The Department of Justice has released findings of an audit into the FBI’s effort to stop insider leaks.
Yet those findings have been deemed too secret to reveal to the public. Instead, the Justice Department’s Inspector General has only released its recommendations for the FBI’s insider threat program, established by an President Obama executive order as the National Insider Threat Task Force, or NITTF. Thus there are no figures, for example, on how many insider threats were detected or stopped.
The audit, based on interviews with FBI officials in multiple arms of the agency, including the Insider Threat Center and the Counterintelligence Division, offered only eight recommendations. Nonetheless, some of them are revealing. For example, the first recommendation is for the FBI to track and annually report performance metrics on how its tackling insider threats.
Other recommendations include:
- Handle tips on insider threats systematically, “including making sure that leads go to the appropriate points of contact at each internal FBI component.”
- Devise technology to mitigate the need for stand-alone systems.
- Conduct a comprehensive inventory of classified IT assets.
- Ensure user activity monitoring on classified systems, and maintain a list of what systems have that monitoring.
- Review and update as needed the Insider Threat Risk Board (ITRB) charter.
- Assess whether “pre-employment psychological evaluations or an expansion of psychological evaluations for current employees should be implemented to improve its insider threat prevention efforts.”
- Ensure that the IG is notified of all insider threat investigations in a timely manner.