Obama Issues Memo to Toughen Insider Defense

Response to Unauthorized Release of Sensitive Government Data
Obama Issues Memo to Toughen Insider Defense

Prompted by the WikiLeaks breach, President Obama on the eve of Thanksgiving issued a memorandum directing federal agencies to implement minimum standards to protect vast amounts of classified data on government computers, networks and systems from insiders.

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

"The resulting insider threat capabilities will strengthen the protection of classified information across the executive branch and reinforce our defenses against both adversaries and insiders who misuse their access and endanger our national security," Obama says in the memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, issued Nov. 21.

According to the memorandum, the minimum standards provide departments and agencies with the basic elements necessary to establish effective insider threat programs.

The task force, co-chaired by Director of National Intelligence James Clapper and Attorney General Eric Holder, has created processes and standards to help agencies to implement insider threat detection and prevention programs by enhancing their ability to gather, integrate and centrally analyze and respond to key threat-related information.

The task force, whose members include employees and contractors from a number of federal agencies, will assist agencies to better educate and train personnel to recognize the insider threat without creating an atmosphere of distrust, White House spokeswoman Caitlin Hayden says.

One Approach to Thwart the Insider Threat

Here's an example provided by the White House of an approach agencies could take to thwart the insider threat:

An agency employs monitoring technologies to identify inappropriate employee activity on a classified network that produces a "red flag." That would lead to further analysis of the employee's behavior and the discovery of additional flags. Analyzing those anomalies with information available from an agency's internal files, records and data sets might reveal a behavior pattern of serious concern.

"There is no fool-proof method or program to stop the insider threat, but one way to increase the chance of catching a malicious employee is to examine relevant information regarding suspicious or anomalous behavior of those whose jobs cause them to access classified information," Hayden says.

In developing the policies standards, the task force had drawn on experts from across the government in areas of security, counterintelligence and information assurance.

After the programs are implemented in each agency, the task force could be directed to evaluate the adequacy of insider threat programs within individual departments and agencies, Hayden says. Through its interaction with individual agencies, she says, the task force will identify and circulate best practices for detecting and deterring emerging threats and continue to assist agencies in troubleshooting issues.

In 2010, without authorization, Army Private Bradley Manning retrieved from government computer systems a quarter-million sensitive and classified diplomatic cables, turning them over to WikiLeads, a self-describe disseminator of secret information, which made them public. Ten months later, in October 2011, Obama issued an executive order establishing an Insider Threat Task Force to develop procedures and policies to head off such breaches [see Obama Establishes Insider Threat Task Force].

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.