The Dangers of the Insider Threat Program, Part 2
The Dangers of the Insider Threat Program, Part 2
Part 1 is here.
In October 2011, President Obama signed Executive Order 13587, ostensibly titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.” It created the Insider Threat Task Force, a “government-wide program for deterring, detection, and mitigating insider threats.” Obama expected this task force to take over all “development of policies, objectives, and priorities for establishing and integrating security, counterintelligence, user audits and monitoring, and other safeguarding capabilities and practices within agencies.” The stated purpose, in lay terms, was for this task force to be solely focused on finding security leaks and stopping them. The only problem was that the entire program was a complete and utter farce.
Not mentioned in EO 13587 was that there were already supposed controls in the intelligence community (IC), one of which was a standardized federal identification system for employees. In 2004, Homeland Security Presidential Directive 12, “Policy for a Common Identification Standard for Federal Employees and Contractors,” established a “mandatory, Government-wide standard for secure and reliable forms of identification” for anyone who was given clearance to access secure networks. The Personal Identity Verification Card, or PIV, was implemented as a result of this, and it allows for total keystroke logging, as well as tracking of all logged in activity. Even though the PIV was being used consistently, Manning was able to access systems he had no clearance for. Later, Edward Snowden was able to fill four laptops with classified documents that he smuggled out on a thumb drive. In other words, the program was already a complete failure—not because the technology was lacking, but because blatant warning signs were being ignored. Manning posted a video of the secure facility he was in to YouTube and sent emails to his superior with pictures of him dressed as a woman, and his psychological issues should have precluded him from ever receiving a clearance in the first place. Snowden’s leaks occurred in 2013, long after the ITP was implemented.
Under the Insider Threat Program, federal employees are given cursory training on ‘indicators’ that could mean a co-worker is leaking or about to leak classified information. The Defense Security Service (DSS), part of the Counterintelligence Directorate, published a tri-fold brochure outlining a few basic behaviors that anyone with a security clearance is taught to notice:
The below image is an admonition found at the bottom of the brochure, encouraging over-reporting of co-workers.
In addition to circulating the above brochure, individual agencies are tasked with educating their employees on insider threats. Most of these training classes involve using basic behavioral indicators—such as those listed above—to spot potential problems. The programs venture into fairly uncharted territory, however, with the use of behavioral ‘profiling’ techniques, used by the FBI’s Behavioral Analysis Unit and others, to identify co-workers who may be knowingly or unknowingly engaging in leaking classified information. While actual ‘behavioral profilers’ undergo years of training in law enforcement, psychology, sociology, and criminal justice, the ITP expects agencies to train their personnel to recognize behavioral markers in their co-workers, bosses, and subordinates in training classes that “will take only 90 minutes to complete,” claimed one proposal that Taylor and Landay studied.
One agency’s program included a section on “Exploring the Mind of a Spy.” In it, employees are told that “Spies are not ‘crazy,’ but they usually are emotionally disturbed or suffer from one or more personality disorders.” This phraseology distances the employee from their co-workers, and encourages them to view each other as potentially mentally disturbed. Naturally an employee would be more inclined to report someone who seemed “mentally disturbed” than someone who he/she is perhaps friends with or works with closely. The class materials also ensure to point out that the third “critical factor” in whether a “previously loyal and trustworthy employee” begins spying is that “friends, coworkers, and supervisor fail to recognize the signs of a serious problem [or] decide not to get involved.” This implants the idea in the employee’s head that he/she is at least partly responsible if a co-worker ends up being involved in some type of espionage or leak. The transfer of responsibility in this way, however subtle, is effective; employees now are actively looking at the people they work with every day, asking themselves “Is he mentally disturbed? Am I missing something?”
The proverbial icing on the cake is the mandatory reporting requirement. Not only are employees expected to spy on their co-workers, but they can be penalized for failing to turn each other in—or even for failing to turn in someone who they think knows something about a third party. This means that if Employee A has no evidence that Employee B is a security threat but thinks that Employee C might know something, then both Employee B and C must be turned in or Employee A faces severe penalties, up to and including loss of security clearance and termination or even criminal charges of espionage themselves. Ilana Greenstein, a former CIA case officer who was herself falsely accused of being a security threat, explained the cumulative effects of this type of culture. “The real danger is that you get a bland common denominator working in the government…You don’t get people who look at things in a different way and who are willing to stand up for things. What you get are people who toe the party line, and that’s really dangerous for national security.”
Perhaps even more disturbing than the reporting requirements is the inclusion of departments and agencies that have nothing to do with intelligence or classified information at all. The Department of Education, for instance, is expected to comply with the ITP requirements, even though it is far removed from classified information or national security. The above mentioned training materials came from the United States Department of Agriculture (USDA), whose employees are also not privy to this type of information. Even the Peace Corps is not immune, and has responded to the mandate by stating they were “working in coordination with the National Insider Threat Task Force to ensure the security of classified networks and the responsible sharing and safeguarding of classified information.” The obvious question is: why do these types of agencies and departments need cursory training on how to spy on their co-workers if they do not have access to classified information?
Tomorrow in Part 3, we’ll take a look at reporting criteria, and how to spy on the guy in the desk next to you; if you don’t, as a federal employee you could be brought up on charges yourself.
 “Executive Order 13587 — Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information,” The White House, October 11, 2011, Section 2.1, http://www.whitehouse.gov/the-press-office/2011/10/07/executive-order-structural-reforms-improve-security-classified-networks-.
 “Homeland Security,” Presidential Directive 12, August 27, 2004, http://www.dhs.gov/homeland-security-presidential-directive-12.
 “Homeland Security Presidential Directive 12.” IDManagement.gov. Accessed July 22, 2013. http://www.idmanagement.gov/homeland-security-presidential-directive-12.
 Defense Security Services. Insider Threats. US Government. Accessed July 22, 2013. http://www.dss.mil/documents/ci/Insider-Threats.pdf.
 Taylor and Landay.
 “Exploring the Mind of the Spy.” USDA.gov. Accessed July 23, 2013. http://www.dm.usda.gov/ocpm/Security Guide/Treason/Mind.htm.
 Taylor and Landay.
 Marisa Taylor, “Questions and Answers from the Government on the ‘insider Threat Program'” McClatchy, accessed July 23, 2013, http://www.mcclatchydc.com/2013/06/20/194535/questions-and-answers-from-the.html.