Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Report: Pentagon must focus on insider threat
Wednesday - 3/19/2014, 8:24am EDT
LOLITA C. BALDOR
WASHINGTON (AP) -- Threats to Defense Department personnel and facilities increasingly are coming from trusted insiders, and to defeat them the Pentagon must beef up security from within, according to several reviews triggered by last year's Washington Navy Yard killings.
The reviews say the shooting by a Navy contractor could have been prevented if the company that employed Aaron Alexis told the Navy about problems it was having with him in the months before he gunned down 12 civilian workers.
An independent study and an internal review ordered after the September 2013 massacre and released Tuesday said the Pentagon must expand its focus beyond defending against external threats. More attention must be paid, they concluded, to defending against threats from inside the workforce.
"For decades, the department has approached security from a perimeter perspective," said Paul Stockton, former Pentagon assistant secretary for homeland defense and one of the authors of the independent review. "That approach is outmoded, it's broken, and the department needs to replace it."
According to the Navy probe, the Fort Lauderdale, Fla.-based company, The Experts, pulled Alexis' access to classified material because of concerns he was having mental health problems. It then restored his access two days later and never told the Navy about it. The Associated Press reported those findings late last year.
Alexis, a former Navy reservist, was shot to death during the incident.
The broader department reviews reached similar conclusions. They said the department should cut the number of workers who hold security clearances, conduct better and routinely updated background checks, and establish a system to evaluate and handle employees who are potential threats.
Preventing violence in the workplace must start "long before someone enters an installation with a weapon," the internal review said.
The Navy investigation's most damning charges were against Alexis' employers.
The report written by Navy Adm. John Richardson said Alexis's behavior raised concerns among his supervisors and others and indicated he may harm others. Had such information been reported to the government and acted upon, it stated, Alexis' authorization to secure facilities would have been revoked.
Alexis' company temporarily withdrew his access to classified information after a series of bizarre complaints and police incidents last August during a business trip to Newport, R.I. Alexis complained that people were following him, making noise and using a microwave machine to "send vibrations through the ceiling" in his hotel room.
The report said The Experts' human resources manager called Alexis' mother, who said her son "has been paranoid and this was not the first episode he had experienced."
Alexis was called back to Washington, and The Experts concluded the information on Alexis was based on rumor and innuendo and thus restored his access. His secret-level security clearance from the Navy carried over when he went to work as a computer contractor last summer.
The Experts declined to comment.
Defense Secretary Chuck Hagel said Tuesday the department will set up an automated program that will continuously pull information from law enforcement and other databases. It will send out alerts if damaging information about a security-cleared worker is discovered.
Hagel said an inside threat management center will analyze the automatic record checks and "help connect the dots." He said he will consider cutting the number of workers with clearances -- currently about 2.5 million -- by at least 10 percent.
The Pentagon may also take over background checks for its workers, which are now done by the federal Office of Personnel Management. Hagel said the department will look at the costs. Currently the Pentagon pays OPM about $700 million a year for the investigations.
Sens. Susan Collins, R-Maine, and Claire McCaskill, D-Mo., said the reports underscore the need for their legislation, which calls for automated reviews of public databases for information about workers who have security clearances. The bill would require OPM to implement the automated reviews that would search the databases at random times at least twice every five years.
"There is a gaping hole in the current security clearance process that has enabled people who exhibit obvious signs of high-risk behavior to remain undetected," said Collins, a member of the Senate Intelligence Committee.
While the reviews were ordered as a result of the Navy Yard shootings, they reflect the same worries that surfaced after the massive intelligence leaks by former National Security Agency contract systems analyst Edward Snowden and Army Pvt. Chelsea Manning, formerly known as Bradley Manning.
Security clearances are currently reviewed every five or 10 years, depending on the clearance level.