Privacy Office

Scott%MathewsSenior%Privacy%Analyst%for%Intelligence

PROTECTING EMPLOYEE PRIVACYWHILE DETECTING INSIDER THREATS

Privacy Office

The5ThreatThe%threat%that%an%insider%will%use%his%or%her%authorized%access,%wittingly%or%unwittingly,%to%do%harm%to%the%security%of%the%United%States.%This%threat%can%include%damage%to%the%United%States%through%espionage,%terrorism,%the%unauthorized%disclosure%of%classified%national%security%information,%or%through%the%loss%or%degradation%of%departmental%resources%or%capabilities.

The%President’s%National%Insider%Threat%Policy%and%Minimum%Standards%for%Executive%Branch%Insider%Threat%Programs

2

Privacy Office3

Privacy Office

Presidential5DirectionThis%order%directs%structural%reforms%to%ensure%responsible%sharing%and%safeguarding%of%classified%information%on%computer%networks%that%shall%be%consistent%with%appropriate%protections%for%privacy%and%civil%liberties.%Agencies%bear%the%primary%responsibility%for%meeting%these%twin%goals.

Executive%Order%13,587

4

Privacy Office

Who5is5Looking5for5Threats?!Where%should%the%Insider%Threat%Program%Reside?! Intelligence,%Counterintelligence,%Ethics%Office?

!Who%should%be%looking%for%insider%threats?! Law%enforcement%officers,%intelligence%agents,%inspectors%general?

!What%should%they%be%looking%for?!Workplace%violence,%drug%use,%poor%employee%performance,%corruption,%or%inhospitable%workplaces?

5

Privacy Office

Preparation! Explanatory%email%from%the%highest%level%of%Management.

!Mandatory%annual%training%for%all%employees.

! All%cleared%personnel%sign%agreements%acknowledging%insider%threat%monitoring.

! Approved%banners%stipulating%the%system%is%subject%to%monitoring.

!Oversight%group%approves%or%disapproves%all%policies%and%procedures%before%activation.

6

Privacy Office

Insider5Threat5Oversight5Group! Senior%officials%from%the%Privacy%Office,%the%Office%for%Civil%Rights%and%Civil%Liberties,%and%the%Office%of%the%General%Counsel%make%up%the%ITOG.

! Provides%routine%oversight,%advice,%consultation,%and%assistance%to%the%Senior%Insider%Threat%Official.

! Annually%gives%focused%privacy,%civil%rights/civil%liberties,%and%legal%issues%training%to%all%analysts%responsible%for%insider%threat%monitoring

7

Privacy Office

Recognizing5a5Possible5Threat! Actions,%not%“behaviors”

! Employee%performs%an%action%that%triggers%an%alert%electronically%or%the%action%is%observed%by%another%person.! Electronic%trigger:

! The%employee%performs%one%of%a%number%of%actions%that%have%been%determined%to%be%reasonably%indicative%of%a%potential%threat.%Analysts%are%notified%that%a%trigger%has%been%pulled.

! Personal%observation:! A%supervisor%or%co[worker%witnesses%an%action%or%event%that%appears%to%contradict%established%security%protocols.%The%report%may%come%in%by%phone,%email,%or%a%webpage.

8

Privacy Office

Automated5monitoring! The%Insider%Threat%Operations%Center%proposes%to%the%Oversight%Group%policies%that%will%trigger%notifications%of%possible%insider%threat%events.

! The%Oversight%Group%reviews%the%potential%policy%and%must%agree%unanimously%to%approve%it.

! If%a%trigger%is%pulled%the%analyst%must%first%review%the%recording,%and%only%if%warranted%request%additional%information.

! Analyst%may%then%request%additional%information%from%other%systems%of%record.%

9

Privacy Office

Referrals! Analysts%are%not law%enforcement%officers%or%counterintelligence%agents^

! Senior%Insider%Threat%Official%may%refer%to%DHS%Counterintelligence%Executive^%or,

! Any%other%component%or%law%enforcement%agency%with%appropriate%jurisdiction,%such%as:! Federal%Bureau%of%Investigation,%Office%for%Professional%Responsibility,%Office%of%the%Inspector%General,%Ethics%Office,%Internal%Security%and%Investigations%Division,%Component%Insider%Threat%Official

10

Privacy Office

Other5Uses5for5Monitoring5Tools!May%be%used%to%support%other%departmental%missions! Requests%must%be%in%writing! Requests%must%indicate%which%tools%are%to%be%used! Which%Departmental%mission%is%being%supported! How%the%use%of%the%tools%will%support%that%mission

!Requests%must%be%approved%by%the%Associate%General%Counsel,%the%Chief%Privacy%Officer,%and%the%Officer%for%Civil%Rights%and%Civil%Liberties

! Final%approval%is%up%to%the%Under%Secretary

11

Privacy Office

Privacy5Protections! All%“rules,”%SOPs,%Instructions,%and%Directives%must%be%approved%by%the%oversight%group.

! The%Terms%and%conditions%for%bulk%sharing%must%be%approved%by%the%oversight%group.

! All%analysts%must%complete%privacy%training%on%an%annual%basis! All%employees%must%consent%to%monitoring,%in%writing! Warning%banners%on%logging%in%to%all%systems! No%monitoring%of%whistleblowers! Biweekly%updates%to%the%oversight%group! Detailed%quarterly%reports%to%the%oversight%group.

12

Privacy Office

Regular5Reporting! The%Insider%Threat%Operations%Center%(ITOC)%reports%the%following%each%quarter:! The%types%and%numbers%of%matters%to%which%the%ITOC%has%responded%during%the%previous%quarter^

! The%tools,%techniques,%data,%and%data%sets%used%to%resolve%those%matters^

! Incidents%referred%to%investigative%authorities%(internal%and%external)^

! The%use%of%automated%monitoring%for%(pre[approved)%non[insider%threat%matters^

! Any%other%matters%necessitating%notification%to%Oversight.

13

Privacy Office

Summary! Insider%threat%programs%are%necessary,%now%more%than%ever,%because%we%live%in%a%connected%world.

! The%actions%of%analysts%should%be%restricted.

!Directives,%instructions,%SOPs,%CONOPs%and%other%forms%of%documentation%are%essential.

! Training%and%fair%notice%to%effected%employees.

! Effective%oversight%by%privacy%officers

14

Privacy Office

Questions?

15

Thank5You!

Phone:' 202*343*1784E*mail:' scott.mathews@hq.dhs.govWeb:' www.dhs.gov/privacy