New INSA White Paper Calls for Greater Information Sharing Between Government and Industry
(Arlington, VA) January 16, 2020 – In order to strengthen Insider Threat training programs and bolster U.S. national security, a new Intelligence and National Security Alliance (INSA) white paper calls for the government to share basic personnel security information with its partners in the cleared contractor community.
Developed by INSA’s Insider Threat Subcommittee, the paper, Legal Hurdles to Insider Threat Information Sharing provides an overview of the issue, including the legal challenges associated with information sharing, and offers recommendations that government can take to help mitigate the threat of the malicious insider while still respecting individuals’ privacy.
INSA released the paper at its 2020 National Security Legal Outlook, a half-day conference that featured a panel discussion on how to improve personnel security information sharing under existing legal frameworks.
Due to current interpretations of the Privacy Act and other legislation, if a government agency detects inappropriate behavior by a contractor working at its facility, most agencies will not tell the employing firm about the risk. The government’s inability to share basic security information with its industry partners transfers risk instead of mitigating potential insider threats.
“Cleared contractors have developed state-of-the-art insider threat detection programs to protect classified and sensitive information, as required by the government, but companies need the government agencies to share information they may have about potential risks,” said Suzanne Wilson Heckenberg, INSA’s president. “If changes to existing statutes are needed to permit the sharing of such information, government and industry should work together to develop a new legal framework that effectively mitigates insider threats.”
The report offers a number of practical recommendations, including modifications to existing legal frameworks, and robust government collaboration with industry partners. In particular, it recommends that government agencies – which differ in their reading of statutory requirements – agree upon a uniform, government-wide interpretation of what information can be shared with industry under the existing legislation.