ARLINGTON, Va. – Why would leaders spanning security, counterintelligence, law enforcement, cybersecurity, and psychology professions from DOD, federal agencies, industry and academia take time from their busy schedules to convene for a two-day conference to talk about insider threat?
To put it simply – National Insider Threat Awareness Month (NITAM) and its 2024 theme to 'Detect, Deter and Mitigate' insider threats to national security.
More than 2,600 participants – 400 in person and 2,200 online – engaged at the Defense Counterintelligence and Security Agency (DCSA) Conference for Insider Threat from Sept. 9-10 to collaborate and coordinate in ongoing efforts to protect national security and resources.
“This year's conference theme is most important,” said Andew Lochli, DCSA assistant director for Counterintelligence and Insider Threat, in his keynote remarks. “Look at the number of unauthorized disclosures, arrests, attempted acts of sabotage or espionage and active shooters that we see every day on the news. There's more and more, and we have to bring the insider threat enterprise together to combat those threats. To do this at scale, we must focus on supporting those closest to the issues, those closest to prevent some of these issues.”
Lochli was among 57 DOD, government, industry and academia thought leaders who briefed or engaged as panel members or moderators at the event where stakeholders exchanged insight and shared best practices to foster a stronger and more informed community.
“We are definitely making progress,” said Lochli, regarding collaboration and information sharing among his colleagues and myriad organizations participating in the conference. “It requires close partnership between practitioners and skilled expertise to continue evaluations. These partnerships must be across a wide range to include security professionals, human resources, and the IG (inspector general) system. Bringing those scopes together creates the partnership that we need to mitigate insider threats and collaboration is the golden thread binding these efforts. We cannot be successful without our partnerships in these disciplines. This collaborative work complements the security ecosystem.”
The defense security ecosystem Lochli referenced encompasses the DOD, the defense industrial base, and public-private partnerships that support the federal government. It’s a complex network of interconnected organizations – government and civilian.
“By integrating insider threat analytics with cyber monitoring and enterprise data, we are enhancing our ability to detect, deter and mitigate insider threats,” throughout the security ecosystem, he added.
The DCSA mission to secure the trustworthiness and integrity of the federal workforce and cleared industry includes current and emerging capabilities to reduce threats from classified and unclassified sources that may include scholars, front companies, supply chain, foreign investment, cyber and espionage.
“If we don't start bringing some of these systems and capabilities together, we will not move the needle,” said Lochli. “There's a lot of data and information out there. We have to start finding technical solutions to bring these rich amounts of information together for a clear picture. We need people absolutely, but we need technical solutions, and we must leverage technology to get ahead of the threat. As the assistant director for CI and insider threat, I can see how closely the personnel security, counterintelligence and insider threat relationships work together and how important data sharing protects our nation. We are really invested in making these types of advancements with our policy partners to promote reduction of risk as we leverage the full extent of our capabilities.”
Lochli emphasized a renewed focus on supporting decision makers at the lowest level and the importance of taking timely and appropriate action in all cases.
“I can see DCSA adapting to meet the critical goals that DCSA Director David Cattler laid out for the agency – to be the premier provider of integrated security services, to be fully mission capable, future proofed, and prepared to evolve the defense security landscape.”
To help meet goals, “the Center for Development of Security Excellence (CDSE) provides security training with over 80 studies on counterintelligence and insider threat cases that you can use as training materials for your respective commands or organizations,” Lochli told the audience.
As the DOD security center of excellence for the professionalization of the security community, CDSE provides security education and training for DOD and industry under the National Industrial Security Program (NISP) by developing, delivering and exchanging security knowledge to ensure a high-performing workforce capable of addressing our Nation's security challenges.
CDSE – part of the DCSA Security Training Directorate – collaborates with the agency’s Counterintelligence and Insider Threat Directorate in addition to the Personnel Security, Industrial Security and Field Operations Directorates to ensure that Insider Threat training is current, comprehensive and impactful to include innovative products and services featuring enhanced learning management system technologies.
Insider Threat Awareness courses provide a thorough understanding of how Insider Threat awareness is an essential component of a comprehensive security program. CDSE security training videos are available on a variety of subjects, ranging from behavioral indicators of an active shooter to cybersecurity.
“We are evolving our overall security posture, our vetting, how we vet our trusted workforce, and how we evolve the Insider Threat program as it fits into that larger defense security ecosystem that we're trying to improve,” said Jill Baker, Personnel Vetting and Insider Threat director at the Office of the Under Secretary of Defense for Intelligence and Security, in her opening remarks. “We need to do better across the board and that includes the insider threat level, and how we're getting commanders at all levels involved with their roles, responsibilities and accountability.”
The training begins with the DOD definition of an Insider Threat: “The threat that an insider will use her or his authorized access, wittingly or unwittingly, to do harm to the security of the United States or classified national security information. This can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities.”
James Shappell, DOD Insider Threat Management and Analysis Center (DITMAC) director, moderated the DOD Senior Insider Threat Leader Panel, featuring representatives from the Army, Navy, Marine Corps and Air Force at the conference.
The panel discussed opportunities for up-and-coming insider threat professionals, and opportunities to continue advancing the program in the years ahead. While they acknowledged some continued challenges the programs faced, they all highlighted successes from their programs. The panel was one of many opportunities for conference participants to hear from foremost experts within the field.
“The partnership with the service leaders is critical,” said Shappell, adding that “their participation in this year’s conference shows how committed we are to meeting the challenges of insider threat across the department, together.”