DCSA Seeks an Internet Mining Tool to Detect Insider Threats
The Defense Counterintelligence and Security Agency (DCSA) has published a request for information (RFI) solicitation for contractors who can develop a tool that will automatically sort through social media and other public websites to create a searchable database of posts, items of interest, relationships and interactions that can be used in insider threat investigations.
This ties in with all of the security clearance holders enrolled in Continuous Evaluation as well as the future Trusted Workforce 2.0 initiative. Here is how it would work: a flag is generated on a DOD employee or contractor as a potential threat. A security analyst reviews the information and opens an investigation or inquiry, which would include using digital evidence contained within DOD networks. They would also use this proposed tool that would allow the analyst to input limited identity search criteria to pull information from social media and other internet sites that relate to the subject of the investigation to determine if there is an immediate threat or an action needed.
The RFI sets specific parameters that must be met. These include:
- The capability to broadly scan the internet based on a known primary actor.
- The capability to conduct extremely accurate identity resolution based on initially limited data sets to validate that the results truly belong to the primary actor.
- The capability to scan the internet not only for text but for photos and videos containing images related to the primary actor and behaviors of concern.
- The capability to deliver both screen shots of relevant materials and the ability to view more broadly the information surrounding it to ensure appropriate context is captured.
- The capability to not only conduct a single check on an individual for existing information but to maintain continuous checks with frequency no less than weekly on a known actor during the period of time the individual’s case remains open.
- The existing capability to meet all DOD and federal information technology standards to ensure use and capability on DCSA networks.
- The ability to access all data without creating a fake user account or creating affiliations with the known primary actors, which is strictly prohibited.
For those with concerns about personal privacy, the RFI specifies that DCSA only wants to collect “information that is available to the public, under privacy settings set to ‘public,’ after creating a user login for the social media site.”