Intelligence

DOD looks to new analytics center to tackle insider threat

Shutterstock image (by adhike): hacker over a screen with binary code.

Defense Department officials hope a nascent analytics center will be a potent weapon in their war against unauthorized disclosures of sensitive information and other insider threats.

The Defense Insider Threat Management and Analysis Center (DITMAC) is meant to be predictive rather than reactive, with the help of big data advances and forthcoming policy guidance.

“We’re very good at preventing what’s already happened from happening again,” said Mark Nehmer, DITMAC’s deputy chief of implementation, “and what we’re working on now is preventing what we haven’t seen before from starting to happen.” He spoke July 16 at a Defense One event in Arlington, Va.

The analysis center grew out of a recommendation of the Pentagon review of the 2013 Navy Yard shooting. Last December, then-Undersecretary of Defense for Intelligence Michael Vickers directed the Defense Security Service to establish the DITMAC. The center is meant to provide a clearer view of the severity of myriad insider threats across the bureaucracy. DOD components will funnel insider-threat data to the DITMAC, which will query internal DOD records and outside information, analyze it, and send it back to the components for action, Nehmer explained. The analysis center will have “initial operating capability” in the fall, he said.

The DITMAC is in some ways the fulcrum of the Pentagon’s efforts to manage “the insider threat,” a broad term that encompasses everything from leaking sensitive information to journalists to physical threats to government facilities. “DITMAC operations, metrics and case studies will inform, support and enable [the Office of the Undersecretary of Defense for Intelligence’s] management and oversight of DOD’s insider threat program,” defense officials said in a recent Government Accountability Office report.

But the DITMAC is just getting off the ground. Officials are still sorting out how it will interact with existing insider threat measures, said Carrie Wibben, director of the Security Policy and Oversight Division at OUSD(I). “We don’t want, for example, every single [DOD] component standing up their own IT system related to insider threat because then we have 42-plus to try to integrate and make interoperable,” she said at the Defense One event.

The panel of officials acknowledged that collecting and analyzing more data on their employees risked at least a perception of being stifling or overbearing. Patricia Larsen, an intelligence official who co-directs the National Insider Threat Task Force, framed it as a question of messaging. The message to the national security workforce should stress that insider threat programs are about “protecting the integrity of the workforce and the people and the information and the facilities that we have invested so much in,” she said.

Steven Aftergood, director of the Federation of American Scientists’ Project on Government Secrecy, told FCW that intelligence officials are aware of the risk of alienating employees with constant monitoring. “I think that the ODNI folks are attuned to that hazard because it poses a risk to their whole enterprise,” he said. “If the insider threat program becomes too intrusive and too invasive, people are going to walk away, especially people who have options to work elsewhere are going to say, ‘I don’t want to put up with this.’”

Information sharing across DOD agencies looks to be a key hurdle to improving insider threat programs. A GAO analysis published July 16 concluded that “DOD officials are not consistently using existing mechanisms to share information, such as lessons-learned information systems and antiterrorism web portals. Unless the military services consistently use existing mechanisms to share information on insider threats, U.S. installations may miss opportunities to enhance the department’s ability to protect the force against such threats.”

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group