National Insider Threat Awareness Month Brief

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

thank you so much mr. Belk for your comments you know mr. Belk is right insider threat Awareness Month really is about getting that message out there not only the risk to our personnel to our organizations in both the public and the private sector but also getting the information about about the role of all of you and all of you out there listening in identifying and reporting indicators it's not just a role we have it's a responsibility that we undertake and I think we know this inherently every single one of us knows that we should be reporting information we take the annual training we pass posters in the hallway see something say something is probably the most ubiquitous phrase to anybody in this community and yet we don't do it what is it that holds us back from making that call from sending that email from walking down the hall you know some of it may be as simple as what we're taught as kids right you don't want to be a snitch you don't want to be a tattletale and that's ingrained a little bit I get that some of us also may think you know what I see it in the newspaper but it would never happen here would never happen at my organization unfortunately it does right so this month were also commemorating the tragedy of the Navy Yard shooting we also remember the tragedy of Fort Hood and many many other events have occurred at both public and private organizations throughout the country you also as Wayne said cannot open the paper without seeing another case Harold Martin was just sentenced reality winner Kevin Patrick Mallory these names resonate and when that insider threat occurs however it manifests whether it as espionage or another national security crime theft fraud sabotage workplace violence harm to self or others what we find is it's often in the very early phases those same indicators so no matter how that insider threat turns out very early on those same behaviors and activities of concern are what we can notice observe and report in order to make a difference I think one of the other things that prevents people maybe from making those reports is a misunderstanding of insider threat programs in general what if I'm wrong what if I report my coworker or my friend and they get in trouble for no reason insider threat programs are not designed to get anybody in trouble if you're familiar with insider threat programs as I know many of our audience here are and probably many of you online these are multidisciplinary teams that are designed to deter detect and mitigate risk and as mr. Belk discussed that deterrence factor and that mitigation factor often come by developing positive outcomes for individuals so the program really wants to get left of boom or as Wayne said get ahead of the problem our idea is to identify folks who might need a little help at one time or another and push them through so that they can remain an access remain productive have positive outcomes for both the individuals and for your organization so how do we figure out what those indicators are that we need to report I think we should start with the basics so if you're in this room look to your left look to your right if you're tuning in online look in the mirror that's an insider right somebody who has authorized access we're all insiders what makes an insider threat is when that individual with authorized access uses it to either wittingly or unwittingly cause harm to an organization and its resources which can include information classified or otherwise which can include facilities which can include personnel now what I'm describing the insider threat I really find it's helpful to reference the movie office space have you guys seen this movie office space I'm seeing a lot of head nods probably a lot of you out there online as well if you haven't seen it look it up afterwards it's a good movie this movie has a character named Milton and Milton is just one of those guys super awkward doesn't have a lot of really positive social interactions with his coworkers he has a very unnatural attachment to his red Swingline stapler throughout the movie Milton also gives off a lot of indicators he is disgruntled with his job and he in fact expresses it to many many many of his co-workers he's disgruntled because everybody gets birthday cake at the office party except for Milton he's disgruntled and in fact experiencing some financial difficulties which is another indicator because payroll keeps forgetting to issue his paycheck throughout the movie people are very aware but they don't report it and they don't address it in fact what they do with Milton is they continue to move him farther and farther away from all of his co-workers to where the end of the movie he is sitting in the basement at his desk next to the furnace what happens at the end of the movie what is Milton do he burns the building down is that an insider threat yes is this the kind of guy that after he burnt the building down every single person said I always knew there was something about that guy yes the reality is in most insider threat cases and I get it that hindsight is 20/20 but in most insider threat cases those concerning behaviors were evident prior to the negative event everybody saw it coming nobody said anything now I don't want to just pick on poor Milton I don't know if you guys remember but there's another insider threat in this movie this insider threat is new Peter he's the guy holding the baseball bat and Peter is the anti Milton Peter is cool Peter has lots of positive social interactions but Peter also gives off indicators throughout the movie he is aloof he