DCSA Implements Changes to Insider Threat Training Requirements

The Defense Counterintelligence and Security Agency (DCSA) recently announced changes to required training for Insider Threat Program Personnel to address the increasingly aggressive tactics used by adversaries in recruiting U.S. employees with access to proprietary or classified information. With all of the recent downsizing of federal agencies and the slew of employees taking deferred resignation offers, it leaves those still in their seats feeling a bit overwhelmed and demoralized. This in turn could lead to them becoming insider threats. A prime example was the recent arrest of a Defense Intelligence Agency (DIA) IT Specialist for attempting to sell classified information to what he thought was a foreign government representative. Fortunately, it was an FBI agent with whom he conspired to provide classified information he had hand-written onto paper and smuggled out of his work area. His reason for doing so was because he was not in agreement with the current administration’s policies and values.

The updates to the insider threat training for program personnel are designed to give companies the latitude to choose between DCSA’s standardized training, contractor developed training specifically tailored to their company’s operational environment, or the ability to choose a hybrid approach that combines the two (as long as they meet Insider Threat Program requirements). DCSA must still approve all contractor-developed training to ensure it meets the standards outlined in 32 CFR 117.12. All cleared personnel must be given insider threat awareness training before being given access to classified information, and then continued training annually.