Insider Threat Program

Institutions of higher education are a prime target for foreign intelligence services seeking information concerning US federally funded research, classified or controlled (CUI) information, technologies, or other sensitive information that could lead to a military, technological or economic advantage.  As foreign adversaries use a variety of techniques to target such information, the collaborative nature of the academic community, its willingness to host foreign scholars, and faculty autonomy all provide access points that can be exploited by foreign intelligence operatives.   

The Insider Threat Program (ITP) established a secure operating environment for personnel, facilities, information, equipment, networks, or systems from insider threats. This program is designed to serve as a mechanism to encourage compliance with training and awareness, policy and procedure, and management practices that guide employees to act in the interests of CSU and the federal government.  

The ITP applies to all staff offices, regions, and personnel with access to any government or contractor resources. The Insider Threat Program includes personnel, facilities, information, equipment, networks, and systems.  

The ITP was established in compliance with DoD 5220.22-M of the National Industrial Security Program Operating Manual (NISPOM). This program seeks to prevent espionage or violent acts against the nation, unauthorized disclosure of controlled information, deter cleared employees from becoming insider threats, detect those who pose a risk and mitigate the risks through investigative, administrative or other responses. The ITP will meet the minimum standards outlined in the NISPOM, with additional guidance provided by (ISL) 2016-02 and ODAA Process Manual for Certification and Accreditation of classified and controlled systems.   

In addition to traditional cyber security methods, such as phishing or hacking research systems, the FBI and the Department of State have identified certain techniques that have been used to access sensitive research information or intellectual property from university researchers: 

  • Sponsorship of foreign travel 
  • Study abroad opportunities 
  • Foreign conference or presentation opportunities 
  • Talent recruitment programs 
  • Gift or sponsored research funding 
  • Publishing opportunities 
  • Joint research opportunities 
  • In-kind research lab access or research personnel 

These techniques may open opportunities for the inadvertent sharing or theft of intellectual property and sensitive or restricted information. This can occur by adversaries gaining access to university systems or research as a visiting scientist, student, or as lab personnel, university researchers sharing sensitive research data for collaboration or as a requirement for gift/sponsored funding, or by researchers unknowingly being subjected to cyber security theft when traveling abroad.  

Insider Threat Program Senior Official (ITPSO), will be designated in writing and will act as the university’s representative for ITP implementing activities.  The designated ITPSO will be cleared in connection with the facility clearance, be a United States citizen, and will be designated as Key Management Personnel (KMP) in e-FCL in accordance with Cognizant Security Agency (CSA) guidance and in accordance with NISPOM 1-202b. 

The ITPSO will be responsible for daily operations, management, and ensuring compliance with the minimum standards derived from Change 2 to DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM).   

Responsibilities include: 

  • Self-certify the ITP Plan in writing to DSS no later than 6 months from the issue date of Change 2 to DoD 5220.22-M, NISPOM 
  • Provide copies of the ITP Plan upon request as well as making the plan available to the Defense Counterintelligence Security Agency (DCSA) during the Security Vulnerability Assessments (SVA). 
  • Establish an ITP based on the organization’s size and operations. 
  • Provide Insider Threat training for ITP personnel and awareness for cleared employees and students. 
  • Conduct self-inspections of the ITP in accordance with NISPOM 1-207b, on an annual basis. 
  • Oversee the collection, analysis, and reporting of information across the university to support the identification and assessment of insider threats.   
  • Oversee the collection and organization of potential insider threat information across CSU, analyze this information, and report to appropriate federal agencies as required.   
  • Establish and manage all ITP implementation and reporting requirements, including self-assessments and independent assessments, the results of which shall be reported to senior management.   
  • Report the results of insider threat program self-assessments and facilitates the reporting of any independent assessments to the Vice President for Research and any additional appropriate members of senior management 

CSU’s ITP ensures the University can continue its vital engagement with foreign students, scholars, and institutions by implementing measures to protect our people, facilities, technology, research, and intellectual property. This program works to mitigate the risks posed by foreign adversaries aiming to exploit or influence federally funded research. 

The ITP is crucial for CSU. Without one, CSU risks losing its Facility Security Clearance, which would prevent it from bidding on federal contracts. Additionally, CSU could suffer the loss of Intellectual Property (IP) and significant legal and reputational damage 

For questions regarding CSU’s Insider Threat Program, please contact Rich Wright, Facility Security Officer (FSO) and ITPSO.  The FSO is responsible for managing CSU’s relationship with federal agencies under NISPOM requirements and regulations.