An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Commentary: Combating the ‘Insider Threat’ depends on us all

  • Published
  • By Daniel Knox, Director, Information Protection
  • 88th Air Base Wing

WRIGHT-PATTERSON AIR FORCE BASE, Ohio -- By now you may have heard about a seemingly new focus in the Air Force called the Insider Threat Program. The push for this program is coming from our highest level of national leadership, stemming from the activities surrounding such names as Edward Snowden or Ron Rockwell Hansen who used their access to our sensitive systems to steal classified information.  However, in our attempts to raise awareness to the information vulnerabilities, we often overlook the fact that insider threat vectors also address the Air Force concerns with granting physical or logical access not only to our classified systems, but to our facilities, installations and unclassified systems as well. The ultimate goal of this push is to enhance life-safety, protect information and to increase security of our assets and facilities. This program puts focus more on those who already have access inside the base perimeter or systems than those outside.

What a lot of people don’t realize is that we have been combating the “insider threat” for decades in the Air Force and in the Department of Defense. As far back as World War I, and especially during times of national conflict, our nation has been compelled to formally address and mitigate potential threat vectors that stemmed from inside our walls, borders and lines as well as outside. In the past, such threats were given labels such as spies, fifth-column agents and saboteurs, but the idea was the same then as it is now:  bad guys were trying to get access to information, installations or facilities with intent to steal, compromise, damage or destroy. While the issue remains the same, our vulnerabilities to these threats have changed.

Some factors in today’s world that contribute to this problem include the relative ease with which potentially malicious actors can now gain access and manipulate information that is sensitive or classified at the national level. What in the old days would have required physical access to steal secrets now can potentially be done by a technical expert sitting at home in his or her bunny rabbit slippers. The recent push for improvements to the Insider Threat Program is meant to augment and increase our awareness and to provide new tools in our collective tool-box to combat these threats.

Specifically, we now have what is known as the Air Force Insider Threat Hub, which is a fancy way of labeling a lot of very smart folks with high-speed equipment monitoring algorithm-driven software that detects and reports anomalies from all the users associated with the Air Force, to include contractors using Air Force systems. These smart folks sift through those reports to annotate activity that warrants attention by satisfying one of 13 general guidelines, most of which have been in use by personnel security experts for years, but all of which could (not always) indicate signs of unauthorized intent or negligent behavior that may endanger our secrets, the protection of our critical assets or the welfare of our employees or the general public. This level of fidelity also tells you that everyone involved is already well versed and extremely focused on meeting the objectives of this program while still ensuring your privacy is protected as required under the law. This system will augment existing channels to report other behavioral anomalies through the chain of command or law enforcement experts.

Rest assured, this has been vetted and discussed at the highest levels and the mission need is critical, but it all begins with each and every one of you. Your commanders and directors will be the main focal points for information from the Insider Threat Hub or other sources of information, but the real success of this program will come from our Airmen, civilian, contractor and family-member patriots who say something when they see something odd, whether it includes behavior or physical/electronic indicators, that could mean bad guys (even those disguised as good guys) may be trying to achieve the following:

•  Gain unauthorized access to our information or our facilities, whether physically or electronically…

•  …to steal, compromise, damage, or destroy/harm…

•  …information, critical assets or, our most important resource…our people. 

So, do your best to be aware of the threats out there, and if you see something, say something, whether to security forces, OSI or your leadership team. Don’t assume others will do so in your stead. Just do your job, and let someone know, preferably before information is lost, assets are damaged or people are hurt. If you’re wrong about it, no harm, no foul. If you’re right, you may have saved a life or ensured our combat effectiveness as an Air Force. Pretty lofty consequences, but we know you’re up to it. That’s why we are depending on you.