The United States Department of Defense (DOD) is marking the country's first ever Insider Threat Awareness Month by training staff in insider threat detection.
The DOD, together with other federal agencies, will be teaching its employees to be on the lookout for indicators that a co-worker may be stealing sensitive or classified information, hatching a plan of sabotage, or plotting a violent attack. The training will include a reminder that contractors and anyone who has access to facilities could pose a threat.
"Insider threats are posed by persons who use trusted access to do harm to the department's facilities, resources, or people," said Dr. Brad Millick, director of the Defense Department's counter–insider threat program within the Office of the Undersecretary of Defense for Intelligence.
Millick warned employees to be on the alert for any incidences of ironically self-sabotaging plan leakage, a recognized psychological phenomenon where insiders with malicious intent can't resist talking about their plans before they put them into action.
Staff will be issued a communications packet containing awareness training, eLearning games, case studies, posters, and videos, all available on the Center for Development of Security Excellence website.
According to Joshua Reese, policy and program advisor for the Defense Department's counter–insider threat program, the DOD goals for the inaugural Insider Threat Awareness Month are to educate the workforce about the department's insider threat programs and encourage the reporting of indicators and potential threats.
Reese said that an analysis of past incidences indicated that DOD staff were reluctant to report people they thought were acting suspiciously.
The DOD is doing their bit to raise awareness of insider threats externally too. This week, together with the Department of Homeland Security (DHS), they released a new document that offers guidance on how critical manufacturing organizations can approach the development of insider threat programs.
The implementation guide states: "Effective insider threat programs deploy risk management strategies that identify the assets or resources to be protected, identify potential threats, determine vulnerabilities, assess risk, and deploy countermeasures. Many countermeasures are no or low cost to the organization and include training and awareness, clear reporting policies, managing organizational trust, and enhanced security procedures."