Insider Threat Defense Security Service Wajih Harroum CI Special Agent

Overview What is “Insider Threat?” Why is the Insider Threat significant? How do you recognize the Insider Threat? How can you help defeat the Insider Threat?

Internal and External Threats External (City of Troy) Foreign Intelligence Services (FIS) Cyber Attacks Targeting of Official Travelers Soliciting of Marketing and Services Attempted Acquisition of Controlled Technology Internal (Trojan Horse) Volunteers Sleeper Agents Co-opted Individuals

Insider Threat: A CI Perspective An employee with access to a classified or controlled environment who has the opportunity, capability, and intent to purposefully compromise sensitive information and/or materials for distribution to entities who pose a risk to the security interests of the United States The “insider threat” is the most damaging

Impact on National Security and Industry Loss or compromise of classified, export controlled, or proprietary information Weapons systems cloned, destroyed, or countered Technological superiority at risk Economic loss Loss of life

Spotting and Assessing (See Motivators) Recruitment and Handling Recruitment Process Spotting and Assessing (See Motivators) Development Recruitment and Handling

Insider Threat Motivators Problems at work: A lack of recognition, disagreements with co-workers or managers. Greed or Financial Need: Money can fix anything. Excessive debt or expenses. Ideology/Identification: A desire to help the “underdog” or a particular cause. Divided loyalty: Allegiance to another person or company, or country. Adventure/Thrill: Want to add excitement to their life, James Bond Wannabe. Vulnerability to blackmail: Extra-marital affairs, gambling, fraud, etc. Anger/Revenge: Disgruntlement to the point of wanting to retaliate Ego/Self-image: An “above the rules” attitude. Compulsive and destructive behavior: Drug or alcohol abuse. Family problems: Marital conflicts or separation from loved ones

Potential Espionage Indicators (PEI) Reported/unreported foreign travel and contact with foreign nationals Routine vacations to countries of interest Seeks to gain higher clearance/expand access Engages in classified conversations without a need-to-know Works hours inconsistent with job assignment/insists on working in private Exploitable behavior traits Adultery, drug abuse, alcohol abuse, and gambling activities Repeated security violations Attempts to enter areas not granted access Concern that they are being investigated; leaves traps to detect searches of their work area or home Remotely accessing the network while on vacation or at other odd times.

Espionage Now Trends of Individuals who have committed espionage since 1990: 1/3 of spies are naturalized U.S. citizens More than 1/3 of spies had no security clearance Twice as many spies volunteered as were recruited Most recent spies have been solo actors Nearly 85% passed information before being caught Out of the 11 most recent cases, 90% used computers in their espionage, 2/3 used Internet 80% received no payment for their spying and 95% went to prison

Insider Threat Case Studies Technology Transfer Dongfan Chung Noshir Gowadia Chi Mak

Mak Chi Mak Illegally sent U.S. Navy information to China FBI conducted extensive surveillance operations until Mak’s arrest

Chung Dongfan “Greg” Chung Suspected of providing China with proprietary information U.S. Government agents found Chinese tasking documents in Chung’s home

Gowadia Noshir Gowadia, 61, of Haiku, HI Principle design engineer of B-2 stealth technology Denied TS/SCI access twice Provided China with technology information valued at hundreds of millions of dollars for a sum of $2M

Walker John Anthony Walker, Jr. Navy Chief Warrant Officer and communications specialist Financial issues walked into the Soviet Embassy in Washington, D.C. and sold a Top Secret document (Codes) Recruited family members and a friend into a spy ring

Pollard Jonathan Jay Pollard Navy Intelligence Analyst Volunteered to spy provided Israel with about one million documents

The List is Long… Ana Belén Montes (DIA Senior Analyst) Bradley Edward Manning (Chelsea Elizabeth Manning) Kun Shan Chun (FBI Elect Technician) Edward Joseph Snowden (NSA Intel Analyst) Robert Philip Hanssen FBI Supervisor) Aldrich Hazen Ames (CIA Analyst) Charles H. Eccleston (DOE Analyst) Robert P. Hoffman (Navy Analyst)

Threat Mitigation – Roles and Responsibilities Employees Awareness Detection Reporting Enforcement of best security practices Security Manager/FSO Training/Awareness/Briefings Detection Reaction/Response Reporting Reportable Behavior Adverse Information Suspicious Contact/Activity Security/Counterintelligence Incidents Enforcement of best security practices Personnel Security Physical Security Information Security

Contractor Reporting of PEI NISPOM Guidance: 1-302 a. Adverse Information. Contractors shall report adverse information coming to their attention concerning any of their cleared employees. Reports based on rumor or innuendo should not be made. The subsequent termination of employment of an employee does not obviate the requirement to submit this report. If the individual is employed on a Federal installation, the contractor shall furnish a copy of the report and its final disposition to the commander or head of the installation. Becker vs. Philco and Taglia vs. Philco (389 U.S. 979): The U.S. Court of Appeals for the 4th Circuit decided on February 6, 1967, that a contractor is not liable for defamation of an employee because of reports made to the government under requirements of this manual and its previous versions.

Defense Security Service Questions?