The Intelligence and National Security Alliance (INSA) has released a new white paper (The Need for Transparency on Insider Threats: Improving Information Sharing Between Government and Industry) that’s chief aim is to highlight policies and statutes that need clarification.

There’s a lack of clear policy guidance on what personnel security information U.S. Government agencies can share with cleared contractors and confusion abounds.

This uncertainty has prevented the establishment of consistent security practices across the industry. When there are no uniform procedures, it’s inevitable that there will be weaknesses that can easily be exploited for nefarious reasons. 

Cleared contractors are required to protect sensitive and classified information under the NISPOM and under individual contracts for classified work. Not doing so could cause companies to be disqualified from further government contracts. This scenario is far costlier than the expense of maintaining effective security and insider threat programs. 

But sometimes, it’s not the fault of the company when they fail to meet their security obligations.

Cleared contractors need all pertinent information the government may have regarding risks posed by their employees. Of course, the employees’ privacy is a concern, as well. 

INSA’s latest white paper posits the answer may be limiting the use of personnel security information to security matters and by limiting sharing to validated information, except in circumstances in which potential security risks are high. 

The nation’s security hangs on greater transparency in insider threat matters.

Here are the most important takeaways from the white paper, which you can read in its entirety here.

Takeaway #1

There needs to be a government-wide understanding of what information can safely be shared under the Privacy Act of 1974. This can be accomplished with an interagency working group composed of ODNI and OMB.

Takeaway #2

Passing Section 502 of the Senate’s FY22 Intelligence Authorization Bill would require agencies to share security-relevant information about contractor’s employees with their companies.

Takeaway #3

INSA recommends issuing government-wide sharing policy guidance directing maximum transparency for potential insider threats. (Source) 

Bottom Line

The INSA whitepaper states that, “Government and cleared industry are partners in ensuring the protection of national security information and the safety of the national security workforce.”

But this partnership can only work when government agencies are transparent about suspicious individual contractor employees and the possible threats they pose.

Following the recommendations set forth by INSA is the best path toward protecting the safety of the nation.

My conversation with Karen Evans touched on many of the points that are central to the new whitepaper. You can watch it here.