OPINION

4 steps contractors should take now to prepare for new security requirements

In October 2011, President Obama signed Executive Order 13587, “Structural Reforms to Improve the Security of Classified Network and the Responsible Sharing and Safeguarding of Classified Information.” The order established the Senior Information Sharing and Safeguarding Committee to develop and implement government-wide policies and minimum standards. It also created the National Insider Threat Task Force to develop a government-wide program for deterring, detecting and mitigating insider threats.

MORE CHANGE ON THE HORIZON

The National Industrial Security Program Operating Manual, known as the NISPOM, is the bible for any defense contractor supporting classified government programs. The Defense Security Service is responsible for administering the NISPOM to protect U.S. and foreign classified information and technologies held by cleared defense contractors. The NISPOM was last updated in 2013 with Conforming Change 1.

Now there is a new version on the way. Conforming Change 2, slated to be released later this year, will include updated mandates related to insider threat. But instead of waiting for these updates, facility security officers can take a number of steps now to address insider threat and stay ahead of the coming modifications.

STEP ONE: DESIGNATE AN INSIDER THREAT PROGRAM MANAGER

This is probably the most important component that every security officer should ensure is in place. The insider threat program manager should be a U.S. citizen with the right clearance levels, and have a broad mandate to organize and design a program that covers the minimum standards contained in EO 13587. The program manager should be a senior official who will serve as the company point of contact. For smaller operations, the FSO may well serve as the insider threat program manager; in others, the roles will be separate.

STEP TWO: BE READY TO PROVIDE HR AND NETWORK DATA RECORDS

Facility security officers should be prepared to provide authorities with personnel files, security files, polygraph examinations and disciplinary files upon request. The National Insider Threat Policy and Minimum Standards, issued via presidential memorandum for executive branch insider threat programs, calls for agencies to “build and maintain an insider threat analytic response capability to manually and/or electronically gather, integrate, review, assess, and respond to information derived from CI, IA, security/law enforcement, [human resources], and other sources.” Follow this link for more information on the insider threat policy

STEP THREE: TRAIN EMPLOYEES ON INSIDER THREATS IN THEIR FIRST 30 DAYS

Training is a key component of the insider threat program. Components of the training program should include:

  • The importance of detecting potential insider threats by cleared employees (i.e., people who have been granted access to classified information) and reporting suspected activity to insider threat personnel or other designated officials
  • Methodologies of adversaries to recruit trusted insiders and collect classified information
  • Indicators of insider threat behavior and procedures to report such behavior
  • Counterintelligence and security reporting requirements, as applicable

STEP FOUR: MONITOR USER ACTIVITY ON CLASSIFIED NETWORKS

User activity monitoring should operate, using required tools and capabilities, in compliance with the cleared defense contractor’s Cognizant Security Agency, which sets how contractors access classified information. According to the policy, the insider threat program should be able to “monitor user activity on all classified networks in order to detect activity indicative of insider threat behavior.” Follow this link for more information on the policyOrganizations should review their acceptable use policies and ensure that network login banners (which notify users that they are being monitored) have been reviewed and implemented.

GETTING READY NOW WILL PAY OFF LATER

What’s in store for cleared defense contractors regarding the changes in NISPOM will become clear soon. Although there is consensus on the general structure of the changes, it’s possible there will be some surprises. But, regardless of what these changes entail, one thing is clear: Forward-thinking FSOs who put the points we’ve outlined into effect will be ahead of the game.

About the Author

Dan Velez, CISSP, is the director of insider threat operations at Forcepoint,and is responsible for the delivery and support of insider threat monitoring, investigation solutions and related services.

Reader Comments

Sun, Sep 20, 2015 Eugene V Del Gaizo SFPC ,Goodrich ISR SYS Westford, MA

You comments are helpful in preparation of the upcoming change 2 to the NISPOM. Is there any new word on when this is expected out? Thank You

Mon, May 11, 2015

Provide authorities with polygraph information? Should they not already have that information - and when did the Government start providing polygraph info to contractors?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

 Top 100 Promo 2016
contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.