is disgruntled with his job he gets to the point where he doesn't he shows up to work but he doesn't do any work his coworkers are aware of this he talks about it all the time he also exhibits maybe some violent behavior I don't know if you can see this slide very well but they have taken a photocopier from the office out to a field and he and two coworkers are beating it with a baseball bat now I have spent 20 years working for the federal government there has been a photocopier or two in my time that I have had strong words with but this kind of behavior is pretty extreme and pretty a violent nobody reports Peter and in fact Peter is often rewarded throughout the movie for his behavior what does Peter do at the end of the movie he sets up an algorithm yes where he steals about a million dollars from this company is this an insider threat yes it's an insider threat does it look the same very different looking very different type of person we don't profile in insider threat programs we don't go after a certain demographic a certain look a certain background what we're looking for with an insider threat indicator are behaviors and activities of concern anomalous behavior so we're not we're not just picking on the Milton's of the world or any other class what we're trying to pay attention to is those cries for help and distress or indicators that some of these be going to engage in negative activity or is at risk to do so and let's we'll talk about some of those indicators but there actually is one more insider threat in this movie that I forgot to tell you about one more guys remember this guy yes right worst boss in the history of the world he is clueless he he treats his employees poorly there is no level of organizational trust within this organization he's not transparent he's not fair would you say those of you who have seen it that he facilitated those insider threats there's a lot of head nods here those of you that can't see it yes because he failed to address the issues this kind of poor leadership is also a risk for insider threat and this kind of thing is something that can also be reported to an insider threat program and often mitigation response I'm not saying the boss is gonna get fired that's probably not gonna happen but there are ways that we can bring others outside of the insider threat program into that intervention process teach people how to appropriately respond to threats and risks in the environment so that we don't exacerbate them this is one example of that all right so let's talk a little bit about what other factors contribute to insider threat or contribute to vulnerability there's something called the critical pathway it was devised by dr. Eric Shaw and his cohorts and in this model it talks about how individuals reach certain decision points as they go along and individuals who maybe have a certain predisposition and then experience stressors in their life might reach these thresholds and move either down a critical pathway towards a negative event or we might identify some periods of time where they can be diverted off and interventions can successfully bring positive outcomes for them what kind of indicators would come up or what kind of events would trigger somebody to move down that critical pathway well life crises whether real or perceived are things that occur in everybody's life and some people may use those to travel down the critical pathway what's a life crises well they can be in your personal life we can be talking about divorce we can be talking about death of a loved one we can be talking about dealing with an annoying teenager who's just starting to drive we can be talking about financial problems we can be talking about stress caused by alcohol or drug abuse we can be talking about undiagnosed or untreated medical conditions including mental health conditions and I see your faces you're right those are not necessarily life crises that's just life right those are things that all of us deal with at one point or another and there are a lot of young people in this audience I'm warning you those are happening to you too eventually that's life everybody goes through these various seminal events and there's stressful and they're difficult and there are a time when we're at a greater vulnerability to pose an insider threat or to move down that critical pathway what an insider threat program does is reach out to those individuals or hopefully they'll learn that they can reach out to the insider threat program and find ways to mitigate those life events so an insider threat program is a multidisciplinary team it's made up of CI security all the security disciplines can participate information security personnel security cyber security is a big one guidance from law enforcement Human Resources I know I'm forgetting somebody mental health and behavioral science professionals this group works together to help come up with resources and mitigation strategies that can divert somebody off of that critical pathway and get them back into a productive environment foster a positive outcome not only for them but for their organization the other thing when you hear me describe those life crises and I talked about things like personal problems drug or else alcohol abuse medical issues etc those sound a lot like the adjudicative guidelines and if any of you agnus all of you in this building hold a security clearance you know that these are the factors that are used to determine eligibility for access for security or suitability clearance you know when personal security looks at individuals they take these into consideration but they use what's called the whole person concept so the idea being