The National Counterintelligence and Security Center (NCSC), the National Insider Threat Task Force (NITTF), the Office of the Under Secretary of Defense Intelligence and Security, the Defense Counterintelligence and Security Agency, and the Department of Homeland Security is kicking off the third-annual “National Insider Threat Awareness Month” (NITAM).
NITAM is an annual, month-long campaign during September to educate government and industry about the risks posed by insider threats and the role of insider threat programs. Federal insider threat programs are composed of multi-disciplinary teams that address insider threats while protecting privacy and civil liberties of the workforce; maximizing organizational trust and ensuring positive work cultures that foster diversity and inclusion.
The NITAM campaign seeks to encourage employees in government and the private sector to recognize behaviors of concern and report them so early intervention can occur, leading to positive outcomes for at-risk individuals and reduced risks to organizations. To learn more about the campaign and resources available to organizations, visit the NITAM 2021 website.
All organizations are vulnerable to insider threats. An insider threat is anyone with authorized access who uses that access to wittingly or unwittingly harm an organization or its resources. Most insider threats exhibit risky behavior prior to committing negative workplace events. If identified early, many insider threats can be mitigated before harm occurs.
“The risks to government and industry from insider threats are severe. These threats can take many forms, whether it’s a federal employee coopted by a foreign adversary to steal sensitive information or a corporate employee clicking on a spear-phishing link that infects their company’s networks,” said NCSC Acting Director Michael Orlando. “Through this campaign, we hope to bring much-needed attention to insider threats and help organizations and their employees prevent and mitigate these issues early on.”
This year’s campaign focuses on insider threat and workplace culture. Organizations with positive and inclusive work cultures that foster trust between employees and leadership have more engaged and loyal employees and are better positioned to reduce insider threats. Studies have demonstrated that disengaged workers have higher absenteeism, more accidents, and more errors, and that organizations with low employee engagement suffer from lower productivity, lower profitability, and lower job growth – all conditions that can contribute to insider threats.
Today, insider threat practitioners from across the U.S. government and industry will participate in the 2021 Insider Threat Virtual Conference, sponsored by the Department of Defense. The conference features senior level speakers and panelists who will present on the current state of federal and industry insider threat programs; the importance of and strategies for developing positive organizational culture and sub-culture in combating the insider threat; and resources for training and professionalization of the insider threat practitioner community.
Recent examples underscore the damage that can be caused by insider threats:
- In July 2021, a 20-year-old sailor who had failed in his attempt at becoming a Navy SEAL was charged with deliberately setting fire to the USS Bonhomme Richard, an 800-foot Navy amphibious assault ship. The USS Bonhomme Richard went up in flames on July 12, 2020, burning for several days while docked in San Diego and causing some 60 people to be treated for injuries. The Navy later decided against repairing the vessel after determining it would cost an estimated $3 billion and take more than five years. The Navy officially decommissioned the USS Bonhomme Richard this year.
- In April 2021, a Ph.D. chemist who had worked at Coca-Cola and Eastman Chemical was convicted of conspiracy to steal trade secrets, economic espionage, and wire fraud. According to court documents, the chemist stole trade secrets that cost some $120 million to develop in order to help a new company in China that had received millions of dollars in grants from the Chinese government. The chemist sought to benefit not only the Chinese company, but also the Chinese government and Communist Party.
The launch of this year’s campaign marks nearly a decade since an October 2011 Executive Order that required all federal agencies with access to classified information to have their own insider threat prevention programs and directed the creation of the NITTF under the leadership of the Attorney General and the Director of National Intelligence.
NITTF is currently housed at NCSC. Since its inception, the NITTF has worked with federal agencies to build programs that deter, detect, and mitigate insider threats. NITTF and NCSC coordinate insider threat training and awareness; liaison and assistance; governance and advocacy; and research and analysis for stakeholders in the public and private sector to reduce the risk of insider threats to public health and safety, economic security, and national security.
In recent years, NCSC and NITTF have expanded their outreach to help private sector entities address insider threats. In March 2021, NCSC published Insider Threat Mitigation for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence Perspective, and in July 2021, NCSC and the Department of Defense’s Center for Development of Security Excellence (CDSE) collaborated to publish Insider Risk Implementation Guide for the Food and Agriculture Sector.