United States Coast Guard Has Taken Steps to Address Insider Threats, but Challenges Remain

USCG has taken some steps to address the risk of insider threats to its information systems and data. For example, USCG established an Insider Threat Working Group designed to implement a holistic program focused on the insider risk. In addition, USCG implemented a process to verify that system administrators have the appropriate level of access to information technology systems and networks to perform their assigned duties. Further, USCG established the Cyber Security Operations Center to monitor and respond to potential insider threat risks or incidents against USCG information systems and networks. However, additional steps are needed to further address the risk posed by trusted insiders at USCG