It’s been more than a year and a half since President Barack Obama issued a directive to agencies for dealing with disgruntled or rogue employees, but for many federal agencies, their insider threat detection programs are struggling to get started.
Even after the WikiLeaks and Edward Snowden incidents, your agency might still be scraping together a plan to detect – and deter – insider threats in your organization. So how do you make your threat detection program go from paper to execution?
The Current Compliance Situation
All agencies were required to have started their insider threat programs as of June 30, 2014. These initial requirements included designating a senior official to manage the program, drafting and circulating an insider threat policy and creating an implementation plan for the actual program.
The fiscal year 2015 Intelligence Authorization Act signed into law in July also requires agencies to take more concrete steps toward insider threat detection.
Ultimately, the Obama administration wants to have agency programs in initial operation as of January 2017, which includes data analysis of anomalistic employee behavior and at least some network monitoring.
Getting Started At Your National Defense Or Security Agency
In order to get your agency out of the governance and planning stages, you need to start ramping up small pilot projects. The size and scope of such immense programs means you need to begin with these small pilots and then iterate and expand on your initial findings. What you should not do is try to build a large, fixed, custom system that is difficult to modify.
One critical area in which to pilot a new program is the practice of continuous evaluation. A continuous evaluation program automatically culls through police records and credit checks to track potential danger signs in employee behavior. If you’re able to implement an effective continuous evaluation project, your agency is set to run an even larger program.
Overhauling Security Clearances
Building upon the foundation of continuous evaluation, you also need to reform your process for security clearances in order to deter future internal threats.
With the 2015 and 2017 deadlines looming, some agencies in the intelligence community and in the Defense Department are already close to implementing large-scale continuous evaluation systems for security clearance holders.
In order for your agency to stay abreast of these new changes, it’s best to focus on automation and data sharing by using the current standards for adjudication and suitability. While this approach won’t ensure complete compliance, it keeps your agency working towards the goals of expedited processes and shared information.
Harnessing The Power Of Data Analysis
While automation ensures your insider threat detection stays efficient, you should also consider retooling your entire process using risk management and data analysis techniques that are predictive rather than merely reactive.
Your national defense agency must begin to understand, in a risk-based way, which behaviors are most likely to result in or suggest the probability of a dangerous insider threat. This approach isn’t foolproof – no system is – but it provides you with the best insight and most predictive analysis of which behaviors and personnel present the greatest risk.
The most valuable aspect of a data-driven approach is that it gives your agency greater flexibility in your systems, your processes and your policies to learn and adapt from negative incidents when they do occur. This means you should never have to deal with the consequences of a particular insider threat incident twice in a row.
Your comprehensive insider threat detection program is a massive, multi-year undertaking. That’s why it’s critical that your program be flexible and prepared to face a changing future – because your next incident could be just around the corner.
Want to learn more about building an all-inclusive insider threat program for your agency? Click below to request a free Insider Threat Assessment with a Big Sky expert: