Recently, the Air Force established the Air Force Insider Threat Hub and has also enhanced the insider threat manager role at the local, installation level, as a part of an overall effort to increase awareness of potential insider threat activity. While the Air Force hub’s primary role is to monitor logical access indicators, it augments an on-going effort throughout the Department of Defense.
The DoD has partnered with interagency stakeholders, including the National Insider Threat Task Force, the National Counterintelligence and Security Center, the Federal Bureau of Investigation and the Department of Homeland Security, to increase awareness about the risks posed by insider threats and to launch “National Insider Threat Awareness Month” this September.
“All organizations are vulnerable to insider threats from employees who may use their authorized access to facilities, personnel or information to harm their organizations – intentionally or unintentionally,” said National Counterintelligence and Security Center Director William Evanina. “The harm can range from negligence, such as failing to secure data or clicking on a spear-phishing link, to malicious activities like theft, sabotage, espionage, unauthorized disclosure of classified information or even violence.”
But there are potential warning signs to be aware of, said Evanina.
“Most insider threats display concerning behaviors before engaging in negative events. Our objective is to help government and corporate organizations get ahead of the problem by bolstering their insider threat programs so they can detect, engage and assist at-risk employees before they go down the wrong path,” he added.
That wrong path can include attempts to gain physical or electronic access to not only information systems but physical access to Air Force installations, facilities, and people as well.
“So, do your best to be aware of the threats out there, and if you see something, say something, whether to Security Forces, OSI, your commander, director or supervisor,” said Daniel Knox, 88th Air Base Wing chief of Information Protection, in a similar article last year. “Don’t assume others will do so in your stead. Let someone know, preferably before information is lost, assets are damaged, or people are hurt. If you’re wrong about it, no harm…no foul. But if you’re right, you may have saved a life or ensured our combat effectiveness as an Air Force. Pretty lofty consequences, but we know you’re up to it…that’s why we are depending on you.”
Recent reports underscore the impact of insider threats to both government and businesses:
• Violence – Coast Guard Lt. Christopher Hasson was arrested in February on weapons and drug charges after the FBI found 15 firearms and more than 1,000 rounds of ammunition in his residence. In court documents, prosecutors alleged Hasson is “a domestic terrorist, bent on committing acts dangerous to human life that are intended to affect governmental conduct.” In May, Virginia Beach city employee DeWayne Craddock opened fire inside a Virginia Beach municipal building, killing 12 people before police fatally shot him. In February, Gary Martin killed five co-workers at a manufacturing plant in Aurora, Illinois, after being fired at a meeting.
• Betrayal – In July, former State Department employee Candace Claiborne was sentenced to prison for lying about receiving tens of thousands of dollars in gifts from Chinese intelligence agents in exchange for providing them with internal State Department documents. In February, former Airman and counterintelligence agent Monica Witt was indicted for conspiracy to deliver and delivering national defense information to the Iranian government. As part of this effort, she allegedly helped Iranian hackers target her former U.S. Intelligence Community co-workers and colleagues with cyberattacks.
• Cyber Incidents – An Office of Management and Budget report released in August found that more than half (16,604) of the 31,107 reported cybersecurity incidents suffered by the federal government in fiscal 2018 resulted from email/phishing attacks that federal employees fell for, or from improper use of computer systems by employees with authorized access. Meanwhile, an indictment unsealed in August detailed how a Pakistani national and his co-conspirators paid AT&T insiders more than $1 million in bribes to unlock more than two million cell phones by installing malware and unauthorized hardware on AT&T’s computer systems.
• Unauthorized disclosure/retention of classified information – In July, former National Security Agency contractor Harold Martin was sentenced to prison for stealing and retaining classified information at his home. In May, former National Geospatial-Intelligence Agency contractor Daniel Hale was arrested for allegedly disclosing classified information to a reporter. Last October, former FBI agent Terry Albury was sentenced to prison for disclosing classified information to a reporter, while last August, former NSA contractor and a former Airman, Reality Winner was sentenced to prison for providing classified information to a news outlet.
• Theft of intellectual property – Last month, former Google executive Anthony Levandowski was indicted on charges of theft of trade secrets on autonomous vehicles from Google. In April, an indictment was unsealed charging former General Electric employee Xiaoqing Zheng with conspiring to steal GE turbine technologies for China while employed by GE. In December, an individual was charged with theft of trade secrets related to a product worth more than $1 billion from his U.S.-based petroleum company employer. An indictment unsealed last October detailed how Chinese intelligence officers recruited an aerospace company employee to install malware on a company laptop to facilitate cyber intrusions and theft of trade secrets.
The responsibility for detecting, deterring and mitigating insider threat activity rests with every employee. Awareness is the key to success. For more insider threat resources, contact the WPAFB Installation Insider Threat Representative Lindsay Jung of the 88th Air Base Wing Information Protection Directorate at 937-904-8983.
About the Author