Market Update: Insider Threat
At Marion Square, our Market Research Analysts are continually following current and upcoming federal spending trends. Cybersecurity is always on our watchlist due to the critical need and continual update and modernization requirements. Insider threat is one we have seen recently pick up again (in recent years, the Government has been spending mostly O&M dollars on Insider Threat).
Background
While executive over 13587 ‘Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information’ required all Federal agencies to implement an Insider Threat Program (ITP), the insider risk landscape is continually changing, and these ITPs need to be continually reviewed and updated.
Executive Order 13587 – Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information created the push and initial guidance and requirements for Federal Agencies to create and implement an Insider Threat Program.
Responsibilities of Agencies as designated by the Executive Order
Designate a senior official to be charged with overseeing classified information sharing and safeguarding efforts for the agency
Implement an insider threat detection and prevention program consistent with guidance and standards developed by the Insider Threat Task Force
Perform self-assessments of compliance with policies and standards
Provide information and access to enable independent assessments by the Executive Agent for Safeguarding Classified Information on Computer Networks and the Insider Threat Task Force of compliance with relevant established policies and standards
Detail or assign staff as appropriate and necessary to the Classified Information Sharing and Safeguarding Office and the Insider Threat Task Force on an ongoing basis.
The Office of the Director of National Intelligence (DNI)
National Insider Risk Policy outlines the minimum standards for Executive Branch Insider Threat Programs.
National Insider Threat Task Force (NITTF) (Under the DNI)
In October 2011, the president issued Executive Order (E.O.) 13587 establishing the [National] Insider Threat Task Force (NITTF) under joint leadership of the Attorney General and the Director of National Intelligence. The president directed federal departments and agencies with access to classified information to establish insider threat detection and prevention programs, and the NITTF to assist agencies in developing and implementing these programs. In November 2012, following an extensive interagency coordination and vetting process, the president issued the National Insider Threat Policy and the Minimum Standards (PDF) via a Presidential Memorandum.
The National Insider Threat Task Force (NITTF) co-chaired by the U.S. Attorney General and Director of National Intelligence oversee the Government’s Insider Risk Program by providing guidelines and resources for agencies to implement and maintain their Insider Threat Programs.
In November 2012, following an extensive interagency coordination and vetting process, the President issued the National Insider Threat Policy and the Minimum Standards for Executive Branch Insider Threat Programs via a Presidential Memorandum.
Key Players
Last 3 Years - Includes technologies, resellers and system integrators
Spend by Agency
Last 3 Years – Agencies to watch:
Missile Defense Agency
Department of State
Department of Homeland Security
Example Insider Threat Program Offices
Department of Homeland Security (DHS):
The ITP detects, prevents, and mitigates threats posed to the Department by individuals who have or had authorized access to DHS facilities, information, equipment, networks, or systems while protecting their privacy, civil rights, and civil liberties.
Department of Defense (DoD) Insider Threat Management & Analysis Center (DITMAC):
The DITMAC was established by the Under Secretary of Defense for Intelligence to consolidate and analyze insider threat information reported by DoD Component insider threat programs. The DoD maintains this system of records to assist with managing DoD Component insider threat programs and the DITMAC in accordance with Executive Order (E.O.) 13587 and Section 951 of the National Defense Authorization Act for Fiscal Year 2017 (NDAA for FY17).
Department of Justice (DOJ):
DOJ’s Insider Threat Prevention and Detection (ITPD) Services provide the foundation for analytical and investigative capabilities to operationalize an insider threat program.
These Program Offices and Insider Threat Programs are typically managed by a System Integrator, examples include:
Booz Allen Hamilton
Accenture Federal Services, LLC
Guidepoint Security, LLC
Final Thoughts
There are several factors that go into the comeback of new spend on Insider Threat such as technology modernization, Zero Trust implementation, the increase of work-from-home employees, etc. If you are interested in learning more about if your technology could take advantage of the upcoming Insider Threat funding and the Government’s cybersecurity initiatives, please send us an email at info@marion-square.com.