Skip to main content

Protecting against Insider Threats at DOD

Posted on November 05, 2015
Thirteen people were killed and dozens more injured when a gunman opened fire at Fort Hood, Texas, 6 years ago today. In what’s known as an insider threat, the gunman, a Department of Defense employee, had authorized access to the military base. Today’s WatchBlog looks at how DOD fights against various types of insider threats, whether they’re attacks like the Fort Hood tragedy, the Washington Navy Yard shooting, or the unauthorized release of classified information. The danger within Insider threats are familiar with their target. They know the layout, the rules, the routines, the vulnerabilities. They may not raise any suspicions because, unlike outside threats, they belong. Insider threats can even be accidental—an unlocked door or a dropped access badge. Threats don’t have to be violent to be grave, either. Unauthorized releases of classified information damage national security and potentially put the lives of military servicemembers at greater risk. Alarmingly, these threats are becoming much more common. Joe Kirschbaum, a director in our Defense Capabilities and Management team, explains:
Addressing the threat    DOD has a program to identify and prevent insider threats, whether physical or virtual. But when we reviewed DOD’s efforts to protect classified information against our insider threat framework, we found that DOD’s efforts didn’t line up with our 25 key elements.

insider threats(Excerpted from GAO-15-544)

We recommended that DOD provide more information to its services, improve guidance, and take other steps to help better protect classified information and systems. We also looked at what steps DOD took to address problems identified after the 2009 Fort Hood shooting, as well as the 2013 Washington Navy Yard shooting. We recommended that DOD encourage information sharing, and improve how it tracks the implementation of recommendations from the 2009 Fort Hood review.
About Watchblog

GAO's mission is to provide Congress with fact-based, nonpartisan information that can help improve federal government performance and ensure accountability for the benefit of the American people. GAO launched its WatchBlog in January, 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information.

The blog format allows GAO to provide a little more context about its work than it can offer on its other social media platforms. Posts will tie GAO work to current events and the news; show how GAO’s work is affecting agencies or legislation; highlight reports, testimonies, and issue areas where GAO does work; and provide information about GAO itself, among other things.

Please send any feedback on GAO's WatchBlog to blog@gao.gov.