DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.
DHS Needs to Address Oversight and Program Deficiencies before Expanding the Insider Threat Program