Assessing Continuous Evaluation Approaches for Insider Threats
How Can the Security Posture of the U.S. Departments and Agencies Be Improved?
ResearchPublished Aug 5, 2019
This exploratory project examines various continuous evaluation approaches to detecting insider threats that are available to the U.S. government and assesses the relevance of these approaches to the challenges posed by such insider threats. There are potential benefits in effectiveness and cost over the current method of granting security clearances to personnel based on periodic reinvestigation and readjudication.
How Can the Security Posture of the U.S. Departments and Agencies Be Improved?
ResearchPublished Aug 5, 2019
The United States currently employs a periodic and aperiodic investigative and adjudicative security clearance process with origins in the Second World War. Information systems and data — e.g., financial, legal, travel — on individuals have improved dramatically since the creation of this process. This exploratory project examines various continuous evaluation (CE) approaches to detecting insider threats that are available to the U.S. government and assesses the relevance of these approaches to the challenges posed by such insider threats. The authors considered CE cost estimates, examined efficacy and best practices, and assessed some of the practicalities of employing CE.
This report defines CE as a vetting and adjudication process to review on an ongoing basis the background of an individual who has been determined eligible for access to classified information or to hold a sensitive position at any time during the period of eligibility. There are potential benefits from CE in effectiveness and cost over the current method of granting security clearances to personnel based on periodic reinvestigation and readjudication. While exact costs and savings depend on CE packages selected and population size, estimates revealed that savings might be realized after six years and could be substantial (in the billions of dollars) over a longer period. While the process of CE would be new, the substance is not, and, thus, if executed properly, CE would be no more invasive than current processes.
This research was sponsored by the Office of the Secretary of Defense and conducted within the Cyber and Intelligence Policy Center of the RAND National Defense Research Institute (NDRI), a federally funded research and development center (FFRDC) sponsored by the Office of the Secretary of Defense, the Joint Staff, the Unified Combatant Commands, the Navy, the Marine Corps, the defense agencies, and the Intelligence Community.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.