Federal insider-threat programs get a dose of ‘Maturity’

Written by

A government task force hopes to improve federal agencies’ ability to identify insider threats and avoid the leak of sensitive or classified information.

The National Insider Threat Task Force (NITTF) — run by the FBI and the Office of the Director of National Intelligence — released the “ Insider Threat Program Maturity Framework” on Thursday. It complements a set of standards the task force released in 2012 that set the “minimum elements necessary to establish functional insider threat programs.”

The aim with the new framework is to help federal agencies go beyond the minimum guidelines issued six years ago and be “more proactive, comprehensive, and better postured to deter, detect, and mitigate insider threat risk.” It can be used to start an insider threat program or augment an existing one.

The framework comprises 19 “maturity elements,” such as the ability to adapt a program to comply with changing laws; educating employees about the full range of insider threats; monitoring employee access to information; and looking out for behavioral indicators of insider threats.

Agencies often leverage cybersecurity teams or tools to monitor user activity within the government and detect suspicious activity. And potential leaks can involve sensitive information about cyber-capabilities or cyberthreats, as was the case with NSA whistelblower Reality Winner.

The government are concerned with the risk of government employees or contractors knowingly or unknowingly exposing sensitive government information to the public, press or adversaries.

An executive order issued by the Obama administration in 2011 directed agencies that use “classified computer networks” to establish insider threat programs, which led to the minimum standards the NITTF set forth a year later. The task force says agencies don’t have to have fully implemented the minimum standards before bringing in elements form the new maturity framework.

The NITTF said the new framework is the product of a working group of people involved in insider threat prevention and was also vetted by the intelligence community the Department of Defense.