Incident Response, TDR

New plan to stop leaks: Squeal on your cubicle mate who may or may not be a whistleblower

In November, months before Edward Snowden would become a household name, President Obama issued a memorandum to the heads of federal agencies, spelling out new guidance for deterring the security threat of insiders.

Predictably, the commander-in-chief positioned the memo, which followed his formation of an Insider Threat Task Force a year earlier in the wake of WikiLeaks, as a means by which classified information and national security could be protected.

The memo defines the insider threat as "potential espionage, violent acts against the government or the nation, and unauthorized disclosure of classified information." The announcement drew relatively little news coverage, but it promulgated some basic new requirements:

The Minimum Standards provide departments and agencies with the minimum elements necessary to establish effective insider threat programs. These elements include the capability to gather, integrate, and centrally analyze and respond to key threat-related information; monitor employee use of classified networks; provide the workforce with insider threat awareness training; and protect the civil liberties and privacy of all personnel.

Technology. Education. Privacy protection.

Standing alone, these "minimum standards" sound similar to the protocols that would be listed as part of any robust insider threat program. Still, the guidance was met with a fair amount of skepticism from the civil liberties community, who worried it failed to include any distinctions around whistleblowing.

Now, a new report from McClatchy Newspapers, which examined government documents surrounding the program, has confirmed those apprehensions. The Obama administration's initiative is much more expansive than previously understood.

The documents McClatchy analyzed show that the program encourages employees to be on the constant lookout for suspect behavior exhibited by their colleagues, and it can impose very severe penalties for failing to speak up. In addition, the program is broadly defined, meaning agencies can implement it as they see fit, which could open the door for significant abuse.

[The program] emphasizes leaks of classified material, but catchall definitions of “insider threat” give agencies latitude to pursue and penalize a range of other conduct. Government documents reviewed by McClatchy illustrate how some agencies are using that latitude to pursue unauthorized disclosures of any information, not just classified material. They also show how millions of federal employees and contractors must watch for “high-risk persons or behaviors” among co-workers and could face penalties, including criminal charges, for failing to report them.

Some agencies have taken this "latitude" as justification to equate whistleblowing with malicious behavior as egregious as aiding the enemy, a conflation that could have a chilling effect on a worker who seeks to report, either through the recommended channels or otherwise, unethical or possibly illegal conduct in the workplace.

Leaks to the media are equated with espionage. “Hammer this fact home . . . leaking is tantamount to aiding the enemies of the United States,” says a June 1, 2012, Defense Department strategy for the program that was obtained by McClatchy

Not only could the program significantly discourage whistleblowing, but because it relies on employees to profile, be inherently skeptical of one another and possibly file dubious claims, camaraderie and morale undoubtedly will suffer.

The program could make it easier for the government to stifle the flow of unclassified and potentially vital information to the public, while creating toxic work environments poisoned by unfounded suspicions and spurious investigations of loyal Americans, according to these current and former officials and experts. Some non-intelligence agencies already are urging employees to watch their co-workers for “indicators” that include stress, divorce and financial problems...An online tutorial titled “Treason 101” teaches Department of Agriculture and National Oceanic and Atmospheric Administration employees to recognize the psychological profile of spies.

And once you've been fingered as a violator, you might be out the door.

The Defense Department anti-leak strategy obtained by McClatchy spells out a zero-tolerance policy. Security managers, it says, “must” reprimand or revoke the security clearances – a career-killing penalty – of workers who commit a single severe infraction or multiple lesser breaches “as an unavoidable negative personnel action.” Employees must turn themselves and others in for failing to report breaches.

Information exposed by Edward Snowden and, before him, Bradley Manning underscore the need for organizations to further bolster their insider threat strategies. They must be built with the understanding that the portrait of the malicious insider has changed. He or she may not necessarily be someone operating out of their own self-interest – like a worker wanting to steal a customer list so they can start a competing company or a disgruntled employee wishing revenge on a superior – but may actually be a "conscientious objector," someone who is motivated by their morals and ethics and the betterment of others.

The Obama program reportedly offers "greater protection for whistleblowers who use the proper internal channels to report official waste, fraud and abuse," but would you feel comfortable signaling wrongdoing in an environment where snitching on a co-worker is considered good form? Nobody wants to work in a climate of paranoia, distrust, intimidation and fear. And that's why this initiative seems to be less about collaring the true malcontents and more about going after the men and women who potentially could embarrass the government. Remember, President Obama's administration has prosecuted more government officials for releasing secret material than all other administrations combined.

Then again, if you're as slick as Snowden, who reportedly joined Booz Allen Hamilton for the sole purpose of exposing surveillance documents – something security expert Jeffrey Carr on Tuesday called the "targeted insider threat" – nothing may be good enough to prevent it. Carr suggests implementing better "background investigations and post-hire monitoring for network access anomalies" to combat this prospect.

Sounds more effective than turning Jane from Accounting into a clinical psychologist.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.