In December, experts told Fast Company that one of the things companies could do to protect themselves against WikiLeaks-style disclosures was to monitor employee sentiment. After all, one of the most likely ways an outside organization like WikiLeaks would get a hold of massive amounts of confidential information—like the hundreds of thousands of diplomatic cables purportedly leaked by an Army private—would be if a disgruntled employee walked out the door with them on a thumb drive. (Private Bradley Manning reportedly used a disk disguised to look like a Lady Gaga CD.)
A new set of directives released by the federal government this week appear to be going overboard in this direction. A 14-page memo released by the Office of Management and Budget seems to suggest that departments and agencies should set up "insider threat programs," complete with post-foreign travel debriefings and psychiatric assessments to identify potentially untrustworthy employees.
The memo is part of an assessment the White House requested in November. Government agencies and departments have until the end of January to review how well they are safeguarding confidential information "in the post-WikiLeaks environment."
Most of the items in the OMB’s checklist seem like regular bread-and-butter data security stuff: have processes for determining who should have access to what information, make sure people can’t walk off with information using removable media, train employees on how to safeguard information.
But the sections on preventing unauthorized employee disclosures and personnel security seem designed more for the CIA and NSA than, perhaps, the Department of Housing and Urban Development or the Department of Education. Among the items on the checklist:
- "Do you have a foreign travel/contacts reporting process or system that identifies unusually high occurrences of foreign travel, contacts, or foreign preference in the investigative subject pool?"
- "Do you have mandatory pre-and post-travel briefings for government and contractors?"
- "What if anything have you implemented to detect behavioral changes in cleared employees who do not have access to automated systems?"
- "Do you use psychiatrist and sociologist to measure:
- Relative happiness as a means to gauge trustworthiness?
- Despondence and grumpiness as a means to gauge waning trustworthiness?"
Steven Aftergood, a national security specialist for the Federation of American Scientists, told MSNBC those sections of the checklist looked more like programs used at intelligence agencies for "rooting out spies." "This is paranoia, not security," he said.
[Image: Flickr user Anonymous9000]