Threat Management

Commerce deep sixes investigative unit

U.S. Secretary of Commerce Gina Raimondo testifies during a hearing before the Subcommittee on Commerce, Justice, Science, and Related Agencies of Senate Appropriations Committee. The United States is pairing up with six other countries to develop privacy and cybersecurity standards for the data that cross over into each other’s borders. (Photo by...

The Department of Commerce announced it will shutter its Investigations and Threat Management Service unit and move some of its functions to its IT security division after a damaging inspector general report concluded the office had abused and overstepped its authorities in numerous ways.

The move comes the same day the Investigations and Threat Management Service, which tracked online Census disinformation and conducted insider threat investigations, was hammered in a watchdog report for abusing and overstepping its authorities.

The ITMS was formed in 2006 to investigate, analyze and prevent a variety of threats that impact Commerce and engaged in a variety of activities including law enforcement and administrative investigations around security, insider threat detection, threats to the Secretary of Commerce and counterintelligence matters.

The inspector general report, submitted to the Department in March but released publicly today, found that the ITMS simply did not have the powers or authorities to justify large chunks or their core work.

“The department’s law enforcement and intelligence authorities do not include the full scope of the criminal law enforcement and counterintelligence authority that ITMS claimed to exercise,” the inspector general report concluded.

Many of the core findings track with results of a Senate investigation in in July that found that for at least 16 years ITMS operated as an “investigative police force by relying on delegations of law enforcement authority from other federal agencies” but that “none of those delegations supply the requisite authorization for ITMS to conduct criminal or counterintelligence investigations.”

ITMS also “appears to have opened cases on a variety of employees for the purpose of exaggerating the unit’s ability to uncover security risks within the civil service” while broadly targeting offices with proportions of Asian Americans, the Senate report said, something ostensibly done under the guise of cracking down on government espionage from employees those with Chinese ancestry.

“Many department employees have expressed concerns about whether they were the subject of an ITMS investigation. Addressing these concerns is important,” the inspector general wrote.

The report and subsequent investigation stems from allegations by Commerce employees in 2019 that the unit was abusing its law enforcement authorities and targeting employees for investigations who had already undergone lengthy background investigations for insider threat

In a statement, Sen. Roger Wicker, R-Miss., who oversaw much of the Senate Commerce Committee’s investigative work on ITMS as chair when Republicans held the majority, applauded the move and indicated that despite the planned closure, investigation into the office’s misconduct will continue.

“I am encouraged by the actions taken by Secretary Raimondo to correct the egregious misconduct within the Commerce Department,” said Wicker. “I will complete a thorough review of the Secretary’s report and consider additional oversight to ensure compliance with these corrective actions. We will continue to investigate why the department’s inspector general previously failed to address the allegations of abuse of power, ethnic targeting, and reprisal by ITMS staff.”

According to the inspector general, members of the unit made arrests, carried firearms and conducted interrogations despite having no clearly defined powers to do so or internal guidelines in place. They also lacked any guidelines around what if anything they could do to protect the department against cyber-related threats.

Commerce had already suspended the unit’s law enforcement investigative work earlier this year, but the inspector general’s office said that it and the counterintelligence missions should permanently stripped and ITMS dissolved.

Their work on insider threat detection, administrative security investigations and protecting the secretary of Commerce, however, rest of “firmer legal ground” and should be continued by other existing offices. Administrative investigations into inappropriate handling of classified material, for example, could be shifted to the department’s Information Security Division, which is already responsible for protecting digital classified data.

The department will have 90 days to close ITMS and disperse its work among other component agencies and offices.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.