US Defense Intelligence Agency Is Researching Employee Social Media Histories

Uploaded on 2016-07-27 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

The Pentagon is conducting market research for a planned 12-month "social media checks" pilot that would analyze public posts to help determine an employee's suitability for Defense Intelligence Agency (DIA) classified work.

The effort is part of a shift away from screening intelligence and military staff every five years, as is current practice. The program is meant to support “continuous evaluation” through automated searches of various data sources, including social media posts, DIA says.

The scope of this particular trial run would involve generating "social media reports" that provide "comprehensive and objective data" and expertise to carry out a "whole of person review," in line with Office of Director of National Intelligence (DNI) guidelines, states a newly released January draft statement of work.

In May, DNI chief James Clapper issued a directive approving the use of social media in the public domain to vet personnel.

If DIA goes through with a contract, "at a minimum, the service would have to analyze foreign comments and postings, foreign contacts and any information regarding: allegiance to the United States, foreign influence and/or preference, sexual behavior, personal conduct, financial, alcohol, legal and/or illegal drug involvement, psychological conditions and criminal conduct," the work statement says.

A DIA official told Nextgov there is no guarantee the agency will solicit any vendor; rather, DIA is figuring out what features companies might be able to offer.

The social media reports would help out that agency's existing Personnel Security, Insider Threat, Continuous Evaluation, Counterintelligence and Investigation program, DIA spokesman James Kudla said.

"This is part of the larger government effort" for "continuous evaluation monitoring," Kudla said in a brief interview. It's not restricted to the intelligence community; "it’s really part of the Department of Defense program as well."

"Social media reports are required to identify national security concerns on individuals who are required to obtain and retain a national security clearance" for handling sensitive material, states a July 14 sources sought notice accompanying the work description.

The reports should include checks of "all publicly available social media sites," the work statement says.

DIA does not specify particular websites, like Facebook, Twitter or other online networks. The analyses also would cross-check an individual's various online personas through "social media profile comparisons," the work statement adds.

Clapper's policy states that security clearance investigators cannot create shadow accounts to "follow" or "friend" an employee under review. In addition, social media content about other people inadvertently collected during a check cannot be retained unless the information is relevant to the review of the employee, the directive says.

Other intelligence agencies have experimented with social media monitoring to aid the background investigation process. The National Security Agency, for example, says it performed a successful social media test that tracked 175 NSA employees on their online networks.

About 45 percent of the searches returned information that aligned with criteria NSA currently uses to judge candidates -- "some of which we didn’t know before," Kemp Ensor, NSA director of security, said in April at an Intelligence and National Security Alliance symposium in Chantilly, Virginia.

The DIA market research notice says the agency would like social media reports for routine investigations turned around within five days and two-day delivery for most "expedited" social media reports.

The agency is looking for prospective vendors that would be able to use a secure, encrypted internet website or document transfer tool to furnish the social media reports, the work statement says.

Defense writ large is building a massive information-sharing system that can profile security clearance-holders, to flag who among them might become traitors or other "insider threats."

The DOD Component Insider Threat Records System is part of the government-wide reaction to the 2010 sharing of classified diplomatic cables with WikiLeaks by former Pfc. Chelsea Manning.

NextGov

« Ransomware: Should You Pay The Ransom?
Google Wants Your Medical Records »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

ITRenew

ITRenew

ITRenew is a leading global IT lifecycle management solutions company, specializing in onsite data center decommissioning and data erasure services.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Leidos

Leidos

Leidos is a recognized leader in cybersecurity across the federal government, bringing more than a decade of experience defending cyber interests globally.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Boldend

Boldend

Boldend offers leading-edge offensive and defensive cybersecurity solutions that empower government and commercial organizations to stay resilient in an evolving threat landscape.

Helix Tech Consulting

Helix Tech Consulting

Helix Tech have expertise in a wide range of technology areas, including IT strategy, infrastructure design, cybersecurity, disaster recovery, cloud, data centers, IT cost optimization, and more.

REAL Security

REAL Security

REAL Security is a market leader across the Adriatic region in value-added distribution in the field of IT Security & virtualisation.

Cyber Civil Rights Initiative (CCRI)

Cyber Civil Rights Initiative (CCRI)

CCRI is the leading organization serving thousands of victims around the world and advocating for technological, social, and legal innovation to fight online abuse.