Arlington, VA (October 6, 2021)—The Intelligence and National Security Alliance (INSA) today released a white paper, The Need for Transparency on Insider Threats: Improving Information Sharing Between Government and Industry, that identifies key policy and statutory changes needed to improve insider threat information sharing between government and the cleared contractor community.
Developed by INSA's Insider Threat Subcommittee, the paper notes that government and cleared industry are partners in ensuring the protection of the national security workforce. However, in order for cleared contractors to fully meet their security obligations and effectively implement mandatory insider threat training programs, they need all pertinent information the government may have regarding risks presented by their employees. Yet the government - often relying on misinterpretations of privacy laws and policy guidelines - generally fails to share such data.
“Many individual contractors work full-time at government facilities, so only government agencies have the opportunity to identify suspicious or malicious behavior,” said Larry Hanauer, INSA’s Vice President for Policy. “Contracting firms cannot assess whether their on-site employees pose a security risk unless the government shares what it has observed.”
This paper provides background on the issue and offers explanations for why information sharing has been restricted by the U.S. Government, from fear of violating the Privacy Act of 1974 to the potential that litigation could expose USG secrets through the discovery process. The paper closes by offering four policy and legislative recommendations that would lead to more effective monitoring of potential insider threats.
Key recommendations include:
- Clarify what information can be shared under the law with an OMB/ODNI-led working group developing a government-wide interpretation of what information can be shared with industry under the Privacy Act.
- Pass Section 502 of the Senate’s FY22 Intelligence Authorization Bill, which requires agencies to share security-relevant information on contractor employees with their companies.
- Issue government-wide information-sharing policy guidance directing maximum transparency on potential insider threats.