Proceedings Winter 2014 – 2015
training, and such. Everyone has to be "all in" to protect
your mission capabilities from insider threats.
Train and practice: Start a proactive training system.
A well-trained staff, capable of recognizing anomalous
peer behavior, can greatly enhance security. Some of the
simplest programs such as, "If you see something, say
something," can mean the difference between an effec-
tive intervention or a future active shooter situation. Once
personnel have been trained on insider threat detection
and effective responses, the organization as a whole must
practice those response plans. This is particularly impor-
tant regarding an insider active shooter. All crew mem-
bers must know their role, response actions, and specif c
defensive techniques and procedures in these life-threat-
Communicate: It is vital that senior leaders stress the need
for the Coast Guard to look after its own. Personnel who see
the value of helping each other will be much more effective
in the early identif cation of others who need assistance.
Emphasis on getting any and all personnel help when
needed will set the tone for the
entire unit. They will quickly see
that identifying those in need
and getting them help is a posi-
tive and appreciated action.
About the author:
Colonel (ret.) Steve Coppinger, USAF,
served as a special agent in the Air Force
Off ce of Special Investigations. He is
currently an executive director for CACI
Inc., and helps government organizations
protect and defend against insider threats.
Black, J. Virginia Truck Driver Shot Sailor at Norfolk Base, Navy Says. NBC News,
March 27, 2014. Available at www.nbcnews.com/news/us-news/virginia-truck-
Ackerman, S. US sailor shot dead aboard destroyer at Naval Station Norfolk. The Guard-
ian, March 25, 2014. Available at www.theguardian.com/world/2014/mar/25/
Yadron, D. Navy Systems Administrator Arrested on Hacking Charge. Dow Jones
Business News, May 5, 2014. Available at www.nasdaq.com/article/navy-systems-
Recognizing different types of insiders. Kaspersky Labs, Securelist,2014. Available at
Gelles, Dr. M, and Tara Mahoutchian. Mitigating the Insider Threat — Building a
Secure Workforce. Deloitte Consulting, March 2012. Available at http://csrc.nist.
gov/organizations/f ssea/2012-conference/presentations/f ssea-conference-2012_
Combining the elements above with other factors, such as
the length of an employee's career, the employee's amount
of access to classif ed data and results of a background check
should give leaders and supervisors a fair idea of which
employees are most likely to become an insider threat, or
even commit an insider attack.
What should leaders do?
The U.S. government, plus vari-
ous departments and agencies
are quickly rolling out man-
dated insider threat detection
and mitigation requirements,
especially for orga n izat ions
with intelligence programs or
other sensitive missions.
For commanders and supervi-
sors in a maritime environment,
action to counter insider threats
is vital. Here are some key steps for preparing the ship and
crew to effectively mitigate insider threats:
Preparation: Appoint an experienced staff off cer as the
insider threat lead, responsible for learning about U.S. gov-
ernment insider threat mandates and policies. This person
will be the main source of insider threat detection program
(ITDP) updates, new policies, and emerging ITDP tools,
techniques, and procedures.
Organize: Get your command in line with current USCG
guidelines for an effective ITDP effort. Stopping insider
threats is a team effort. It requires all the skills and capa-
bilities of your staff: command element, security, person-
nel, law enforcement, counterintelligence, legal, medical,
Tactical Law Enforcement Team South members participate in a law enforce-
ment active shooter emergency response class. U.S. Coast Guard photo by
Petty Off cer Michael Anderson.
"What we're not doing here is look-
ing to profile anyone, or point the
finger at anyone. What we're trying
to do is look for anomalous behav-
iors. Those are behaviors that begin
to look very different than what a
person has been normally doing."
— Dr. Michael Gelles, Deloitte Consulting