Insider Threat Program and Reporting PolicyInsider Threat Program and Reporting Policy kcross8 Fri, 09/24/2021 - 10:30
The Department of Defense has designated the Georgia Institute of Technology (“Georgia Tech”) a Cleared Defense Contractor (CDC), which gives Georgia Tech clearance to receive and store certain classified and sensitive information for the purpose of providing critical services and innovative solutions to various military defense and national security projects. Certain Georgia Tech personnel must protect the information and prevent nefarious actors, who may use deceptive tactics meant to appear as if permitted by Georgia Tech, from accessing the information. The requirements of safeguarding information mandates that Georgia Tech establish and maintain an Insider Threat Program that safeguards sensitive information from theft and follows specific government security protocols. The Insider Threat Program serves to gather, integrate, and report relevant information of potential or actual insider threats, in compliance with Federal Law and established security best practices; including Executive Order (E.O.) 13587 and 32 Code of Federal Regulation (CFR) Part 117, National Industrial Security Program Operator’s Manual (NISPOM).
As a CDC, Georgia Tech will provide security measures to all personnel to understand how to identify potential or actual insider threat red flags at a variety of workplace locations such as but not limited to; locally on-campus, off-campus at various geographic locations, telework, etc., and how to become familiar with reporting the observation(s) of insider threat red flags. Once reported, the Research Security Insider Threat Program will deliver ample information to employ risk management principles, analytical methodologies, and investigative techniques tailored to meet the distinct needs of each reported observation. Appropriate protections will comply with privacy, civil rights, and civil liberties of both the reporter and reported.
The policy applies to all Georgia Tech employees and all other individuals granted authorized access to Georgia Tech personnel, facilities, data, information, networks, and servers. In addition, the policy covers all geographically separated and remote working locations where employees are conducting work assignments for Georgia Tech.
Personnel to whom the Department of Defense (DOD) grant eligibility determinations or who are being processed for access to classified information.
Personnel to whom the DOD did not grant or who are not being processed for access to classified information.
The likelihood, risk, or potential that inside personnel will use their authorized access, wittingly or unwittingly, to do harm.
In order for Georgia Tech to provide accurate, timely, and effective protections to assets and resources, Georgia Tech’s Insider Threat Program Working Group (ITPWG) communicates, reviews, and analyzes data identifying trends indicating potential insider threat risk. The ITPWG is comprised of senior leaders representing identified institution stakeholders including but not limited to: Research Security, the Office of the General Counsel (OGC), OGC and Georgia Tech Research Institute (GTRI) Office of Ethics and Compliance, the Office of Information Technology, Georgia Tech Cyber Security, Georgia Tech Human Resources, GTRI Talent Management Department, GTRI Information Systems Department, GTRI Chief Legal Counsel and the Georgia Tech Police Department. The ITPWG members support the Insider Threat Program through delivery of information obtained through the performance of their assigned responsibilities.
Specific Insider Threat Program responsibilities are:
5.1 Director Research Security
Direct oversight of Insider Threat Program operations, as well as compliance with federal regulations and institutional policies.
5.2 Insider Threat Program Senior Official (ITPSO)
5.2.1 Is responsible for the program’s daily operations, management, and compliance with federal regulations.
5.2.2 Constructs and manages Georgia Tech’s ITPWG.
5.2.3 Will employ risk management principles, analytical methodologies, and investigative techniques to all actual or potential insider threat reported situations.
5.2.4 Will submit in writing reports to the Federal Bureau of Investigations (FBI) and Defense Counterintelligence and Security Agency (DCSA) pertaining to all actual, probable, or possible espionage, sabotage, terrorism, or subversive activities at any of Georgia Tech’s locations as outlined in 32 CFR Part 117.
5.2.5 Will ensure all cleared personnel complete insider threat training consisting of but not limited to: counterintelligence security fundamentals; procedures for conducting insider threat response actions; applicable laws and regulations regarding the gathering, integration, retention, safeguarding, and use of records and data including consequences of misuse; applicable legal, civil liberties and privacy policies applicable to the insider threat program.
5.3 All Georgia Tech Personnel
5.3.1 To protect the Georgia Tech brand and reputation, all GT personnel will utilize available resources through Research Security to report and identify potential insider threats. By doing so, maximum protection of all Georgia Tech personnel, facilities, data, information, networks, and servers will be achieved.
5.3.2 Georgia Tech Cleared Personnel
All cleared personnel are required to report both personal disclosures and any observations of others in the following categories to Georgia Tech’s Facility Security Officer: any questioning of an individual’s allegiance to the United States, all indications of the presence of improper foreign influence, any indication of foreign preference, any personal misconduct, all unexplained financial affluences, any changes in alcohol consumption behavior, any illegal drug use, possession, or distribution, all criminal misconduct, all situations of mishandling protected information, any conflicting outside activities, and all indications of misuse of information technology. Additionally, cleared personnel are required to report all foreign travel; business and life changing events, such as but not limited to, divorce or positive or negative financial affluence.
To report suspected instances of insider threat indicators, please visit the anonymous Insider Threat Program Reporting tool at: https://gtri.gatech.edu/insider-threat-reporting-tool.
|09-2021||Research Security/Insider Threat Program||New Policy|