The Defense Security Service (DSS) is serious about the need for all National Industrial Security Programs (NISP) operating under the aegis of the Operating Manual (NISPOM) bring their insider threat programs up to a consistently high level. To that end, DSS has been issuing a series of Job Aids via the Center for the Development of Security Excellence (CDSE). As we previously noted in our piece on the three items each Facility Security Officer (FSO) needs to focus, the creation of the insider threat program requires policy, organization and awareness. We called out the need to take advantage of the offerings from the DSS and others.
While the insider threat focus of DSS is heavily centered on espionage, their focus is on any event or turn of events which could put the national security of the United States at risk, and to detect those employees who pose a risk to classified information systems and information.
Don’t Have an Insider Threat Program?
Still don’t have an insider threat program started? DSS anticipated many needing help and created a template for your insider threat program: Insider Threat Program Plan
The template is truly a fill-in-the blank template, with an admonishment at the end that the plan is a sample only and should be tailored to your facility. Some elements of the plan require an explanation as to how actions will be accomplished.
The DSS CDSE also provides a plethora of case studies, specific to the insider threat.
four Insider Threat Case Studies
An NCIS Special Agent who committed espionage for commercial gain;
- Meet John Beliveau – between 2008-2013 he provided NCIS investigative reports to the subject of an NCIS investigation;
- He leaked the names of witnesses, their interviews and investigative plans of the NCIS;
- Paid $30,000 in cash, lavish trips, dinners, services of prostitutes for classified information;
- His information assisted the private entity in their pursuit of millions of dollars of Navy Contracts; and
- Plead guilty – sentenced to 12 years in federal prison and ordered to pay $20 million in restitution.
A cleared defense contractor who hid foreign contacts and shared sensitive DoD documents and hardware drawings to India;
- Meet Hannah Robert – between 2010-1012 she operated three companies. Two in the US and one in India. She provided export-controlled materials to an individual in India;
- She compromised: Torpedo systems; military attack helicopters; and F-15 aircraft;
- She uploaded controlled materials to a password controlled web page on her church’s website (she was a volunteer system admin). She created an electronic dead-drop.
- She conspired to provide the same and more to other countries; and
- Plead guilty – sentenced to 57 months in federal prison.
A civilian employee of the Coast Guard who became an active shooter;
- Meet James Michael Wells – a civilian employee at the Coast Guard Communications Station Kodiak, Alaska. On 12 April 2012, Wells entered the communications rigger shot and killed two co-workers;
- Post event analysis showed that Wells had projected signals of an Active Shooter/Anti-Social Behavior; and
- Found guilty – Sentenced to four consecutive life sentences at a federal super-max prison and ordered to pay restitution of nearly $1.5 million.
- Meet Kun Shan Chun – who worked for the FBI from 1997-2016. Chun provided sensitive FBI information and provided it to a Chinese government official.
- Chun was recruited in the classical manner. Over a prolonged period of time he met with a number of Chinese nationals and one government official from whom he responded to direction and tasking; and
- Plead guilty – Sentenced 20 January 2017 to 24 months in a Federal Prison.
These case studies and more are available for individual FSO’s to use and share with their personnel, simply by accessing the DSS CDSE website (link provided above).
Here we see, classic espionage, violation of export control, active shooter and fraud and greed. All of which fall under the rubric of the insider threat. Keeping our eye on the insider threat, requires us to understand the many threat vectors associated with insider threat.