The Insider Threat Training Requirement is Here – Are You Ready?

Cybersecurity buildings

No longer will employees be able to jump to work upon receipt of the notification of their security clearance issuance. NISPOM Change 2 changes all this. The deadline for implementation of the mandated insider threat programs is upon us. Those who have kicked the can down the road and deferred putting together the mandated insider threat program will find themselves running as May 31, 2017 arrives and their Defense Security Service (DSS) or Cognizant Security Authority’s representative asks to review the insider threat program.

To be clear, every cleared contractor facility must have in place a the requisite NISPOM training program. Every new employee must be trained to this standard prior to allowing the employee access to classified materials.

Why an insider threat program?

Let there be no doubt, foreign intelligence services (FIS) both friendly and hostile have interest in your classified work, the classified work of the company and the classified work of the U.S. Government client. We do not have the luxury of insight into determining whether or not our entity is being targeted by a foreign government’s industry, state-owned enterprises, national labs, or the FIS. The human intelligence targeting of technology and defense industries continues.

On May 11, 2017, Director National Intelligence Daniel Coats spoke to the Senate Select Committee on Intelligence about the Worldwide National Threat Assessment. During his talk he noted, “The targeting of national security information and proprietary information from US.. companies and research institutions involved with defense, energy, finance, dual-use technology, and other areas will remain a persistent threat to U.S. interests.”

Examples of China’s efforts to steal technology or recruit human sources

  • May 23, 2017 – Seven people charged with conspiring to steal trade secrets on behalf of a Chinese company with ties to the Chinese national programs and the Chinese People’s Liberation Army (PLA). The Chinese put together a targeting dossier and then systematically culled information from publicly available information (social networks and resume databases) to better understand the depth of knowledge of key individuals.  They then parsed the information and put together their targeting matrix. They then used the matrix and rank order of the individuals within the targeted company to determine their depth of knowledge and suitability – willingness to purloin secrets on the way out and keep the relationship discrete.
  • May 19, 2017 – Xu Jiaqiang, a PRC national, pleaded guilty to economic espionage and trade secret theft. Xu stole source code from his employer, IBM, According to the Department of Justice, Xu pleaded guilty to all six of the counts included in his indictment.
  • Mid-April 2017 – It was revealed that a State Department employee engaged with Chinese security and intelligence entities.
  • Early-April 2017 – Siemens caught an employee pilfering intellectual property for passage to China. The insider threat program was successful, as a colleague reported the behavior of the fellow employee to the appropriate office within Siemens and the ensuing investigation showed the employee had indeed broken trust.

Need resources and direction?

DSS is directing responsible personnel (read FSO) to digest the Insider Threat program requirements as detailed in NISPOM 3-103b and ISL 2016-02.

Beyond the mandated security clearances, NISPOM 3-107 calls for these Initial Security Briefings for every employee prior to their being allowed access to classified information.

  • A threat awareness security briefing, including insider threat awareness in accordance with paragraph 3-103b of this Manual.
  • A counterintelligence awareness briefing.
  • An overview of the security classification system.
  • Employee reporting obligations and requirements, including insider threat.
  • Initial and annual refresher cybersecurity awareness training for all authorized IS users (see chapter 8, paragraph 8-101c, of the NISPOM).
  • Security procedures and duties applicable to the employee’s job.

Here are resources and articles directly from the ClearanceJobs archives:

Creating an Insider Threat Program – Adjusting to NISPOM Change 2

Four Case Studies for Your Required Insider Threat Training Program

Insider Threat Training – Building Your Employees’ Defenses

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com