that a person is not defined by this one event that might have occurred and a very human event that many of us go through but the whole person is taken into account as well as mitigating factors that might still make somebody eligible for a clearance despite the fact that they've had this vulnerability it's very rare that something will reach the level of a disqualifying factor that would prevent or remove access or eligibility for access insider threat programs work hand-in-hand to ensure that trusted workforce with a personnel security program we help with those mitigating factors the role of the insider threat program is to mitigate risk and we do so by recognizing when somebody is struggling and doing everything we can bringing those multidisciplinary forces to bear to get them back on the right track so how do you know if a co-worker a friend somebody in your area of responsibility or that you're aware of is going through one of these events or something is happening there are a lot of different indications and there's probably too many to list we call them potential risk indicators these are those observable and reportable behaviors of concern and they're different for everybody what you're often looking for is those that are behaving outside of the norm for themselves and I don't say abnormal because what's normal behavior right but different for them abnormal you all spend so many hours a week with your co-workers probably more time with them than you do with your families you can tell when somebody's off when somebody's tired when somebody's having a bad day when somebody's having a great day when you notice behaviors of concern and fail to report them you're missing an opportunity you're missing an opportunity to intervene when somebody might need it most or if all they need is a pat on the back and a good to go that's all they're gonna get as well but you're missing that opportunity to provide assistance to someone you know let's talk a little bit about some of these indicators and again there are a lot of them I won't go through all of them and they're going to be different for others but we can cluster some in categories potential risk indicators so patterns of security violations for sure somebody who seeks to expand access asking for information outside there need to know somebody who is reluctant to submit to a polygraph or other kind of security protocols refusing to do so responsible for unaccounted for classified materials trying to fish around and find stuff those would be indicators worth reporting again this list is not all-inclusive and you can find more detailed information on our website CdSe edu also suspicious behaviors so things like working hours inconsistent with the job assignment trying to be in the office when nobody else is there coming early leaving late it's this thing on working in private without a valid reason demonstrating exploitable behavior traits and we talked about how some of those might contribute to that life crisis trigger but there's there's very many behaviors and activities that could be exploited or make somebody vulnerable to recruitment or elicitation revealing unexplained affluence so somebody who's flashing a lot of cash and didn't win the Mega Millions that might be suspicious you might have somebody who's experiencing the opposite may be extreme debt extreme financial hardship and again that's something that people will go through at various time of life but how are they coping with that what's the stress from that and what does that indicate as far as a vulnerability unexplained foreign travel or unreported foreign travel or foreign contacts we all have that obligation to report that you might also want to look at suspicious behavior surrounding legitimate an official travel and reported travel is it frequent is it unexplained the destinations don't actually have to be foreign if somebody is shuffling off to Buffalo every third weekend and they don't have bill season's tickets and their grandma doesn't live there why are they going now does that mean that that person's an insider threat know if somebody's going through a life crisis does it mean that they're an insider threat no not necessarily but the risk is there our role is to mitigate risk we can only do it if we know connection to foreign anomalies so if somebody is associated with material that ends up the classified material that ends up in the media or that would seem to give an adversary forewarning or for knowledge of our activities our information our movements that would be an indicator as well I don't know if you guys are familiar with this case so petty officer 2nd class Brian Martin was arrested in December 2010 for attempting to pass classified material to an undercover agent posing as a Chinese spy he pled guilty to four counts of spm tadesse pia Nagy and a host of other related crimes in 2011 at which time he was sentenced to 48 years in prison Martin was 22 years old sentenced to 48 years in prison the indicators were there Martin was accessing information outside the needs no he was constantly asking co-workers to access information for him to give him access to provide passwords Martin was continually borrowing money from coworkers he also events some lifestyle choices in addition to his massive gambling debt which was just one part of his life crisis that he was experiencing he was engaged to be married wanted to impress the father-in-law was broke from gambling he was looking for an infusion of cash he mishandled classified information in the office all the indicators were there all of his co-workers were aware of his struggles after his sentencing Martin conducted an interview and it's