NCSC, NITTF, the Office of the Under Secretary for Defense for Intelligence and Security, the Defense Counterintelligence and Security Agency (DCSA), the FBI, and the Department of Homeland Security (DHS) and will be holding Insider Threat events during September. The goal is to educate federal and industry employees about the risks posed by insider threats and encourage employees to recognize and report anomalous activities so early intervention can occur, leading to positive outcomes for at-risk individuals and reduced risks to organizations.
All organizations are vulnerable to insider threats from employees who may use their authorized access to facilities, personnel or information to harm their organizations — intentionally or unintentionally. The harm can range from negligence, such as failing to secure data or clicking on a phishing link, to malicious activities like intellectual property theft, sabotage, espionage, unauthorized disclosure of classified information or even violence.
“Most insider threats display concerning behaviors before engaging in negative events. Our objective is to help government and corporate organizations get ahead of the problem by bolstering their insider threat programs so they can detect, engage and assist at-risk employees before they go down the wrong path,” said NCSC Director William Evanina. “COVID-19 has posed new challenges — with employees subject to new stresses and more of them working from home — and we’ve been working with partners to enhance their employee engagement.”
The theme for this year’s National Insider Threat Awareness Month (NITAM) is resilience. Effective Insider Threat programs promote personal and organizational resilience to mitigate risks. These programs provide positive interventions when employees are struggling, offering them help before they potentially become insider threats. Insider Threat resources are available at the NITTF website or DCSA’s NITAM website.
A sample of recent arrests and prosecutions underscores the risks posed by insider threats to government agencies, businesses, research facilities and universities.
- On August 21, 2020, an individual was arrested for conspiring to provide Russia with classified information, including while he served in the U.S. Army Special Forces.
- On August 14, 2020, an individual was arrested for conspiring to provide China with classified information, including while he worked as a contract linguist for the FBI.
- On July 30, 2020, an individual pleaded guilty to conspiring to steal medical trade secrets from her employer, the Research Institute at Nationwide Children’s Hospital in Ohio, to benefit a company she and her husband formed in China.
- On February 27, 2020, an individual was sentenced to prison for stealing trade secrets worth more than $1 billion from his employer, a U.S. petroleum company.
- On January 31, 2020, an individual was sentenced on weapons and drug charges after a successful Insider Threat investigation indicated he was planning acts of violence and stockpiling weapons while working at the U.S. Coast Guard, leading to his arrest.
Pursuant to a 2011 Executive Order, all federal agencies with access to classified information are required to have their own Insider Threat detection and prevention programs. The Executive Order also directed the creation of the NITTF under the leadership of the Attorney General and the Director of National Intelligence. NITTF is co-directed by the FBI and NCSC, and is currently directed by a career FBI official.
Since its inception, the NITTF has been working to assist federal agencies build programs at their agencies that deter, detect and mitigate Insider Threats, taking into account the distinct needs, missions and systems of each individual agency. NITTF has also expanded its outreach to entities beyond federal agencies to help raise awareness of insider threats and best practices for mitigation. NITTF assistance has included:
- Providing training to thousands of Insider Threat practitioners in government and businesses
- Publishing national policy, minimum standards and a maturity framework for federal insider threat programs
- Conducting independent assessments of federal Insider Threat programs
- Providing Insider Threat trend analysis, technical assistance, guidance and best practices
- Engaging internal and external partners to help Insider Threat programs develop
It is important to note that Insider Threat programs across the U.S. government target anomalous activities, not individuals. Each agencies’ Insider Threat program is coordinated with their respective legal counsel, civil liberties, and privacy officials to guarantee civil liberties, privacy, and whistleblower protections.