Subscribe by email
Recently, an Executive Memo was released addressing the vexing issue of insider threat within departments and agencies of the federal government. This presidential memorandum,“National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs,” was issued on Nov. 21, 2012. The text of the memo is captured below:
This Presidential Memorandum transmits the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Minimum Standards) to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the Nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems.
The Minimum Standards provide departments and agencies with the minimum elements necessary to establish effective insider threat programs. These elements include the capability to gather, integrate, and centrally analyze and respond to key threat-related information; monitor employee use of classified networks; provide the workforce with insider threat awareness training; and protect the civil liberties and privacy of all personnel.
The resulting insider threat capabilities will strengthen the protection of classified information across the executive branch and reinforce our defenses against both adversaries and insiders who misuse their access and endanger our national security.
For such a brief memo, it has not been without controversy. Some pundits have stated that it will put a chill on whistleblowers while others have argued that such a statement indicates that “Big Brother” has landed. I just don’t see it that way.
The ability to monitor employee interactions with company data has long been available in the private sector. Organizations regularly monitor access to critical or protected information–and if they aren’t, they should be. Insider threats, abuse and misuse of data, and malfeasance are common in companies all around the globe. Why should we expect the same is not true in our federal, state, and local governments. I, for one, feel safer with a “trust but verify” approach for the data we all share with federal agencies.