a pretty sad interview he talks about just the devastation to his parents when this happened one of the things he also says is everybody knew I was struggling why didn't anybody say something why didn't anybody say something why don't we say something we see something all the time part of its maybe a fear right I don't want my friend to be mad at me what if I'm wrong what if they get in trouble would he have been mad that you reported him to the insider threat program or security or your supervisor probably would he be serving 48 years in prison as a 22 year old young man maybe not this is the kind of thing that is happening in all of our organizations both public and private this was classified information we we suffer a devastating loss of proprietary and trade secret information in this country we're experiencing economic espionage at unprecedented rates we're experiencing those who would commit acts of violence at unprecedented rates it's happening everywhere in this case we were very lucky so it was an undercover agent he actually didn't successfully transmitted classified overseas but imagine if he had right programs that you work on programs that you've dedicated your life's to taxpayer dollars have been funding programs that could endanger the warfighter if they are revealed programs that could endanger the homeland if they're revealed that's what's at risk here and I know I see you out there thinking and you're thinking okay Rebecca you're right I should report that stuff but I'll tell you what life crisis or not I know myself I know my co-workers were stoic we've got broad shoulders you know we can handle this ourselves we don't need the insider threat program coming along to Pat us on the back and tell us we can make it through we can make it through maybe you can but the adversary is watching the adversary is out there the adversary is incredibly skilled at manipulation the adversary is very capable of twisting your motivations twisting your loyalty and even when they cannot the adversary is incredibly skilled at eliciting information from those who are unwilling to betray and they're paying attention they see these cases go down every day and they know just where to target you every one of you is a target every one of us is a target how do they know about it you know we all have such big digital footprints how many people out here have a social-media account of one form or another LinkedIn Twitter Facebook there's nothing wrong with that we have them it's it's a way of doing life anymore kind of have to have it to do business and so long as you're practicing good cybersecurity you have your privacy settings set and you're aware of the signs that you may be being targeted or elicited okay now I personally I don't have Facebook I just never got into it but I'll tell you who does have Facebook and that's my mother my mother is awesome if you ever see this recording my you are the best but even she would admit that she has a really really big mouth my mom once had an article placed in our local hometown newspaper that described my title special agent Rebecca Morgan who works at the Pentagon she had my security clearance level in there at least to the degree that she understood it she named the town that I was living in at the time awesome lady OPSEC is not my mom's Forte the other interesting thing about my mom though is that she is listed on my sf-86 that's the same sf-86 that was compromised in the OPM data breach if you think you're good online your stoic you can handle stuff you all might not have my mom but I guarantee every one of you and every one of your co-workers has some old auntie or some weird cousin Eddie or somebody out there in social media they're sharing your stuff whether that's your level of security clearance and where you're deployed to or the life crisis that you're currently going through that information is accessible you are absolutely a target you know what an insider threat program does it helps you harden that target so if you're being approached elicited recruited we have a multidisciplinary team that can help you develop countermeasures to prevent that action that can get you to the right folks to ensure that you're not doing anything wrong and that they're resolving it that's sometimes if if the adversary is targeting you you know more often what an insider threat program is going to do is harden that target by helping you build a level of personal resilience so that when you're going through any one of these natural life crises natural events you do have the power to make it through not be targeted or approached not move down that critical pathway to negative behavior but really get that intervention and support that you need and insider threat programs do provide that support we've got that whole team HR folks behavioral scientists the security folks all working together to make sure that you can remain in access and remain a positive asset to your organization I know sometimes people think that it's a gotcha we want to get people out fire them we don't want to you were expensive you were expensive to recruit you were expensive to train your expensive to retain believe me we want to keep you and we want to keep you safe again you're a target and it happens all the time you know these are just a couple of cases just from the last couple of years manifesting in lots of different ways so whether they're national security crimes economic espionage or trade secret theft whether they are acts of violence acts of harm to the self or others repeatedly those same kind of indicators are coming up all right I do want to give one little caveat here I'd like to draw if I could a very