An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | July 17, 2014

Panel Discusses Insider Threat

By Chief Information Office

Today’s world is more interconnected than ever before. Yet, for all its advantages, increased connectivity brings increased risk of theft, fraud and abuse. As we become more reliant on technology, we also become more vulnerable to cyber attacks such as insider threats, spear phishing and security breaches. Industry and government are working together to combat these threats, and on June 18, DIA’s Chief Information Officer Grant Schneider participated in a panel discussion on insider threat hosted by MeriTalk at the Newseum.


The panel was moderated by Lee Worthman, NetApp chief technology officer for federal civilian agencies, and Schneider joined other guest panel members Michael Buckley, chief of the Operations Analysis Group, Counterintelligence at the Defense Security Service; and Philip Quade, chief operating officer, Information Assurance Directorate, National Security Agency.


The panel discussed changes in agency cyber monitoring and reporting approaches as a result of the most recent high profile insider threat cases involving Pvt. Bradley Manning and Edward Snowden. All agreed that insider threat is a top challenge, and the debate over “need to know” versus “need to share” is a difficult issue that the intelligence, Department of Defense and civilian sector circles are all trying to tackle. This debate is compounded by the director of national intelligence’s push to move the intelligence community toward integrating its information technology systems.


According to Schneider, “Securing our data is a prerequisite for sharing our data. If we can’t assure other agencies that we will secure their data, whether from insider threat or other, we will never get access to their data.”   


The panel members agreed that combating these threats requires a risk management approach to everything from security clearance vetting to implementing new tools and controls. Policy often can’t keep up with technology and can potentially hinder success if not implemented or updated. According to Buckley, we have to implement more than perimeter security, “We must get human resource and physical security personnel involved in helping to look for indicators of insider threat risk.”