DOD implementing a system to monitor insider threats
- By Kevin McCaney
- May 27, 2016
The Defense Department, concerned about the potential damage from insider threats, is planning to build a database to monitor, analyze and identify employee practices that could be putting the department at risk, whether intentionally or accidentally.
DOD’s officially titled Insider Threat Management and Analysis Center and DoD Component Insider Threat Records System, is in keeping with a 2011 executive order requiring all federal agencies—defense and civilian—to establish insider threat programs.
The system will monitor users for indications of insider threats to “enable the identification of systemic insider threat issues and challenges,” and find ways to mitigate them, according to a DOD announcement.
The executive order to establish insider threat programs came on the heels of high-profile leaks by Chelsea Manning and Edward Snowden, although a survey last year of DOD IT pros showed that their biggest concern was hacks caused inadvertently by users. Many high-profile hacks have been initiated by a user clicking on a malicious link in a phishing email, leading DOD late last year to impose a policy of disabling HTML links in emails that come from outside the .mil domain.
Similar to insider threat programs being implemented by other agencies, such as the Homeland Security Department, the system will apply to anyone with access to DOD systems and keep track not only of official systems but social media use and other private exchanges made on the job.
Kevin McCaney is a former editor of Defense Systems and GCN.