Donate for the Cryptome archive of files from June 1996 to the present

11 May 2014

Insider Threat Warfare Prospects

This traces the rise of global insider threat warfare prospects generated by unauthorized disclosures. This rise among global governments indicates that unauthorized disclosures, especially online, by insiders and their media outlets, are considered to be espionage and thereby subject to prosecution and punishment as harmful to national security.

In preparation (contributions welcome -- cryptome[at]

Part 1: US Governmental
Part 2: Commercial
Part 3: Academic
Part 4: NGO
Part 5: Social Media
Part 6: Wild Cards
Part 7: Other Governmental

Part 1: US Governmental

The White House
Office of the Press Secretary
For Immediate Release
November 21, 2012

Presidential Memorandum -- National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs


SUBJECT: National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs

This Presidential Memorandum transmits the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Minimum Standards) to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the Nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems.

The Minimum Standards provide departments and agencies with the minimum elements necessary to establish effective insider threat programs. These elements include the capability to gather, integrate, and centrally analyze and respond to key threat-related information; monitor employee use of classified networks; provide the workforce with insider threat awareness training; and protect the civil liberties and privacy of all personnel.

The resulting insider threat capabilities will strengthen the protection of classified information across the executive branch and reinforce our defenses against both adversaries and insiders who misuse their access and endanger our national security.


Insider Threat

An insider threat arises when a person with authorized access to U.S. Government resources, to include personnel, facilities, information, equipment, networks, and systems, uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage. They enable the enemy to plant boots behind our lines and can compromise our nation's most important endeavors.

Over the past century, the most damaging U.S. counterintelligence failures were perpetrated by a trusted insider with ulterior motives. In each case, the compromised individual exhibited the identifiable signs of a traitor – but the signs went unreported for years due to the unwillingness or inability of colleagues to accept the possibility of treason.

Insiders convicted of espionage have, on average, been active for a number of years before being caught. Today more information can be carried out the door on removable media in a matter of minutes than the sum total of what was given to our enemies in hard copy throughout U.S. history. Consequently, the damage caused by malicious insiders will likely continue to increase unless we have effective insider threat detection programs that can proactively identify and mitigate the threats before they fully mature.

Relevant Reports, Briefings & Reading Material:

CERT: Common Sense Guide to the Prevention & Detection of Insider Threat 4th edition

FBI:The Insider Threat: An introduction to detecting and deterring an insider spy

David L. Charney, M.D.: True Psychology of the Insider Spy

Insider Threat Websites


The United States is increasingly the target of foreign-based cyber operations. The United States relies on its cyber infrastructure for everything from communications, to the management of critical infrastructure, to the command and control of our military. This dependence on technology, along with the rapid rate of technological innovation, creates numerous vulnerabilities that our adversaries seek to exploit.

Foreign adversaries can conduct cyber operations to collect intelligence or to disrupt and degrade the effectiveness of the technologies on which we depend. Cyber operations are very attractive to foreign intelligence organizations, non-state actors, criminals, and terrorists because they can be conducted relatively cheaply and easily and offer high returns with a low degree of risk. The risk of exposure is low because cyber operations can be carried out remotely and with a high degree of anonymity. In addition, cyber operations are comparatively inexpensive, and can be conducted rapidly. For all of these reasons, state and non-state actors are increasingly turning to the cyber domain to augment and bolster their respective intelligence activities against the United States in an effort to gain advantage.

Counterintelligence can play a critical role in reversing the benefits that cyber operations afford our adversaries. Insider threat detection programs can increase the likelihood of identifying insider threat activities on our networks. CI collection and analysis increases our understanding of cyber threats and how to defend against them. For these reasons, counterintelligence plays a critical role in enhancing the cybersecurity posture of the United States in an increasingly connected world.

Relevant Reports, Briefings & Reading Material:

Internet Social Networking Risks

Common Sense Guide to the Prevention & Detection of Insider Threat

Best Practices for Keeping Your Home Network Secure

Provides an indispensable series of basic steps every American can take to safeguard their home networks from cyber intrusions

Economic Espionage

America's adversaries throughout history have routinely taken their competitive efforts beyond the battlefield. They frequently avoid using standing armies, shirk traditional spy circles, and go after the heart of what drives American prosperity and fuels American might. Nazi spies during World War II tried to penetrate the secrets behind our aviation technology, just as Soviet spies in the Cold War targeted our nuclear and other military secrets.

Today, foreign intelligence services, criminals, and private sector spies are focused on American industry and the private sector. These adversaries use traditional intelligence tradecraft against vulnerable American companies, and they increasingly view the cyber environment—where nearly all important business and technology information now resides—as a fast, efficient, and safe way to penetrate the foundations of our economy. Their efforts compromise intellectual property, trade secrets, and technological developments that are critical to national security. Espionage against the private sector increases the danger to long-term U.S. prosperity.

Without corrective action that mobilizes the expertise of both the Federal Government and the private sector, the technologies cultivated by American minds and within American universities are at risk of becoming the plunder of competing nations at the expense of long-term U.S. security.

The private sector alone lacks the resources and expertise to thwart foreign efforts to steal critical American know-how. This is in large part because counterintelligence is not a typical corporate function, even for well-trained and well–staffed security professionals.

