Marines and police officers with Security Battalion conduct their final active shooter training for 2013 at combat town aboard Marine Corps Base Quantico, Va., in November. The Marine Corps is expanding the scope of its insider threats program, which deals with both violent threats on military installations and insider leaks of classified information. (Lance Cpl. Cuong Le/Marine Corps)
Marine officials are working to add more muscle to the Corps’ Insider Threat Program, launched last year at the direction of President Obama to prevent insider leaks of classified military information and potentially violent incidents.
Navy Secretary Ray Mabus released SECNAV Instruction 5510.37 in August after two high profile data spillages, Army Pfc. Bradley Manning’s massive transfer of classified data to Wikileaks in 2010 and National Security Administration contractor Edward Snowden’s leak of intelligence information to media outlets last May.
The program also aims to prevent violent acts on military installations, such as the 2009 mass shooting in which Army Maj. Nidal Hassan killed 13 on Fort Hood, Texas, and the mass shootings at the Washington Navy Yard in September 2013, when Aaron Alexis, a civilian subcontractor, fatally shot 12 people and injured three more.
Program directors are looking to conduct market research to acquire technical, cyber and security support tools to strengthen the program, according to notices posted at the General Services Administration’s contracting website. The aim is to thwart those with malicious intent with better system monitoring and safeguards and to make sure the good guys follow security rules, said Dr. Ray Letteer, chief of the cyber security division for Command, Control, Communications and Computers (C4) at Headquarters Marine Corps.
Researchers will look, for example, at the enhanced use of “two-person integrity” — which means two authorized personnel would be required to perform certain actions — and at better monitoring of each individual’s use of systems and networks.
The goal, Letteer said, is to give the Corps the ability to audit its systems and networks to the granularity of one, in other words, to be able to isolate what a single user did and when. Other possible projects involve digital rights protection: the ability to track a document and ensure that a user can only send it to those authorized to receive it.
The privacy of users in the system remains a priority, he said.
Security training to eliminate data spillage and threats remains a challenge, Letteer said. For example, Manning, who is serving 35 years for leaking classified documents, was allowed to insert a CD-RW into his work computer, even though that is strictly against protocol.
Part of good training is ensuring that military units understand the consequences of bending security rules, Letteer said.
A decade at war has resulted in some security standards to become lax as the needs of those downrange took priority.
“Mission requirements change a little bit,” Letteer said. “The push to make info available to the warfighter went from a ‘need to know’ to a ‘need to share’ principle. We’re looking at how can we go back to ‘need to know’ a bit more.”
There are certain parameters for effective training, he said: it can’t be too time-consuming or demanding, or it won’t get done. And some approaches just don’t work.
“We found by statistics that awareness, just putting up a poster, doesn’t seem to work,” Letteer said.
Pre-empting violent threats, such as on-base shootings, also presents its own difficulties. Strong inter-office and interagency communication, Letteer said, can sometimes be the most effective prevention.
“As we look back at the Navy Yard shooter, there was nothing at work that necessarily gave anyone an indication that there was a problem,” he said. “What failed was the ability to get information from other police departments that would have been of interest to people holding a clearance.”
That kind of human security requires a balance, he said. Officials want to avoid “Chicken Little” responses to every potential concern, but teach personnel to address warning signs with an appropriate response.
“You do become your brother’s keeper in some cases,” Letteer said. “I think that’s what sometimes we don’t pay attention to, we don’t want to presume and we don’t want to intrude.”