The Dangers of the Insider Threat Program, Part 3

The Dangers of the Insider Threat Program, Part 3

[Note: This series explores the ramifications of the new Insider Threat Program, an initiative ordered by President Barack Obama to identify and stop future leaks and security violations within the federal government, and specifically the intelligence community.  Mandated in 2011, the program demands that federal employees report overtly suspicious behavior by co-workers, such as frequent travel overseas or unreported foreign contacts, but it also requires employees to ‘profile’ their co-workers with behavior analysis techniques they are relatively untrained in.  The Insider Threat Program does not help prevent leaks; in fact, it diminishes esprit d ’corps, encourages ‘witch hunts,’ and ultimately results in the exact type of decreased loyalty that can lead to susceptibility to foreign services and anti-government groups.  This series is an adapted form of a thesis that Kit wrote for her Counterintelligence degree.]

Part 1 is here.  Part 2 is here.

The Insider Threat Program offers standard behavioral patterns that can often indicate a security leak.  Those given access to classified information are taught these, and expected to report blatant problematic conduct or suspected actual breaches.  ITP also, however, offers much more fluid and even inconsistent criteria as well.  Taylor and Landay write that the program “gives agencies such wide latitude in crafting their responses to insider threats that someone deemed a risk in one agency could be characterized as harmless in another.”[1]  The lack of consistency leads to unclear standards and confusion for employees—especially those who may transfer to another agency or department.  Even though so-called minimum standards have been established by the President, he also directly instructed agencies to look for individuals who may be involved in potential espionage.  The intentionally vague directions result in what Taylor and Landay call a “hodgepodge of interpretation,” and directly lead to witch hunts, where innocent people are investigated for innocent actions that were misinterpreted and reported by overzealous or even vindictive co-workers.  Richard J. Evans writes that the Gestapo of Nazi Germany was used in much the same way.[2]  Canadian historian Robert Gellately also notes that the end result of the Gestapo’s tactics was “the creation of widespread fear and the belief that the state was all-seeing, an attribute fictionalized by George Orwell” many years before the ITP was ever conceived.[3]

Some of the most baffling criteria for ITP reporting come in the behavioral profiling section of the training.  The Department of Education’s (DOE) training materials state that someone “going through certain life experiences…might turn a trusted user into an insider threat.”[4]  While this is actually a true statement, the DOE actually claims that “stress, divorce, financial problems, or frustration” are enough to take a normally stable, loyal employee and turn him into someone who would leak classified information.  Coupled with the USDA’s admonition that spies are “mentally disturbed,” the simple mathematical equation becomes more sinister: Getting a divorce can make someone mentally disturbed, and therefore should be reported.  A senior Pentagon official mentioned in the McClatchy Report’s article stated that “The argument can be made that the rape of military personnel represents an insider threat.  Nobody has a model of what this insider threat stuff is supposed to look like.”[5]

While there are minimum standards for behavioral analysis within the Insider Threat Program, individual agencies are encouraged to establish their own thresholds and parameters—and they have, even though it is well-known that there are no real established profiles that actually point to a concrete definition of what a security threat would act like.  The reason that profiling works in law enforcement is because serial offenders typically engage in behaviors that are “standard.”  A serial killer who only targets brunettes of a specific age and height, for instance, will lead a criminal profiler to look for the brunette in the killer’s life who fit that description.  With insider threats, profiling is not that simple; behaviors that are being listed as “suspicious” are so commonplace that nearly anyone who goes through the typical events found in a person’s lifetime could be reported as a threat.  What makes ITP dangerous is that it offers the ability to add indicators at the will of each agency—and establishing those indicators is done by managers after only a 90 minute class.  One FBI insider threat guide lists “a desire to help the underdog” as suspicious.  A report by Deloitte included “Gen Y” employees who were “raised on the internet” and are “highly involved in social networking” in their list of suspicious behaviors.[6]  This description matches nearly anyone raised in the computer age.