Counterintelligence is a challenge for corporations for two reasons. Cost is the first reason. CI measures absorb company resources that would otherwise be used for growth. The second CI challenge is tied to the nature of public corporations. American companies are driven into developing markets by shareholders, growth ambitions, and the desire to beat Wall Street's quarterly earnings expectations. The requirement to move quickly and unabashedly leaves American companies vulnerable as they flock into spy-rich developing nations. China and Russia are our most aggressive and capable adversaries using economic espionage.

China and Russia are not the only perpetrators of espionage against sensitive US economic information and technology. Some US allies abuse the access they have been granted to try to clandestinely collect critical information that they can use for their own economic or political advantage.

Relevant Reports, Briefings & Reading Material:

Foreign Spies Stealing US Economic Secrets in Cyberspace, 2011:

Protecting Key Assets: A Corporate Counterintelligence Guide

Supply Chain Threats

The globalization of the world economy has placed critical links in the manufacturing supply chain under the direct control of U.S. adversaries. Existing supply chain vulnerabilities cross both the military and commercial domains.

Fittingly, just as the economies of nations become interwoven, the competition for natural resources, global influence and military superiority has escalated – leaving the probability of a serious supply chain compromise a near statistical certainty.

Today, companies have less control over their supply chains. Identifying compromises when they occur is exceedingly difficult, unearthing the culprits is a long-shot, and true attribution pivots on a scale of the “rare” to the “unheard-of.” As a result, not only do U.S. adversaries use access to the supply chain to pursue technologies and gain access to sensitive systems, foreign manufacturers can also, simply and effectively, insert counterfeit parts into products destined for the United States and degrade the performance of U.S. systems.

This is poised to create many challenges for the U.S. government – especially in the intelligence and defense communities. As more and more links in the supply chain globalize, the reliable suppliers and “trusted” manufacturers will become increasingly scarce.

Insider Threat and Security Clearance, US Interagencies, Goal Leader(s): James Clapper, Director of National Intelligence, Katherine Archuleta, Director of the Office of Personnel Management, Michael Daniel, Senior Advisor to the President and Coordinator for Cybersecurity, 2014:

Insider Threat Industry Day, General Services Administration, May 7, 2014:

National Insider Threat Policy, National Counterintelligence Executive, July 12, 2013:

National Insider Threat Task Force, National Counterintelligence Executive, October, 2011:

The Insider Threat: An introduction to detecting and deterring an insider spy, Federal Bureau of Investigation, 2014:

Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors, US Secret Service, May 2005:

Insider Threat, Department of Homeland Security, 2014:

Monitoring Database Management System (DBMS) Activity for Detecting Data Exfiltration by Insiders, Northrop Grumman Information Systems, 17 September 2013:

Insider Threat Detection Using Lightweight Media Forensics, DHS Cyber Security Division, October 10, 2012:

Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector, Software Engineering Institute, Carnegie Mellon, July 2012:

Insider Threat to Homeland Security, Office of Personnel Management, November 13, 2013:

Insider Threat to Homeland Security, Department of Homeland Security, November 13, 2013:

Insider Threat to Homeland Security, National Counterintellignece Executive, November 13, 2013:

Insider Threat to Homeland Security, Government Accountability Office, November 13, 2013:

Insider Threat Program Support, US Marine Corps, February 12, 2014:

Insider Threat Software, Department of Homeland Security, June 20, 2012:

Treason 101, US Department of Agriculture, 2014:

Combating the Insider Threat, Computer Emergency Readiness Team, May 06, 2014:

Insider Threat program, Department of Energy, December 12, 2013:

A Preliminary Examination of the Insider Threat Programs in the U.S. Private Sector, September 2013:

Digital Communication Analysis for Insider Threat, Combatting Terrorism Technical Support Office, 2014:

Mitigating the Insider Threat (and Other Security Issues), Argonne National Laboratory, May 9, 2011:

IS-915: Protecting Critical Infrastructure Against Insider Threats, Federal Emergency Management Administration, July 10, 2013:

Predictive Modeling for Insider Threat Mitigation, Pacific Northwest National Laboratory, 2014:

Towards Insider Threat Detection using Web Server Logs, US Air Force, April 10, 2009:

More in preparation

Google "Insider Threat"

About 20,400 results

Part 2: Commercial

In preparation

Insider Threat Defense, 2014:

Google "Insider Threat"

About 229,000 results


About 736,000 results

About 330,000 results

About 479,000 results

Part 3: Academic

In preparation

Google "Insider Threat"

About 368,000 results

About 367,000 results

About 269,000 results

About 219,000 results

About 124,000 results

About 79,600 results (Naval Academy)

About 47,500 results (West Point)

About 32,300 results

Part 4: NGO

In preparation

About 33,400 results

Part 5: Social Media

In preparation

Google site: [sm].com "Insider Threat"


About 800,000 results


About 784,000 results


About 602,000 results


About 454,000 results

Part 6: Wild Cards

In preparation



Disclosure sites

Leak sites






Mail lists


Entrapment fakes of the Wild Cards

Part 7: Other Governmental

In preparation

All governments at all levels, individually and collectively

All rebellions and revolutions at all levels, individually and collectively

Entrapment fakes of the Other Governmental.