders more than $1 million in bribes to unlock more than 2 million cell phones by installing malware and unauthorized hardware on AT&T’s computer systems.
Unauthorized disclosure / retention of classified information — In July, former National Security Agency (NSA) contractor Harold Martin was sentenced to prison for stealing and retaining classified information at his home. In May, former National Geospatial-Intelligence Agency contractor Daniel Hale was arrested for allegedly disclosing classified information to a reporter. Last October, former FBI agent Terry Albury was sentenced to prison for disclosing classified information to a reporter, while last August, former NSA contractor Reality Winner was sentenced to prison for providing classified information to a news outlet.
Theft of intellectual property — Last week, former Google executive Anthony Levandowski was indicted on charges of theft of trade secrets on autonomous vehicles from Google. In April, an indictment was unsealed charging former General Electric (GE) employee Xiaoqing Zheng with conspiring to steal GE turbine technologies for China while employed by GE. In December, an individual was charged with theft of trade secrets related to a product worth more than $1 billion from his U.S.-based petroleum company employer. An indictment unsealed last October detailed how Chinese intelligence officers recruited an aerospace company employee to install malware on a company laptop to facilitate cyber intrusions and theft of trade secrets.