Criticisms of the Program

Officials are hesitant to speak out publicly against the program for fear of being caught up in its ever-reaching investigative web.  Speaking on condition of anonymity, however, their criticism is direct and caustic, even calling it “something like The Stepford Wives,” referring to a film about robot housewives.[7]  Former analyst Greenstein said she was specifically told that “If [a co-worker] was having a bad day, the message was to watch out for them.”[8]  For once both left and right political bloggers and pundits are agreeing on an issue, as articles and opinion pieces have sprung up all over the internet drawing parallels between Obama and the beginning rise of Hitler in 1932 Germany.  Others are calling ITP the “Stasi” program, referring to the East German intelligence agency/secret police that was responsible for literally infiltrating the entire populace and reporting dissidents to the government for punishment.  Those who speak out against the program, in or out of the government, do so both anonymously and at their own peril.

Another top criticism of the ITP program is its use of profiling techniques that are unproven in this arena.  In 2002, Peter Reiher of the University of California-Los Angeles Laboratory for Advanced Systems Research, performed a study as to whether it was possible to distinguish the computer use and file access patterns of a regular secure systems user from someone who was engaging in suspicious activity.  His study claimed to find unequivocal evidence that it was in fact possible to tell the difference, and called for further research on how to implement controls that would analyze user computer behavior for suspicious acts.[9]  Conversely, however, a 2008 National Research Council report on terrorism detection for the Transportation Safety Administration (TSA) concluded that “There is no consensus in the relevant scientific community nor on the committee regarding whether any behavioral surveillance or psychological behavioral monitoring techniques are ready for use at all.”[10]  Carnegie Mellon statistics professor Stephen Fienberg—one of the experts who helped write the National Research Council Report—wrote that “Doing something similar [as behavioral profiling] about predicting future leakers seem even more speculative.”[11]

Also of concern to observers is the paradox of forced reporting with the potential for incentives being paid to those who do report the results of their ‘profiling’.  Kel McClanahan, a Washington attorney who specializes in national security law, drew attention to the potential for creating what amounts to a hostile work environment, and wrote that “the only thing they haven’t done is reward [turning in co-workers].”[12]  He points to what he sees as the future of the ITP: literally paying incentives for those who report, even perhaps offering greater incentives for those who report more.  Experts see a high potential for abuse, as the program could be used as revenge against a strict boss, a disliked co-worker, or even an ex-lover from the workplace.

Pre-9/11 Case Studies

The government has been historically notorious for somehow missing blatant signs that employees were either leaking information to the press or engaged in active espionage.  Aldrich Ames, one of the most well-known and successful Soviet spies in American history, was often seen showing up to work drunk, failed polygraph examinations, and even suddenly became very wealthy.  These indicators are blatant evidence of a need for investigation; however, Ames was able to steal secrets for quite some time—and a government assessment of the affair showed that his superiors promoted him to even greater access even in light of his poor conduct.[13]  Jonathan Pollard, a Navy intelligence analyst who was convicted of spying for Israel, also failed polygraph tests, lied to his superiors, and was only caught because someone saw him physically leaving a top secret area with classified materials.[14]  Fort Hood shooter Major Nidal Hasan was known to be a radicalized Muslim, and military personnel were monitoring his correspondence with mullahs who were directly involved with terrorism.  Somehow they never removed Hasan from duty or investigated him further—even though several statements were made by co-workers in the months leading up to the Fort Hood shooting that expressed severe concern for his stability and increased potential for violence.  In all of these and other cases, the employee engaging in espionage or dangerous activity had several glaringly obvious red flags that should have been apparent to supervisors; a basic level of situational awareness should have been more than enough to notice the indicators.

Perhaps the most disturbing case illustrates the other side of the coin—the potential for innocent people to be unfairly and even illegally targeted in the counterintelligence investigations that can result from false or incorrect reporting.  In 1999, Petty Officer Daniel King was a Naval Cryptologist Technician (Collection) First Class (CTR1), stationed at Guam and about to be transferred back to the US mainland.[15]  King had been in the Navy for over 16 years, and by all accounts was a model analyst.  In accordance with protocol, CTR1 King was administered a routine polygraph test before his return to CONUS.  When the test was deemed inconclusive based on King’s answer to one question, the Naval Criminal Investigative Service (NCIS) began a nearly two-year investigation that denied King his right to an attorney, confined him for 520 days without filing charges, and subjected him to what are now called enhanced interrogation techniques—prohibited for use against detainees and terrorists, resulting in King being suicidal and unable to determine fiction from reality.[16]  A judge finally threw out the case and released King, but not before delivering a stinging rebuke to the NCIS and associated parties involved in the investigation.

