According to a 2011 Presidential Executive Order, an Insider Threat is “a person with authorized access who uses that access to harm national security interests or national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.” Put simply, Insider Threat means the unauthorized disclosure of classified information that damages national security, or violence that results in injury/loss of life and damage to operational resources.
Although the Navy has experienced a number of destructive and debilitating insider incidents over the years (the Walker-Whitworth espionage case of the 1980s, for example), the recent spate of information disclosures and workplace violence has compelled a more focused institutional examination of the threat. The tragic events at the Washington Navy Yard in September, the shooting at Fort Hood in 2009, the damage to USS Miami (SSN-755) in 2012, during a shipyard availability, and massive classified information disclosures by a National Security Agency contractor in 2013 and Army Pfc. Bradley Manning in 2010, all clearly fall within the definition. In each case, the actions of these perpetrators could likely have been prevented had their colleagues been alert and attentive to their behaviors and reported it.
Why is This Such a Big Threat?
With the most powerful military and the largest economy in the world, the United States is an attractive target not only to our adversaries, but to insiders who seek to harm us. Insiders are particularly pernicious because they have managed to gain our confidence and, with that trust, obtained access to systems, capabilities or people they would otherwise not be authorized to access. To cause damage, insider threats to cyber security may target specific sensitive information on programs or operations and reveal what they perceive to be an unjust policy or disclose intelligence.
And, as the recent high profile cases have demonstrated, systems administrators with privileged user accounts, the ubiquity of our information systems, our workforce's broad access to these systems, and the comparative ease with which data can be transferred all greatly compound this problem.
What Motivates Someone to Consider Acting in This Way?
A feeling of injustice, a loss of something valuable, the need to feel important, or an antithetical moral obsession could transform an otherwise trustworthy service member or employee into a disgruntled insider or potential target for an adversary to exploit. Equally threatening are those who may be stressed by circumstances beyond their control, and who may choose violence in retaliation for some perceived wrongdoing. Criminal behaviors that may manifest as a consequence of these motivations include espionage, unauthorized disclosure of sensitive information, sabotage against the United States, and workplace.
The Navy Insider Threat Program
To combat the Insider Threat, Secretary of the Navy Ray Mabus recently signed SECNAV Instruction 5510.37, implementing the Department of the Navy (DON) Insider Threat Program (InTP). According to the instruction, the DON shall:
- Ensure existing and emerging insider threat training and awareness programs are developed, updated and implemented.
- Enhance technical capabilities to monitor user activity on all systems in support of a continuous evaluation program.
- Leverage Antiterrorism/Force Protection (AT/FP), Counterintelligence (CI), Human Resources (HR), Information Assurance (IA), Law Enforcement (LE), Security and other authorities to improve existing insider threat detection and mitigation efforts.
- Detect, mitigate, and respond to insider threats through standardized processes and procedures.
- Ensure legal, civil and privacy rights are safeguarded.
- Promote awareness and use of employee assistance programs to enhance interventions for employees in need. This link provides additional information, resources and guidance available through the Navy Insider Threat Program: http://www.militaryonesource.mil.
In support of SECNAV’s policy and to elevate attention Navywide on this issue, the Chief of Naval Operations has organized a team to address the Insider Threat. CNO’s InTP team will focus on measures aimed at preventing future workplace violence as well as the intentional disclosure of classified information. In close coordination with stakeholders from across the Navy, this team will issue directives and recommend policy changes that reinforce the safety and security of both our people and our information. A core member of the team, OPNAV N2/N6 will focus on the cyber security aspects of Insider Threat.
Under this initiative, OPNAV N2/N6 recently established an Insider Threat to Cyber Security (ITCS) Office to lead the focus on the intelligence, counterintelligence, information assurance, anomaly detection, and continuous evaluation elements of Navy Insider Threat. The ITCS Office is charged with overseeing Insider Threat activities within these specific areas, and coordinating with related efforts across the antiterrorism/force protection, human resources, law enforcement, security and other mission areas within the operational Navy. The ITCS Office is also charged with improving information sharing on insider threat deterrence, detection and mitigation efforts.
Major elements of ITCS
To deter, detect, assess, exploit and deny the activities of insider threats operating against DON programs, information, and operations, while fostering a workforce environment in which employee issues are identified and addressed prior to the advent of inappropriate behavior.
To implement and execute the full scope of ITCS, consisting of policies and procedures; a governance structure, employee assistance activities, enhanced continuous evaluation, centralized user activity monitoring, and an analytic and response capability that provides a timely response to potential threat information derived from AT/FP, CI, IA, HR, LE, security, and other sources, as necessary.
We will effectively and efficiently develop and execute U.S. Navy ITCS. We will also align it with national, Department of Defense, SECNAV, and the larger U.S. Intelligence Community Insider Threat activities, while partnering to increase effectiveness and efficiencies.