An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Sept. 4, 2019

September is Insider Threat Awareness Month

By Brian J. Sullivan DCMA Security

Defense Contract Management Agency employees should know that September is Insider Threat Awareness Month.

DCMA’s continued support of the counter insider threat mission and proactive engagement strategies are at the forefront of efforts to deter, detect and mitigate insider threats. Every DCMA employee is responsible for safeguarding the agency from the risks posed by insider threats.

Raising insider threat awareness among the DCMA workforce is the cornerstone of early detection efforts. Employees have probably heard of the notorious cases — people who took secrets; those who took lives; others who risked their organizations and those who risked national security. But there are also unwitting insiders — these are individuals with access to information who unknowingly reveal more than they should.

An insider threat is anyone with authorized access to the information or things an organization values most, and who uses that access, either wittingly or unwittingly, to inflict harm on the organization or national security. When an insider becomes a threat, it can have far-reaching consequences on an organization and national security.

Insider threats can be anyone and target anything. Sometimes they unknowingly create vulnerabilities for others to exploit. In addition to classified information, proprietary information, trade secrets and intellectual property, the security and safety of personnel can be threatened.

Malicious insiders go after anything they can use to inflict harm. They have many motivations, and some do it for money while others do it for their ego. Some do it for a specific cause or to support another country. Their authorized access or insider knowledge of critical assets offers them opportunities to compromise information, sabotage infrastructure and inflict harm on their coworkers. There are more incidents of insider threats than most people realize and these numbers continue to rise.

Deter, detect and mitigate are the mainstays of the counter insider threat mission. First, employees should seek to deter or prevent the beginning of a threat. Deterrence begins with being aware and vigilant. One of the best prevention measures is to train employees to recognize and report the behavioral indicators exhibited by others as well as report things that just seem out of place.

In addition, the detection of abnormal activities is critical to counter insider threat strategies. Detection also requires vigilance and awareness by everyone in the agency. The mitigation of threats proves critical when an imminent threat occurs.

Once an insider threat is revealed, coworkers often recall signs that something was not right. An insider threat may exhibit a number of suspicious behaviors, including working outside of their regular duty hours, repeatedly failing to follow processes and policies, which result in security violations, or displaying a general lack of respect for coworkers, management, DCMA and the United States.

If a DCMA employee suspects a possible insider threat, the individual must report it. An employee should not assume someone else will do it. Every team member is an owner of security, including the security of information and the security of personnel.

A major hurdle that deters people from reporting is the idea that they are snitching on a colleague. Yet reporting is a way of ensuring everyone’s security and preserving the resources and capabilities of our organization. The DCMA insider threat mission includes getting help for those in the workforce who need help. As the saying goes, “If you see something, say something.”

Editor’s Note: For more information, contact Brian J. Sullivan, Insider Threat program manager, at 804-734-0805 or Additional information can be found at or (login required).