An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Sept. 30, 2022

NITAM: Critical thinking in digital spaces – Vigilance

By DCMA Security

Defense Contract Management Agency’s Counter-Insider Threat Program champions National Insider Threat Awareness Month to ensure good practices secure the agency’s digital world.

Previously covered subjects include Disinformation and Social Media.

Agency team members are the eyes and ears for the Department of Defense and its partners. Collectively, the team is responsible for security and reporting, and alone, annual training is often not enough to prevent insider threat.

Most insider threats are the result of a crisis and an opportunity in the life of an individual. This combination presents vulnerabilities.

Can you identify the indicators of an insider threat?

Some of the behaviors to be aware of include: security and compliance infractions, misuse of Government Furnished Equipment, or GFE, mishandling of sensitive data, unreported foreign contacts or travel, drug or alcohol abuse, attempting to access information without a need-to-know, unauthorized access, policy violations, violence or abusive conduct, performance degradation, unexplained affluence, psychological conditions, and anti-government views.

To easily identify indicators, here are some tips to keep in mind.

When listening, pay attention to the individual’s point of view. People rarely ask for assistance outright. Observe the individual’s body language. Someone’s body language often expresses their intentions beforehand. Without watching for these signs, it may be too late to provide assistance.

A typical insider-threat progression follows:

  • The first phase is grievance and ideation. This is where the individual expresses their thoughts via speech, writing and/or action.
  • The second phase is preparation. The individual begins to research, plan and gather materials for the execution.
  • The third phase is exploration. The individual attempts to recruit co-conspirators.
  • The fourth stage is experimentation. The individual performs reconnaissance and testing.
  • The fifth stage is execution. The individual abuses trusted access and/or information to commit a hostile act.
  • Finally, the escape phase is where the individual attempts to evade capture and/or cover their tracks to avoid detection.

These tips can aid agency members identify suspicious behaviors to report to the Counter Insider Threat Program team.

To stay informed of the latest insider threat information, download the Insider Threat Sentry Mobile app on mobile devices.

For more information on Insider Threat Awareness, visit the agency’s Counter-Insider Threat Program 365 page (login required).