A major element of the Defense Department’s new program to better detect insider threats will be up and running by next month, at least on an initial operating capability basis, a top Pentagon security official said last week.
The DoD Insider Threat Management Analysis Center (DITMAC) will be in charge of collecting and coordinating potentially “adverse” information about Defense employees and other people with access to DoD facilities including automated criminal records checks, tracking cases of possible insider threats and helping to decide whether intervention of some kind is warranted.
“It really is intended to be the central hub for the department’s insider threat programs,” said Carrie Wibben, the director for security and policy oversight within the office of the undersecretary of Defense for intelligence. “They are focused on establishing a lot of the enterprise capabilities — the things that we don’t want all 43 of our components doing on their own or duplicating. That means behavioral analysis, predictive analytics, risk rating tools and insider threat systems for centralized reporting.”
After the DITMAC is up and running and serving as a central information clearinghouse, DoD plans to shift its focus to helping the military departments and combatant commands establish their own “hubs” that will feed information of potential concern into the DITMAC.
The establishment of the center was one of the key recommendations a DoD internal review team made following the 2013 Washington Navy Yard shootings, whose two-year anniversary is on Wednesday.
The report noted that there were ample warning signs regarding the shooter, Aaron Alexis, including criminal activity and mental health problems, but that even if his contract employer had decided to report what it knew about his history, DoD had no reliable mechanism to analyze and act on the information.
“The Joint Personnel Adjudication System is the DoD system of record for personnel security clearance adjudication and management, not a mechanism designed to seek help from mental health professionals,” the authors wrote. “Consequently, even if The Experts had reported the incidents in JPAS, it is unknown whether such reporting might have provided an opportunity for intervention measures to prevent the shooting. … Information that could identify DoD personnel who are insider threats is available from numerous sources (e.g., personnel security, physical security, information assurance, counterintelligence, human resources, and law enforcement), to include mental health evaluations, but is not centralized or integrated.”
Although DoD is bringing the DITMAC online sooner than initially expected — earlier plans called for initial operating capability in the Summer of 2016 — Wibben said the department still is not where it needs to be in terms of detecting and acting on potential insider threats.
“We have a lot of initiatives underway, but we’re behind the power curve. The bottom line is that these were all unfunded mandates, albeit very necessary ones,” she said.
And the center itself is not envisioned as the be-and-end-all for DoD insider threat detection — it’s job is mainly to receive, scrutinize and prioritize information. Actual programs for detecting and acting on threats will vary widely among the defense components, Wibben said.
“The government’s a really big place, and depending on the mission set and the level of access, the way we protect against those risks is going to be different. Even within DoD, the program we stand up for the Defense Intelligence Agency or the Army or Navy is probably going to look different than the Defense Commissary Agency’s insider threat program.”