Insider Threats in the Private Sector

Posted on Posted in Reports - CI, Uncategorized

In 2010, I was under contract with the federal government to write the Insider Threat Concept of Operations along with another retired counterintelligence special agent. We had been chosen precisely because of our experience as badged and credentialed former CI Agents. As a result of the Manning case, not Snowden as suggested in the following article, we were already working on federal policy and minimum standards which would be applied to classified information whether held by the government or private sector contractors. Executive Order 13587 and the Insider Threat National Policy and Minimum Standards were both, in part, born of the Insider Threat Concept of Operations. In fact, I myself, was one of the authors and contributors to both. We anticipated the need to modify the NISPOM to implement the policy and standards in the private sector and engaged immediately with the Defense Security Service to do just that.

While the article has a few inaccuracies like the ones mentioned above, the remainder is worth reading if you are curious about the relationship between the federal government and private sector when it comes detecting and responding to insider threats to national security information. My colleague, John Fitzpatrick, does an excellent job of putting this into perspective later in the article.

 

When document archive wikileaks started posting secret and classified information about the U.S. government’s role in the Iraq and Afghanistan wars in 2010, the federal government scrambled to address the security of classified information. President Barack Obama passed an executive order that called for the establishment of minimum standards for executive branch insider threat programs in 2012. But the guidance failed to address the private sector. This was made painfully clear when defense contractor Edward Snowden leaked thousands of classified documents.The U.S. federal government is now poised to make changes to the 2012 National Insider Threat Policy, which requires government agencies handling classified information to develop an insider threat program. And with 90 percent of the nation’s classified information originating within the industrial environment, government defense contractors by extension must adhere to the policy. That’s where the National Industrial Security Program (NISP) enters the picture, explains John Fitzpatrick, the director of the Information Security Oversight Office (ISOO).

Source: Insider Threats in the Private Sector
SSA Davis2
Doc