US Defense Intelligence Agency Is Researching Employee Social Media Histories

Uploaded on 2016-07-27 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

The Pentagon is conducting market research for a planned 12-month "social media checks" pilot that would analyze public posts to help determine an employee's suitability for Defense Intelligence Agency (DIA) classified work.

The effort is part of a shift away from screening intelligence and military staff every five years, as is current practice. The program is meant to support “continuous evaluation” through automated searches of various data sources, including social media posts, DIA says.

The scope of this particular trial run would involve generating "social media reports" that provide "comprehensive and objective data" and expertise to carry out a "whole of person review," in line with Office of Director of National Intelligence (DNI) guidelines, states a newly released January draft statement of work.

In May, DNI chief James Clapper issued a directive approving the use of social media in the public domain to vet personnel.

If DIA goes through with a contract, "at a minimum, the service would have to analyze foreign comments and postings, foreign contacts and any information regarding: allegiance to the United States, foreign influence and/or preference, sexual behavior, personal conduct, financial, alcohol, legal and/or illegal drug involvement, psychological conditions and criminal conduct," the work statement says.

A DIA official told Nextgov there is no guarantee the agency will solicit any vendor; rather, DIA is figuring out what features companies might be able to offer.

The social media reports would help out that agency's existing Personnel Security, Insider Threat, Continuous Evaluation, Counterintelligence and Investigation program, DIA spokesman James Kudla said.

"This is part of the larger government effort" for "continuous evaluation monitoring," Kudla said in a brief interview. It's not restricted to the intelligence community; "it’s really part of the Department of Defense program as well."

"Social media reports are required to identify national security concerns on individuals who are required to obtain and retain a national security clearance" for handling sensitive material, states a July 14 sources sought notice accompanying the work description.

The reports should include checks of "all publicly available social media sites," the work statement says.

DIA does not specify particular websites, like Facebook, Twitter or other online networks. The analyses also would cross-check an individual's various online personas through "social media profile comparisons," the work statement adds.

Clapper's policy states that security clearance investigators cannot create shadow accounts to "follow" or "friend" an employee under review. In addition, social media content about other people inadvertently collected during a check cannot be retained unless the information is relevant to the review of the employee, the directive says.

Other intelligence agencies have experimented with social media monitoring to aid the background investigation process. The National Security Agency, for example, says it performed a successful social media test that tracked 175 NSA employees on their online networks.

About 45 percent of the searches returned information that aligned with criteria NSA currently uses to judge candidates -- "some of which we didn’t know before," Kemp Ensor, NSA director of security, said in April at an Intelligence and National Security Alliance symposium in Chantilly, Virginia.

The DIA market research notice says the agency would like social media reports for routine investigations turned around within five days and two-day delivery for most "expedited" social media reports.

The agency is looking for prospective vendors that would be able to use a secure, encrypted internet website or document transfer tool to furnish the social media reports, the work statement says.

Defense writ large is building a massive information-sharing system that can profile security clearance-holders, to flag who among them might become traitors or other "insider threats."

The DOD Component Insider Threat Records System is part of the government-wide reaction to the 2010 sharing of classified diplomatic cables with WikiLeaks by former Pfc. Chelsea Manning.

NextGov

« Ransomware: Should You Pay The Ransom?
Google Wants Your Medical Records »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

Cybercrowd

Cybercrowd

Cybercrowd is a cyber security specialist offering technical services, cyber security assessments, guidance and security thought leadership.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Apricorn

Apricorn

Apricorn provides hardware-based 256-bit encrypted external storage products to companies and organizations that require high-level protection for their data at rest.

IQ Solutions

IQ Solutions

IQ Solutions is a Digital Integrator and an ICT Services Provider, focusing on innovative Cyber Secured ICT managed solutions tailored to the needs of the Maritime Industry.

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

UK Research & Innovation (UKRI)

UK Research & Innovation (UKRI)

UKRI works in partnership with universities, research organisations, businesses, charities, and government to create the best possible environment for research and innovation to flourish.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

Custard Technical Services

Custard Technical Services

Custard provide Network Security for all types of businesses across many industries, helping to keep them safe and secure.

VP Techno Labs

VP Techno Labs

VP Techno Labs is an award-winning cybersecurity firm focusing only cybersecurity to develop cutting edge solutions for emerging business.

AdviserCyber

AdviserCyber

AdviserCyber provide Cybersecurity and Compliance Solutions for Registered Investment Advisers.