Cases like King’s show a disturbing possibility for abuse in counterintelligence investigations.   In order for it to be effective, it must be fair, impartial, and more concerned with facts than politics.  It must seek truth, and not a “trophy.”

Tomorrow in the conclusion of this series, we’ll look at domestic extensions of ITP, including programs like PRISM, and how Obama’s program actually creates an environment primed for security leaks instead of preventing them.



[1] Taylor and Landay.

[2] Richard J. Evans, The Third Reich in Power (New York: Penguin Books, 2006).

[3] Robert Gellately, Backing Hitler: Consent and Coercion in Nazi Germany (Oxford: Oxford University Press, 2001).

[4] Taylor and Landay.

[5] Ibid.

[6] “Mitigating the Insider Threat – Deloitte,” McClatchy, accessed July 25, 2013, http://www.mcclatchydc.com/2013/07/09/196190/mitigating-the-insider-threat.html.

[7] Ibid.

[8] Ibid.

[9] Peter Reiher, “File Profiling for Insider Threats,” DTIC.mil, February 2002, http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA405498.

[10] Stephen Lord, “U.S. GAO – Aviation Security: Efforts to Validate TSA’s Passenger Screening Behavior Detection Program Underway, but Opportunities Exist to Strengthen Validation and Address Operational Challenges,” U.S. GAO, 2010, http://www.gao.gov/products/GAO-10-763.

[11] Landay, Jonathan. “Experts: Obama’s Plan to Predict Future Leakers Unproven, Unlikely to Work.” McClatchy. July 9, 2013. http://www.mcclatchydc.com/2013/07/09/196211/linchpin-for-obamas-plan-to-predict.html.

[12] Taylor and Landay.

[13] An Assessment of the Aldrich H. Ames Espionage Case and Its Implications for U.S. Intelligence: Report Prepared by the Staff of the Select Committee on Intelligence, United States Senate [84-046] (Washington: U. S. Government Printing Office, 1994), 4.

[14] NOVA Online | Secrets, Lies, and Atomic Spies | Jonathan Jay Pollard”. Pbs.org. November 18, 1985.

[15] Lt. Robrt A. Bailey, “Congressional Hearing on the Daniel King Case: Prepared Statement of Lt. Robert A. Bailey,” FAS.org, accessed May 08, 2012, http://www.fas.org/irp/ops/ci/king/ssci_bailey.html.

[16] Lt. Robert A. Bailey, “Congressional Hearing on the Daniel King Case: Prepared Statement of Lt. Robert A. Bailey,” FAS.org, accessed May 08, 2012, http://www.fas.org/irp/ops/ci/king/ssci_bailey.html.

Written by

2 Comments
  • ALman says:

    1) Was your thesis approved?

    2) “For once both left and right political bloggers and pundits are agreeing on an issue, as articles and opinion pieces have sprung up all over the internet drawing parallels between Obama and the beginning rise of Hitler in 1932 Germany.”

    We remember that the rise took place in stages. First a freedom surrendered with a promise of a better tomorrow. Then, another, and another, and another until one day when it became “do it or off to the concentration camp with you!”

    3) I’ve maintained for a long time that there is too much power in the presidency. True, there needs to be a structure that allows for the president to make immediate decisions as the situation call for. However, there are on-going issues that I think ought to be decided in a different manner. I think the ITP is one of them.

    • Kit says:

      It was, and I received a 100% grade on it. 🙂

      As for your other points, I think it’s absolutely important to show those historical parallels because they’re so dead-on. Santayana was right, and we are simply repeating horrible mistakes that will lead to absolute destruction of the United States as we know it. In truth, they already have.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe
Become a Victory Girl!

Are you interested in writing for Victory Girls? If you’d like to blog about politics and current events from a conservative POV, send us a writing sample here.
Ava Gardner
gisonboat
rovin_readhead