(Correction: The Deloitte report mentioned in this story was published in March 2012. A previous version incorrectly stated the report is new.)
When an Energy Department contractor found himself swimming in debt, he hatched a plan to make a secondary income and pay his bills: Try to sell uranium equipment used to build atomic weapons. The sensitivity of his position allowed access to the materials, which he stole and marketed to foreign government agents for $200,000.
Through interviews and record analysis, the FBI and DoE set up a sting operation to catch the contractor at the point of sale. Roy Oakley made off with a six-year prison sentence and the notorious honor as a DoE “Spy of the Month.”
Oakley’s attempt was foiled, but others still manage to get away.
From a number of recent shootings at military bases to the infamous leaks by former contractor Edward Snowden, the federal government struggles to mitigate insider threats.
“In many instances, whether its violence or the exploitation of some type of information, an individual has access, has a particular crisis and has a disposition to [attack],” said Dr. Michael Gelles, former chief psychologist for the Naval Criminal Investigative Service, on the Federal Drive with Tom Temin and Emily Kopp.
“If we can understand and begin to pay attention to those behaviors, and looking at them as data elements, we can begin to identify these behaviors and look at how they’re different from baseline behavior of an employee, and interrupt forward motion,” Gelles said.
The report identifies some key personality traits of an “at risk” employee:
Has a history of managing crises inefficiently
Displays a pattern of frustration, disappointment and inadequacy
Constantly seeks validation
Has an exaggerated view of own abilities and achievements
A strong sense of entitlement
Views self above the rules
Needs immediate gratification, validation and satisfaction
For example, if an employee with access to sensitive data starts complaining about salary and lower-than-expected bonuses, that’s a red flag. If the employee has a pattern of working on holidays but complains about it anyway, that’s another flag. If the employee has access to an agency from a personal computer, three red flags. Add to those a criminal background including burglary, assaults or drug charges, Deloitte says the agency needs to raise shields and move to full red alert.
Risk-Prone Generation of Federal Employees
The standard psychology behind new and younger federal employees could foretell an increase of insider attacks, according to Deloitte.
As of 2009, more than 40 percent of the federal workforce was older than 50. As they’re replaced by a younger generation with stronger backgrounds in computers and social media, the overall value placed on classified data might shift.
“It used to be that we’d do business in the world of bricks and mortar,” Gelles said. “Now that we’re in an environment where most business is done virtually, we’re seeing that there’s an increase in the way people are sharing and moving information.”
Gelles said new federal employees might be at particular risk of complacency. Similar to how many people immediately click “Accept” when confronted by the terms and conditions of a software update, they might not follow the necessary security measures to keep data from falling into the wrong hands.
“If there aren’t hard set policies, rules and the appropriate training, people aren’t going to do things they don’t feel are important,” Gelles said. “Or they’re going to do things because they’re ignorant.”
Deloitte said members of Generation Y and younger naturally view information as “readily available and accessible, and shared across a larger community.”
Combined with personal connections to social media outlets and a less “passive” attitude about information sharing, the incoming federal workforce is already creating its own set of risk factors based on how they typically (and sometimes constantly) use the Internet.
Creating Prediction Models for Insider Threats
In its report, Deloitte offered agencies a model to try and predict which employee is most likely to become an insider threat. It calculates risk based on four different criteria:
Interviews with coworkers
Computer log-in histories
Posts on social media accounts
Public filings (court cases, permits, etc.)
Noticeable mood changes
Attempts to undermine coworkers
Not getting a bonus or promotion
Personal issue outside of work
Natural disaster affecting employee or family
Combining those elements with the length of an employee’s career, the employee’s amount of access to classified data and a background check, Deloitte argues that agencies should have a fair idea of which employees are most likely to commit an insider attack.
But that doesn’t mean federal employees should fear a “guilty before proven innocent” policy or that good-intentioned whistleblowers should stop pursuing a call to action:
“What we’re not doing here is looking to profile anyone,” Gelles said. “What we’re not doing here is pointing the finger at anyone. What we’re trying to do is look for anomalous behavior. Those are behaviors that begin to look very different than what a person has been normally doing. By being able to identify that, [it then] leads to having a conversation with that person [and to] interrupt forward motion.”
Tom Temin is the host of The Federal Drive, 6 a.m.-10 a.m. on 1500 AM in the Washington, D.C. region and online everywhere.
Tom also writes a weekly commentary. Subscribe to Federal Drive's daily audio interviews on iTunes or PodcastOne