bright line between a legitimate whistleblower and an insider threat insider threat programs and indeed I think most of us who work in CIA and security have a big respect for the whistleblower program it serves a very valuable purpose it puts a good check in balance on governmental activities and there are very specific protocols and points of contact that you would go through in order to engage in whistleblowing if you're not familiar with it there's so much information out there on the no fear act Office of Special Counsel you can go through your IG program we also have at CdSe we have a toolkit on unauthorized disclosure that has a whole section on appropriate measures to take if you would like to become a whistleblower or explore it there's options this is very different however from disclosing classified information to somebody outside of a need-to-know and then later calling it whistleblowing it's not the same thing you have to follow appropriate protocols what's on the line when you disclose classified information whether you think it's innocuous or not you didn't make that original classification determination you don't know what kind of sources and methods you're putting at risk you don't know what kind of warfighter operations you're putting at risk that information cannot go out if something needs to be done to curb governmental activity it will be done and they take you seriously they've always taken you seriously but believe me after Snowden after Manning after winter they will take you seriously if you're not familiar you don't know where to go you've looked at the resources and don't understand them reach out to your insider threat program they will steer you on the right path to get where you need to go whistleblowers are not considered insider threats I'd also say for those of you who are maybe thinking of writing an article appearing on a talk show finally going to get that screenplay done there is a process called pre-publication review and this can be used to evaluate your materials before you get them out there so that we can make sure there are no inadvertent unauthorized disclosures again we have resources on our website that can get you there but if you have questions reach out to your insider threat program that insider threat program is a resource for you this is a group of individuals who come together to really identify vulnerabilities identify potential threats and Midd risk they're not in the risk elimination business okay no matter how good your insider threat program is no matter how hard they work and no matter how often you report you're never going to eliminate the possibility of an insider threat but you can manage that possibility and you can manage that risk if you have appropriate access to the information and the indicators now we're really lucky today that we're going to get a presentation about insider threat program risk mitigation in action from the Army so I don't want to steal any of their thunder but before we bring them up there are a few things that I'd like to share with you as far as resources that are out there so if you want to learn more about the insider threat and you're not familiar with CD SC edu I encourage you to come over and check out our website go to CdSe edu and navigate over to insider threat we have a wealth of resources that can be used in your organization to get the word out case studies on some of the cases that we we briefly flashed up there today we have videos we have eLearning we also have what we call toolkits and one of these is on vigilance and awareness campaign materials so we are in the middle of insider threat awareness month but insider threat awareness is all year long and we have plenty of ways for you to engage if you've never played one of our fun games we have a trivia twirl we have concentration we have crosswords we have word searches please log on and download some of these we also have posters which are customizable award winning video campaigns a whole wealth of resources that are really out there for you guys also for those of you that are insider threat practitioners we have a host of e-learning on topics such as privacy and civil liberties in an insider threat program that's something that we take very seriously we work very closely with many government organizations in order to develop that training to ensure that the insider threat programs that serve you are respecting the privacy and the civil liberties of the workforce we also have training on hub operations critical thinking for insider threat analysts mitigation response options cyber insider threat we have two coming out the cyber insider threat as well as behavioral science and insider threat programs this fall so please look for those I'd also like to point out that we have a number of resources on kinetic violence and kinetic violence response so again as as mr. Bell pointed out this behavior has become so commonplace that we're almost a nerd to it it's become normalized let's not get there let's not get there even one incident is too many if you don't know how to identify the indicators that somebody might commit harm to themselves or others reach out to the website if you're not what sure what to do to respond during an incident reach out to the website there's lots of resources cold from throughout the community great stuff from FBI Homeland Security DoD and others so I encourage you to access that

Info

Channel: Center for Development of Security Excellence (CDSE)

Views: 4,764

Rating: 4.8571429 out of 5

Keywords: NITAM Briefing, Inisder Threat, Awareness

Id: 9wxgCvSqM1M

Channel Id: undefined

Length: 34min 31sec (2071 seconds)

Published: Tue Nov 12 2019