News | July 1, 2016

Teams safeguard employees against insider threats

By Dianne Ryder

The Defense Logistics Agency will be the first of 43 Department of Defense components to have a fully operational insider-threat program, achieving this goal well ahead of the Dec. 31 deadline, the co-director of the National Insider Threat Task Force told DLA’s director and chief of staff on June 20.

The policy, signed in May 2015, “is more of a collaborative effort for security and other components within our organization to identify someone whose behavior might harm the agency through access to information systems, or physical access,” said DLA Intelligence’s insider-threat program manager, Jimmy Dyer.

Trusted insiders can do crippling harm to an organization, as shown by events such as the 2010 WikiLeaks scandal and mass shootings in which the perpetrator had physical access to military installations. These threats are not new, but they have increased the need for sustainable insider-threat programs.

“This policy and our program are geared toward those people who have inherent access to DLA, across the enterprise,” Dyer said.

The program’s primary goals are to protect employee privacy and civil liberties and promote transparency and trust, he said.

In 2011, President Obama released Executive Order 13587, which created the requirement for DoD entities to have an insider-threat program.

“As a result of that, the NITTF was created to make sure that everyone who is subject to that policy was in compliance with the minimum standards,” Dyer said.

The executive order also established 26 minimum standards agencies can use to help detect, deter and mitigate an insider threat.

“Since 2011, DLA has been working toward establishing that program here at DLA,” Dyer said, noting that the delay was due to a need to clarify details of the program and its funding for defense officials.

In 2014, DLA chief of staff Renee Roman, Ph.D., established a charter for an insider-threat working group, Dyer said.

“Dr. Roman’s responsibility was to bring in all the stakeholders and determine exactly how each DLA directorate would support the insider-threat program,” he said.

Since May 2015, the group has been operating under a directive memorandum until the DLA instruction is complete.

“We’ve been waiting until the assessment was completed so that we could address any of the resulting recommendations, to make sure we weren’t rewriting the policy,” Dyer said.

The group has also instituted standard operating procedures for how the agency would coordinate a response to potential risk indicators.

There are 139 indicators, including previous commission of a crime or an act of workplace violence.

“Each and every one of [the indicators] is geared toward identifying the behaviors that would alert leadership to an individual who is a potential risk to the agency,” Dyer said.

A person isn’t necessarily a threat if he or she has experienced a number of stressors or had an isolated outburst, Dyer said.

“It’s all about aggregating information,” he said. “Sometimes life events cause us to do things that we wouldn’t ordinarily do.”

Employee access to information system privileges or security clearances might also serve as indicators.

“That’s going to elevate the threat, because now that employee has access to national security information,” Dyer said.

Looking at these factors together allows the team to better protect agency employees, he said.

There are two DLA groups that track potential insider threats; one is an insider threat working group that meets quarterly to establish policy and engage senior leaders.

The other is a smaller group — the insider threat program incident response group, which comprises record holders from each DLA component.

“In essence, we’re a triage unit — we bring together the capability to look at it from this multi-faceted team perspective,” Dyer said.

Though an elevated threat level does not currently exist, Dyer said recent global events compel the group to reinforce information they disseminate to the workforce.

“It’s imperative that we increase how often we say, ‘If you see something, say something’,” Dyer said. “But unless we really communicate the benefits of that statement, it’s not going to have the same impact.”

Dyer said he’s impressed with leadership support and collaboration among all DLA components.

“When you have a group of professionals that are engaged and have a single focus of meeting their requirements and establishing a viable program — you just can’t beat that,” he said