Joint Base Anacostia-Bolling, Sept. 24, 2020 —
The National Counterintelligence and Security Center’s National Insider Threat Task Force recognized the Defense Intelligence Agency’s Insider Threat Program for achieving full operating capability during a small ceremony at DIA Headquarters last week. DIA is the first of the Intelligence Community agencies to achieve this milestone.
“You have a critical element woven into the Agency that’s going to make DIA safer, that is the Insider Threat Program,” said Patti Larsen, executive director for the NCSC. “And it will be woven into the fabric of DIA long after we’re gone, it will make more than just the Agency safer, it will impact the IC and the Nation.”
For decades, many agencies prioritized external threats. But, throughout the past 10-15 years, there’s become an increased focus on threats posed by the trusted insider. In 2011, the president signed Executive Order 13587 establishing a NITTF under the joint leadership of the U.S. attorney general and the director of national intelligence. The president subsequently issued a memorandum that identified National Insider Threat Policy and the Minimum Standards after extensive interagency coordination.
In 2015, DIA’s Insider Threat Program reached an initial operating capability, the minimum baseline for a program as defined in the Presidential Memorandum. IOC includes governance, background checks, training, user activity monitoring, data management and program assessments.
A year later, DIA’s senior leadership created a designated insider threat hub that included the assignment of deputies from the Office of Counterintelligence, Chief Information Office and Office of Security.
“This decision resulted in a true hub and drove increased communication and coordination among the major stakeholders,” said Jeanette Courtney, DIA SEC director. She added that moving to a hub afforded a more integrated approach with the Office of Human Resources, Office of Inspector General, Equal Opportunity and Diversity Office, Office of Oversight and Compliance and Office of General Counsel.
To achieve FOC, an insider threat program must fully implement 26 minimum standards. Courtney explained that in the transition from IOC to FOC, the deployment of user activity monitoring on all classified DIA-managed networks was the biggest hurdle.
“We have had JWICS and SIPRnet covered since before 2015, but the classified networks housing special access programs and international enclaves DIA manages proved challenging,” she said.
However, the hub overcame UAM obstacles through resiliency, determination and a strong partnership with CIO.
Regarding the Insider Threat Program mission, Larsen explained that deterrence is critical in securing the country and workplace. She said that through an FOC program, insider threat employees are able to reach people before there are acts of harm to oneself or others, particularly in the workplace.
NITTF Director Charlie Margiotta added that since more people are working from home, in an unsecure environment, dealing with stressors of work blending with home life and responsibilities, it becomes ever-more important to have an insider threat task force.
Going forward, SEC and NITTF have agreed to work together to help other IC agencies achieve FOC and advance the DIA Insider Threat Program beyond the minimum standards and into the Insider Threat Program Maturity Framework.
“With all the things going on right now with COVID, it’s important to celebrate the good things,” Margiotta said. “And this is a great thing.”