SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2013, Issue No. 65
July 16, 2013

Secrecy News Blog: http://blogs.fas.org/secrecy/

INSIDER THREAT POLICY EQUATES LEAKERS, SPIES, TERRORISTS

A national policy on "insider threats" was developed by the Obama Administration in order to protect against actions by government employees who would harm the security of the nation. But under the rubric of insider threats, the policy subsumes the seemingly disparate acts of spies, terrorists, and those who leak classified information.

The insider threat is defined as "the threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, [or] unauthorized disclosure of national security information," according to the newly disclosed National Insider Threat Policy, issued in November 2012.

One of the implications of aggregating spies, terrorists and leakers in a single category is that the nation's spy-hunters and counterterrorism specialists can now be trained upon those who are suspected of leaking classified information.

The National Insider Threat Policy directs agencies to "leverag[e] counterintelligence (CI), security, information assurance, and other relevant functions and resources to identify and counter the insider threat."

"Agency heads shall ensure personnel assigned to the insider threat program are fully trained in... counterintelligence and security fundamentals...."

Agency heads are directed to grant insider threat program personnel access to "all relevant databases and files" needed to identify, analyze, and resolve insider threat matters.

The National Insider Threat Policy was developed by the Insider Threat Task Force that was established in 2011 by executive order 13587. The Policy document itself was issued by the White House via Presidential Memorandum on November 21, 2012 but it was not publicly released until last week.

The document was disclosed by the National Counterintelligence Executive (NCIX) after it was independently obtained and reported by Jonathan Landay and Marisa Taylor of McClatchy Newspapers. ("Obama's crackdown views leaks as aiding enemies of U.S.," June 20, 2013).

"The National Insider Threat Policy policy is intended to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security," according to NCIX.

Among the activities mandated by the National Insider Threat Policy is the routine monitoring of user activity on classified government computer networks. "This refers to audit data collection strategies for insider threat detection, leveraging hardware and/or software with triggers deployed on classified networks to detect, monitor, and analyze anomalous user behavior for indicators of misuse."

But a different sort of approach to combating leaks -- an approach not represented in the Insider Threat Policy -- would require an ongoing critical examination of the scope and application of official secrecy. This view was articulated by the late Senator Daniel P. Moynihan when he said "If you want a secret respected, see that it's respectable in the first place."

"The best way to ensure that secrecy is respected, and that the most important secrets remain secret," Sen. Moynihan said, "is for secrecy to be returned to its limited but necessary role. Secrets can be protected more effectively if secrecy is reduced overall."


THE DEFENSE PRODUCTION ACT OF 1950, AND MORE FROM CRS

A new report from the Congressional Research Service provides a detailed review of the Defense Production Act of 1950, which "confers upon the President a broad set of authorities to influence domestic industry in the interest of national defense."

"The authorities can be used across the federal government to shape the domestic industrial base so that, when called upon, it is capable of providing essential materials and goods needed for the national defense." But unless extended by Congress, nearly all of these presidential authorities will expire next year.

See The Defense Production Act of 1950: History, Authorities, and Reauthorization, June 14, 2013:

Other new and updated CRS reports that have not been made publicly available by Congress include the following.

Reserve Component Personnel Issues: Questions and Answers, updated July 12, 2013:

The New START Treaty: Central Limits and Key Provisions, updated July 12, 2013:

ESEA Reauthorization Proposals in the 113th Congress: Comparison of Major Features, July 12, 2013:

Broadband Loan and Grant Programs in the USDA's Rural Utilities Service, updated July 12, 2013:

Oman: Reform, Security, and U.S. Policy, July 12, 2013:


LOOSE ENDS

In response to an October 2012 presidential directive on "protecting whistleblowers with access to classified information," the Department of Defense and the Department of Energy have produced their implementing policies. These would generally prohibit retaliation against individuals who make "protected disclosures" of information to an authorized recipient.

The intelligence community may be retreating from its vision of a uniform community-wide information technology architecture, and may permit individual agencies to retain their "native agency system domain," reports Bob Brewin in NextGov. See "Intelligence Community Backs Off Information Sharing," July 15:

The lagging development of the Internet in Africa and its consequences were discussed in "The Emergence of the Internet and Africa" by Les Cottrell, SLAC National Accelerator Laboratory, May 13, 2013:

The transcript of the July 9 public meeting of the Privacy and Civil Liberties Oversight Board is now posted here:

******************************

Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

The Secrecy News blog is at:
      http://blogs.fas.org/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://blogs.fas.org/secrecy/subscribe/

To UNSUBSCRIBE, go to:
      http://blogs.fas.org/secrecy/unsubscribe/

OR email your request to saftergood@fas.org

Secrecy News is archived at:
      http://www.fas.org/sgp/news/secrecy/index.html

SUPPORT the FAS Project on Government Secrecy with a donation here:
      https://members.fas.org/donate/