Congress Approves Insider Threat Detection Program to Combat Leakers

A Threat Awareness Reporting Program (TARP) poster from 2010 lists Bradley Manning as an example of an "insider threat" to U.S. Army operations.

Congress Enacts Insider Threat Detection Program (Secrecy News):

Congress ordered the Secretary of Defense to establish an information security program for detecting “unauthorized access to, use of, or transmission of classified or controlled unclassified information.”  The provision was included by the FY2012 defense authorization act that was approved in conference this week (section 922).

The insider threat detection program, conceived as a response to WikiLeaks, is intended to “allow for centralized monitoring and detection of unauthorized activities.”  Among other things, it is supposed to employ technology solutions “to prevent the unauthorized export of information from a network or to render such information unusable in the event of the unauthorized export of such information.”

H.R. 1540, NATIONAL DEFENSE AUTHORIZATION ACT FOR FISCAL YEAR 2012, SEC. 922. INSIDER THREAT DETECTION (Federation of American Scientists):

       (a) Program Required.--The Secretary of Defense shall 
     establish a program for information sharing protection and 
     insider threat mitigation for the information systems of the 
     Department of Defense to detect unauthorized access to, use 
     of, or transmission of classified or controlled unclassified 
     information.
       (b) Elements.--The program established under subsection (a) 
     shall include the following:
       (1) Technology solutions for deployment within the 
     Department of Defense that allow for centralized monitoring 
     and detection of unauthorized activities, including--
       (A) monitoring the use of external ports and read and write 
     capability controls;
       (B) disabling the removable media ports of computers 
     physically or electronically;
       (C) electronic auditing and reporting of unusual and 
     unauthorized user activities;
       (D) using data-loss prevention and data-rights management 
     technology to prevent the unauthorized export of information 
     from a network or to render such information unusable in the 
     event of the unauthorized export of such information;
       (E) a roles-based access certification system;
       (F) cross-domain guards for transfers of information 
     between different networks; and
       (G) patch management for software and security updates.
       (2) Policies and procedures to support such program, 
     including special consideration for policies and procedures 
     related to international and interagency partners and 
     activities in support of ongoing operations in areas of 
     hostilities.
       (3) A governance structure and process that integrates 
     information security and sharing technologies with the 
     policies and procedures referred to in paragraph (2). Such 
     structure and process shall include--
       (A) coordination with the existing security clearance and 
     suitability review process;
       (B) coordination of existing anomaly detection techniques, 
     including those used in counterintelligence investigation or 
     personnel screening activities; and
       (C) updating and expediting of the classification review 
     and marking process.
       (4) A continuing analysis of--
       (A) gaps in security measures under the program; and
       (B) technology, policies, and processes needed to increase 
     the capability of the program beyond the initially 
     established full operating capability to address such gaps.
       (5) A baseline analysis framework that includes measures of 
     performance and effectiveness.
       (6) A plan for how to ensure related security measures are 
     put in place for other departments or agencies with access to 
     Department of Defense networks.
       (7) A plan for enforcement to ensure that the program is 
     being applied and implemented on a uniform and consistent 
     basis.
       (c) Operating Capability.--The Secretary shall ensure the 
     program established under subsection (a)--
       (1) achieves initial operating capability not later than 
     October 1, 2012; and
       (2) achieves full operating capability not later than 
     October 1, 2013.
       (d) Report.--Not later than 90 days after the date of the 
     enactment of this Act, the Secretary shall submit to the 
     congressional defense committees a report that includes--
       (1) the implementation plan for the program established 
     under subsection (a);
       (2) the resources required to implement the program;
       (3) specific efforts to ensure that implementation does not 
     negatively impact activities in support of ongoing operations 
     in areas of hostilities;
       (4) a definition of the capabilities that will be achieved 
     at initial operating capability and full operating 
     capability, respectively; and
       (5) a description of any other issues related to such 
     implementation that the Secretary considers appropriate.
       (e) Briefing Requirement.--The Secretary shall provide 
     briefings to the Committees on Armed Services of the House of 
     Representatives and the Senate as follows:
       (1) Not later than 90 days after the date of the enactment 
     of this Act, a briefing describing the governance structure 
     referred to in subsection (b)(3).
       (2) Not later than 120 days after the date of the enactment 
     of this Act, a briefing detailing the inventory and status of 
     technology solutions deployment referred to in subsection 
     (b)(1), including an identification of the total number of 
     host platforms planned for such deployment, the current 
     number of host platforms that provide appropriate security, 
     and the funding and timeline for remaining deployment.
       (3) Not later than 180 days after the date of the enactment 
     of this Act, a briefing detailing the policies and procedures 
     referred to in subsection (b)(2), including an assessment of 
     the effectiveness of such policies and procedures and an 
     assessment of the potential impact of such policies and 
     procedures on information sharing within the Department of 
     Defense and with interagency and international partners.
       (f) Budget Submission.--On the date on which the President 
     submits to Congress the budget under section 1105 of title 
     31, United States Code, for each of fiscal years 2014 through 
     2019, the Secretary of Defense shall submit to the 
     congressional defense committees an identification of the 
     resources requested in such budget to carry out the program 
     established under subsection (a).

Leave a Reply

Your email address will not be published. Required fields are marked *