FBI and Intel Community Release Framework to Thwart Insider Threats

Among 19 elements is the creation of a new career path for federal employees.

The multi-agency push to prevent illegal disclosures from the next Edward Snowden acquired some practical tools with the release on Nov. 1 of the “Program Maturity Framework” compiled by the National Insider Threat Task Force.

The 19 “maturity elements” outline steps for senior management and line employees to implement in such areas as training, legal protections and career development. They are aimed at fulfilling the minimum standards of President Obama’s 2011 executive order 13587, which aimed to improve the security of classified information.

“The insider threat is a dynamic problem set, requiring resilient and adaptable programs to address an evolving threat landscape, advances in technology, and organizational change,” wrote task force co-chairmen Thomas Hix of the FBI and Wayne Belk of the Office of the Director of National Intelligence. “The effort requires continual evaluation and updated perspectives and approaches.”

The framework was released during the task force’s semiannual Insider Threat Community Forum held at FBI headquarters in Washington, D.C. They modify a framework first released in November 2012 and updated last year.

Examples of its elements include the notion that a “properly trained workforce is the first line of defense in countering the insider threat. The workforce can act as a human sensor, alerting [program] personnel to anomalous activity long before it may be detected by other means,” one element notes.

Agencies “can also strengthen their effectiveness in countering the insider threat by including the entire workforce, not only cleared employees, in insider threat awareness and prevention training.” The goal is to “build a culture of insider threat awareness and responsibility for reporting potential insider threats through communications campaigns” that “dispel myths” about what the program actually is.

“Insider Threat awareness training media and messaging can incorporate anonymized, realistic stories to illustrate that reporting could lead to troubled individuals getting the assistance they need, as well as alert [agencies] to take action to address significant organizational vulnerabilities,” the framework said.

It’s also important to identify career paths and training programs to develop and promote expertise about insider threats. Among the skills needed are those in behavioral sciences and analytic methodologies, data analytics, security, privacy and civil liberties, and counter-intelligence.

Top leaders must ensure “visibility” into agency decision-making, regulatory developments, and advances in technology infrastructure, the framework noted. That includes regularly reviewing agreements with an agency’s Office of General Counsel, investigative arms, network service providers and others for compliance with laws and regulations, including those ensuring whistleblower protection.

Managers should also establish metrics to determine progress in achieving program objectives and identify areas that need improvement, the framework said.