DOD looks to new analytics center to tackle insider threat
- By Sean Lyngaas
- Jul 16, 2015
Defense Department officials hope a nascent analytics center will be a potent weapon in their war against unauthorized disclosures of sensitive information and other insider threats.
The Defense Insider Threat Management and Analysis Center (DITMAC) is meant to be predictive rather than reactive, with the help of big data advances and forthcoming policy guidance.
“We’re very good at preventing what’s already happened from happening again,” said Mark Nehmer, DITMAC’s deputy chief of implementation, “and what we’re working on now is preventing what we haven’t seen before from starting to happen.” He spoke July 16 at a Defense One event in Arlington, Va.
The analysis center grew out of a recommendation of the Pentagon review of the 2013 Navy Yard shooting. Last December, then-Undersecretary of Defense for Intelligence Michael Vickers directed the Defense Security Service to establish the DITMAC. The center is meant to provide a clearer view of the severity of myriad insider threats across the bureaucracy. DOD components will funnel insider-threat data to the DITMAC, which will query internal DOD records and outside information, analyze it, and send it back to the components for action, Nehmer explained. The analysis center will have “initial operating capability” in the fall, he said.
The DITMAC is in some ways the fulcrum of the Pentagon’s efforts to manage “the insider threat,” a broad term that encompasses everything from leaking sensitive information to journalists to physical threats to government facilities. “DITMAC operations, metrics and case studies will inform, support and enable [the Office of the Undersecretary of Defense for Intelligence’s] management and oversight of DOD’s insider threat program,” defense officials said in a recent Government Accountability Office report.
But the DITMAC is just getting off the ground. Officials are still sorting out how it will interact with existing insider threat measures, said Carrie Wibben, director of the Security Policy and Oversight Division at OUSD(I). “We don’t want, for example, every single [DOD] component standing up their own IT system related to insider threat because then we have 42-plus to try to integrate and make interoperable,” she said at the Defense One event.
The panel of officials acknowledged that collecting and analyzing more data on their employees risked at least a perception of being stifling or overbearing. Patricia Larsen, an intelligence official who co-directs the National Insider Threat Task Force, framed it as a question of messaging. The message to the national security workforce should stress that insider threat programs are about “protecting the integrity of the workforce and the people and the information and the facilities that we have invested so much in,” she said.
Steven Aftergood, director of the Federation of American Scientists’ Project on Government Secrecy, told FCW that intelligence officials are aware of the risk of alienating employees with constant monitoring. “I think that the ODNI folks are attuned to that hazard because it poses a risk to their whole enterprise,” he said. “If the insider threat program becomes too intrusive and too invasive, people are going to walk away, especially people who have options to work elsewhere are going to say, ‘I don’t want to put up with this.’”
Information sharing across DOD agencies looks to be a key hurdle to improving insider threat programs. A GAO analysis published July 16 concluded that “DOD officials are not consistently using existing mechanisms to share information, such as lessons-learned information systems and antiterrorism web portals. Unless the military services consistently use existing mechanisms to share information on insider threats, U.S. installations may miss opportunities to enhance the department’s ability to protect the force against such threats.”
Sean Lyngaas is a former FCW staff writer.