• Terry Halvorsen, U.S. Defense Department chief information officer, addresses the crowd at AFCEA TechNet Asia-Pacific. Photo by Bob Goodwin
     Terry Halvorsen, U.S. Defense Department chief information officer, addresses the crowd at AFCEA TechNet Asia-Pacific. Photo by Bob Goodwin

Halvorsen Offers a Different Take on the Insider Threat

November 17, 2016
By George I. Seffers
E-mail About the Author

The Defense Department CIO says incidents have been costly but few.

Terry Halvorsen, U.S. Defense Department chief information officer, told the AFCEA TechNet Asia-Pacific audience he is concerned about the cyber threat posed by insiders, but also warned against limiting employees’ sense of freedom.

Halvorsen made the comments during the question-and-answer session following his remarks as the luncheon keynote speaker on the final day of the conference. “I hope no one reports that Halvorsen said he was not worried about the insider threat. I am worried about it,” he said. But, he added, the U.S. has a culture of freedom in which people do not feel they’re being watched all the time. That, he said, “powers our work force, and I would say, makes this country very different from any other place in the world.”

The CIO said the United States has been very lucky so far. We’ve had some incidents with insiders that have “caused great harm,” but the number of incidents has been very small by any measure. He called for a balance between protecting that culture and securing vital information.

Halvorsen indicated that technology can help to some degree. “We’re looking at some big data things that are out there in the public that could help us with that,” he reported.

However, he also emphasized the need for cyber awareness education. “There’s technology we’re going to employ that looks at the insider threat, but probably the biggest thing you can do about the insider threat is to educate the entire work force. Without getting into specifics, I can tell you that most insider threats could have been identified if the individuals working around the person had just paid attention to the things we said should have been paid attention to,” he offered.

Halvorsen reported that the Defense Department also is building a culture of “culpability and responsibility.”

He reminded the audience that the department has adopted a cyber scorecard process, which he says companies in other countries are emulating. Furthermore, he recalled that a former member of the joint chiefs came up with the term “negligent electronic discharge.”

“If that sounds a lot like a weapon, it was meant to. While people make mistakes with weapons, we don’t tolerate those. We give you lots of training on how to handle that weapon, and if you make a mistake, there are generally consequences that you must pay,” Halvorsen pointed out. “Our policies now for electronic negligence mirror, where they should, those of weapons policy that say if you’ve been trained and you make a mistake, there are consequences.”

He explained that those consequences will be more severe if a person commits a second offense.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Share Your Thoughts: