The Department of Homeland Security (DHS) has updated its Insider Threat Program (ITP) to expand the program’s scope to include those with past or current access to DHS facilities, information, equipment, networks, or systems.
“Originally, the ITP focused on the detection, prevention, and mitigation of unauthorized disclosure of classified information by DHS personnel with active security clearances,” the ITP update said. “Unauthorized disclosure of classified information is merely one way in which this threat might manifest.”
The ITP update changes DHS’ definition of “insider” to include those who have ever had physical or digital access to DHS resources.
“As part of this update, information available to the ITP may now come from any DHS component, office, program, record or source, including records from information security, personnel security and systems security for both internal and external security threats,” the ITP said.
In expanding the scope of the ITP, the population covered by the program increases in size, and therefore boosts the risk of over-collection of employee information and data. To mitigate this risk, the DHS Insider Threat Operations Center’s (ITOC) “person-centric tool suite design combined with its unique filtering capabilities allow the ITP to share data with stakeholders with more complex access controls,” the agency said. The ITOC is alerted by automated triggers, workforce reports, and incoming tips and leads to a potential insider threat.