Insider Threat defense starts with awareness

  • Published
  • By OSI Public Affairs

Any person with past or present authorized access to personnel, facilities, information, equipment, networks, or systems, is an insider.

Each September the Office of Special Investigations (OSI), the National Counterintelligence and Security Center, the National Insider Threat Task Force, and other partners across the federal government, participate in National Insider Threat Awareness Month.

An Aug. 3, 2022, Memorandum from the Under Secretary of Defense, Ronald S. Moultrie, read in part:

“Throughout the month of September, the Department of Defense (DoD) will conduct a series of events for the fourth annual National Insider Threat Awareness Month, which emphasizes the importance of protecting our most valuable asset - our people - from insider risks.”

“Our trusted workforce faces an increasingly challenging threat environment, exacerbated by the effects of the global pandemic and sophisticated adversary efforts to exploit vulnerable personnel. Maintaining effective insider threat programs, coupled with appropriate training, awareness, and resilience, are vital to supporting and empowering our workforce and reducing vulnerabilities.”

“This year’s DoD theme is: Critical Thinking for Digital Spaces. Increasing the workforce' s awareness of manipulated information and attempts at online social engineering is critical to ensuring our trusted workforce remains resilient and vigilant against these threats. It is increasingly imperative that we arm our trusted insiders with the skills to counter increasingly sophisticated attempts to exploit our personnel, information, and resources.”

Technological capabilities often aid us in combatting the insider threat, but human error, process inefficiencies, and the ever-evolving threat landscape all contribute to vulnerabilities and risks posed by insiders.     

There is no environment immune from the threat posed by trusted insiders. Events demonstrate the need for coordinated Department of the Air Force (DAF) Counter Insider Threat efforts, as bad actors have had catastrophic effects on U.S. national security, the DoD, and the DAF.

OSI is responsible for pursuing threats to the DAF from the outside, but as insider threat practitioners, OSI is also on the lookout for threats from within the force.

Within OSI, concerns about insider threat activity should be reported to its Insider Threat representatives or to the Insider Threat Branch, to the anonymous website Tip Line:

“When observable concerning behaviors are brought to the attention of an organization or insider threat team, appropriate actions can be taken to assist the individuals at risk, with positive outcomes for all,” said Special Agent Marta Sivert, Chief, Insider Threat Branch, OSI Center. “In isolation, indicators of an insider threat may not seem very serious until the dots are connected to form a completed picture. But we have to collect the dots in order to connect them. Your report can save lives and protect national security.”

All Airmen and Guardians have the ability to deter, detect, and mitigate insider threats. Most insider threats can be spotted through deliberate identification of behaviors, which often elicit concerns in family members, friends, neighbors, and coworkers.

These behaviors may be recognized by those around the threat, before the threat engages in negative events. When an individual identifies a concerning behavior, it is imperative that information is shared with personnel or organizations who have the capacity or authority to act.

OSI, in partnership with the Department of the Air Force Counter Insider Threat Hub, helps the Department of the Air Force get ahead of insider threats and assist insiders before they engage in a negative event. 

Links to OSI’s anonymous website Tip Line are on the OSI social media platforms:

Be aware. Be alert. Be vigilant.