DSS Published an Insider Threat Plan. What Does That Mean For You?

By Greg Cullison


To some hoopla DSS PUBLISHED A SAMPLE INSIDER THREAT PLAN to be used as a template. The result fell short of expectations. At public forums, DSS spoke of clickable, fillable PDFs and the like. Some companies we have spoken to actually had been sitting on their hands waiting for “DSS to tell us what to do.”

What was actually delivered didn’t match some of the hype. The DSS sample mostly repeats the INDUSTRIAL SECURITY LETTER that tells companies what functional capabilities their insider threat plans must contain. 

The language in the Sample Plan reads more like a pledge by the Insider Threat Program Senior Official (ITPSO) to follow the mandates of NISPOM Conforming Change 2 than a plan of action. 

Savvy readers will notice the asterisk and following text where DSS underscores that each company’s final plan must explain how it will meet the requirements.

To be fair, the impetus behind the Insider Threat Program was never to create cookie cutter programs or one-size-fits-all plans. DSS recognizes that each company is different, and each company will need to determine the most appropriate mechanisms for their organization to, for example, “access, gather, integrate, and provide for reporting of relevant and credible information…”

In our estimation, it would be very hard to have a functioning program without a central coordinating body. Though not specifically called out in Change 2, an Insider Threat Working Group or security hub to consolidate information and track issues is vital, even if that hub is a single person. The key is to be able to see patterns as they emerge across the enterprise -- since Change 2 now requires cleared defense contractors to be on the lookout for potential indicators of insider threat activity. 

Where will those potential and actual indicators likely manifest themselves in your company? No one else can answer that but you. 

For some structured thinking around these problems, we encourage you to download our FREE GUIDE to combatting insider threats. This will help you work systematically through the core issues your business faces in developing the procedures you need to have an effective plan. One that has some real heft and doesn’t end up gathering dust on a shelf.

Kickstarting Your Insider Threat Program Online Course