Wikipedia defines an Insider Threat as "a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems".
With respect to the Insider Threat, focus in the DoD and Industrial Communities, has been on Espionage and National Security Crimes.
U.S. defense information comprises more than just classified information. Targeting of defense information has included dual-use technology, military critical technology, sensitive company documents, proprietary information, and Export Administration Regulation (EAR) or International Traffic in Arms Regulation (ITAR) controlled technology.
Some of these terms may be unfamiliar or a bit confusing and if we are talking about the Insider Threat, counterintelligence and countering espionage, we might ask what does this have to do with sensitive company documents?
To help clarify, here are a few definitions:
ESPIONAGE - A national security crime; specifically, it violates Title 18 USC, §§ 792-798 and Article 106a, Uniform Code of Military Justice (UCMJ). Espionage convictions require the transmittal of national defense information with intent to aid a foreign power or harm the U.S. However, even gathering, collecting, or losing national defense information can be prosecuted under Title 18.
ECONOMIC ESPIONAGE - Up until the passage of the Economic Espionage Act of 1996, many people used the phrases "Economic Espionage" and "Trade Secret Theft" interchangeably. Many people actually still do, but there is a difference. Economic Espionage is defined under §1831 of the Act and comprises behavior that denies the rightful owner of the economic benefit of property that the owner has gone to reasonable means to protect and does so with the intent to benefit a foreign entity.
TRADE SECRET THEFT - Is defined under §1832 of the Economic Espionage Act of 1996 and covers the conversion of a trade secret to the economic benefit of anyone other than the rightful owner. There is no requirement for a foreign nexus in Trade Secret Theft.
ITAR/EAR VIOLATIONS - ITAR and EAR are export control laws whose broad scope extends to products, software, technical details, and services, and includes both military and commercial items.
WHICH ONES APPLY TO ME?
While many would think that these only apply to DoD professionals with access to sensitive information, most of the information is unclassified and is handled outside the realm of the DoD. So, in fact, all of these are relevant. Traditional Espionage may be the most obvious, but Economic Espionage also involves the loss of U.S. information to a foreign entity. Trade Secret Theft involving information related to a technology or security program, even if the information stops short of being classified, could provide critical information about your program, your personnel, or an emerging technology.
Remember, we can't always accurately determine the end user. What appears to be a domestic perpetrator may in fact turn out to be a foreign collection effort. ITAR and EAR Violations are criminal acts that must be reported. Though these different violations may result in different courses of action against the perpetrators, suspected violations of any of these laws must be reported to your security officer and/or the appropriate federal agency. If you see something, say something.
The following case studies may offer additional insight into the Insider Threat, counterintelligence and countering espionage and how it can manifest itself in the DoD and Industrial Communities.