An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Sept. 6, 2016

Partners in Protection: The insider threat, you are the first line of defense

By Russell K. Pitts, Installation Antiterrorism Officer DLA Installation Support at RIchmond

When evaluating the security of your workplace and while considering the current threat environment, we must ask ourselves difficult questions in assessing where our vulnerabilities may lie.  For example, who would you think is a greater threat…the trained, international, state-sponsored intelligence officer or an employee holding a position of public trust with access to the agency’s sensitive information?  While you can make an argument for either answer, case studies demonstrate that employees or “insiders” have historically caused more damage to national security.  The insider threat can potentially cause more damage to national security, reduce American’s ability to compete economically and put American lives in harm’s way.

What is an insider threat?

Defense Security Service defines an insider threat as an insider, who through acts of commission or omission, intentionally or unintentionally compromises or potentially compromises DoD’s ability to accomplish its mission.         

Why is there an insider threat?

Insider threats occur for many reasons, which can be divided into several categories.  The first category of such threats is the allure of personal or financial gain.  An employee may be willing to sell sensitive data or personally identifiable information for profit.  The next category of insider threats is employees with an exaggerated desire for adventure or excitement.  In such cases, employees feel they can beat the odds and not get caught during their subversive undertakings.  Another category of insider threats is disgruntled employees.  Such employees desire to "get back" at the agency before they leave or quit.  These type employees could, for example, install malicious software on organization's computer systems that could lead to problems ranging from small annoyances to complete system crashes.

How do you identify an insider threat?

Here are some of the potential indicators of insider threat behavior, as identified by DSS, you may be able to identify if you are paying attention: 
·  Excesses overseas travel and/or contact with foreign nationals
·  Engaging in classified conversations or trying try to read sensitive reports without the “need to know”
·  Repeated security violations
·  Attempts to secretly remove classified or sensitive information from the workplace
·  Attempts or expressed threats to bring weapons to the workplace
·  Working hours that are inconsistent with job assignments 
·  Unexplained use of backpacks/briefcases entering and departing the workplace
·  Exploitable behavior traits or activities that could expose the employee to blackmail

While a single indicator may not indicate a specific behavior is illegal or dangerous, the presence of multiple indicators could indicate serious problems.  Studies have indicated people who spy usually display one or more of the above indicators.

Reportable Behaviors…

The DSS list below is a sample of behaviors you should be aware of in your daily interactions with others:

Information Collection

Keeping classified materials in unauthorized locations
· Attempting to access sensitive information without authorization
· Obtaining access to sensitive information inconsistent with present duty requirements

Information Transmittal

Using an unclassified medium to transmit classified materials
· Discussing classified materials on a non-secure telephone
· Removing classification markings from documents

Additional Suspicious Behavior

Repeated or un-required work outside of normal duty hours
· Sudden reversal of financial situation or sudden repayment of large debts or loans
· Attempting to conceal foreign travel

What can I do?

Security is everyone’s responsibility.  Practice good operational security (OPSEC) and security practices.  Stay current with your security training and apply what you have learn.  No one knows your work environment better that you!  Help protect our national security and warfighters against insider threats by reporting any potential violation to your supervisor, security professionals or through the DLA iWatch program.  You can find more information by taking your required security training via the agency’s Learning Management System or by visiting DSS at

(Editor's note:  Partners in Protection is a DLA communication plan that educates employees on local threats and hazards as well as the actions to take when something happens. The plan strives to increase employee knowledge and use of security awareness and emergency response training to help support the resiliency of our workforce.)