Privacy Office
Scott%MathewsSenior%Privacy%Analyst%for%Intelligence
PROTECTING EMPLOYEE PRIVACYWHILE DETECTING INSIDER THREATS
Privacy Office
The5ThreatThe%threat%that%an%insider%will%use%his%or%her%authorized%access,%wittingly%or%unwittingly,%to%do%harm%to%the%security%of%the%United%States.%This%threat%can%include%damage%to%the%United%States%through%espionage,%terrorism,%the%unauthorized%disclosure%of%classified%national%security%information,%or%through%the%loss%or%degradation%of%departmental%resources%or%capabilities.
The%President’s%National%Insider%Threat%Policy%and%Minimum%Standards%for%Executive%Branch%Insider%Threat%Programs
2
Privacy Office3
Privacy Office
Presidential5DirectionThis%order%directs%structural%reforms%to%ensure%responsible%sharing%and%safeguarding%of%classified%information%on%computer%networks%that%shall%be%consistent%with%appropriate%protections%for%privacy%and%civil%liberties.%Agencies%bear%the%primary%responsibility%for%meeting%these%twin%goals.
Executive%Order%13,587
4
Privacy Office
Who5is5Looking5for5Threats?!Where%should%the%Insider%Threat%Program%Reside?! Intelligence,%Counterintelligence,%Ethics%Office?
!Who%should%be%looking%for%insider%threats?! Law%enforcement%officers,%intelligence%agents,%inspectors%general?
!What%should%they%be%looking%for?!Workplace%violence,%drug%use,%poor%employee%performance,%corruption,%or%inhospitable%workplaces?
5
Privacy Office
Preparation! Explanatory%email%from%the%highest%level%of%Management.
!Mandatory%annual%training%for%all%employees.
! All%cleared%personnel%sign%agreements%acknowledging%insider%threat%monitoring.
! Approved%banners%stipulating%the%system%is%subject%to%monitoring.
!Oversight%group%approves%or%disapproves%all%policies%and%procedures%before%activation.
6
Privacy Office
Insider5Threat5Oversight5Group! Senior%officials%from%the%Privacy%Office,%the%Office%for%Civil%Rights%and%Civil%Liberties,%and%the%Office%of%the%General%Counsel%make%up%the%ITOG.
! Provides%routine%oversight,%advice,%consultation,%and%assistance%to%the%Senior%Insider%Threat%Official.
! Annually%gives%focused%privacy,%civil%rights/civil%liberties,%and%legal%issues%training%to%all%analysts%responsible%for%insider%threat%monitoring
7
Privacy Office
Recognizing5a5Possible5Threat! Actions,%not%“behaviors”
! Employee%performs%an%action%that%triggers%an%alert%electronically%or%the%action%is%observed%by%another%person.! Electronic%trigger:
! The%employee%performs%one%of%a%number%of%actions%that%have%been%determined%to%be%reasonably%indicative%of%a%potential%threat.%Analysts%are%notified%that%a%trigger%has%been%pulled.
! Personal%observation:! A%supervisor%or%co[worker%witnesses%an%action%or%event%that%appears%to%contradict%established%security%protocols.%The%report%may%come%in%by%phone,%email,%or%a%webpage.
8
Privacy Office
Automated5monitoring! The%Insider%Threat%Operations%Center%proposes%to%the%Oversight%Group%policies%that%will%trigger%notifications%of%possible%insider%threat%events.
! The%Oversight%Group%reviews%the%potential%policy%and%must%agree%unanimously%to%approve%it.
! If%a%trigger%is%pulled%the%analyst%must%first%review%the%recording,%and%only%if%warranted%request%additional%information.
! Analyst%may%then%request%additional%information%from%other%systems%of%record.%
9
Privacy Office
Referrals! Analysts%are%not law%enforcement%officers%or%counterintelligence%agents^
! Senior%Insider%Threat%Official%may%refer%to%DHS%Counterintelligence%Executive^%or,
! Any%other%component%or%law%enforcement%agency%with%appropriate%jurisdiction,%such%as:! Federal%Bureau%of%Investigation,%Office%for%Professional%Responsibility,%Office%of%the%Inspector%General,%Ethics%Office,%Internal%Security%and%Investigations%Division,%Component%Insider%Threat%Official
10
Privacy Office
Other5Uses5for5Monitoring5Tools!May%be%used%to%support%other%departmental%missions! Requests%must%be%in%writing! Requests%must%indicate%which%tools%are%to%be%used! Which%Departmental%mission%is%being%supported! How%the%use%of%the%tools%will%support%that%mission
!Requests%must%be%approved%by%the%Associate%General%Counsel,%the%Chief%Privacy%Officer,%and%the%Officer%for%Civil%Rights%and%Civil%Liberties
! Final%approval%is%up%to%the%Under%Secretary
11
Privacy Office
Privacy5Protections! All%“rules,”%SOPs,%Instructions,%and%Directives%must%be%approved%by%the%oversight%group.
! The%Terms%and%conditions%for%bulk%sharing%must%be%approved%by%the%oversight%group.
! All%analysts%must%complete%privacy%training%on%an%annual%basis! All%employees%must%consent%to%monitoring,%in%writing! Warning%banners%on%logging%in%to%all%systems! No%monitoring%of%whistleblowers! Biweekly%updates%to%the%oversight%group! Detailed%quarterly%reports%to%the%oversight%group.
12
Privacy Office
Regular5Reporting! The%Insider%Threat%Operations%Center%(ITOC)%reports%the%following%each%quarter:! The%types%and%numbers%of%matters%to%which%the%ITOC%has%responded%during%the%previous%quarter^
! The%tools,%techniques,%data,%and%data%sets%used%to%resolve%those%matters^
! Incidents%referred%to%investigative%authorities%(internal%and%external)^
! The%use%of%automated%monitoring%for%(pre[approved)%non[insider%threat%matters^
! Any%other%matters%necessitating%notification%to%Oversight.
13
Privacy Office
Summary! Insider%threat%programs%are%necessary,%now%more%than%ever,%because%we%live%in%a%connected%world.
! The%actions%of%analysts%should%be%restricted.
!Directives,%instructions,%SOPs,%CONOPs%and%other%forms%of%documentation%are%essential.
! Training%and%fair%notice%to%effected%employees.
! Effective%oversight%by%privacy%officers
14
Privacy Office
Questions?
15
Thank5You!
Phone:' 202*343*1784E*mail:' [email protected]:' www.dhs.gov/privacy
Top Related