US Defense Intelligence Agency Is Researching Employee Social Media Histories

Uploaded on 2016-07-27 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

The Pentagon is conducting market research for a planned 12-month "social media checks" pilot that would analyze public posts to help determine an employee's suitability for Defense Intelligence Agency (DIA) classified work.

The effort is part of a shift away from screening intelligence and military staff every five years, as is current practice. The program is meant to support “continuous evaluation” through automated searches of various data sources, including social media posts, DIA says.

The scope of this particular trial run would involve generating "social media reports" that provide "comprehensive and objective data" and expertise to carry out a "whole of person review," in line with Office of Director of National Intelligence (DNI) guidelines, states a newly released January draft statement of work.

In May, DNI chief James Clapper issued a directive approving the use of social media in the public domain to vet personnel.

If DIA goes through with a contract, "at a minimum, the service would have to analyze foreign comments and postings, foreign contacts and any information regarding: allegiance to the United States, foreign influence and/or preference, sexual behavior, personal conduct, financial, alcohol, legal and/or illegal drug involvement, psychological conditions and criminal conduct," the work statement says.

A DIA official told Nextgov there is no guarantee the agency will solicit any vendor; rather, DIA is figuring out what features companies might be able to offer.

The social media reports would help out that agency's existing Personnel Security, Insider Threat, Continuous Evaluation, Counterintelligence and Investigation program, DIA spokesman James Kudla said.

"This is part of the larger government effort" for "continuous evaluation monitoring," Kudla said in a brief interview. It's not restricted to the intelligence community; "it’s really part of the Department of Defense program as well."

"Social media reports are required to identify national security concerns on individuals who are required to obtain and retain a national security clearance" for handling sensitive material, states a July 14 sources sought notice accompanying the work description.

The reports should include checks of "all publicly available social media sites," the work statement says.

DIA does not specify particular websites, like Facebook, Twitter or other online networks. The analyses also would cross-check an individual's various online personas through "social media profile comparisons," the work statement adds.

Clapper's policy states that security clearance investigators cannot create shadow accounts to "follow" or "friend" an employee under review. In addition, social media content about other people inadvertently collected during a check cannot be retained unless the information is relevant to the review of the employee, the directive says.

Other intelligence agencies have experimented with social media monitoring to aid the background investigation process. The National Security Agency, for example, says it performed a successful social media test that tracked 175 NSA employees on their online networks.

About 45 percent of the searches returned information that aligned with criteria NSA currently uses to judge candidates -- "some of which we didn’t know before," Kemp Ensor, NSA director of security, said in April at an Intelligence and National Security Alliance symposium in Chantilly, Virginia.

The DIA market research notice says the agency would like social media reports for routine investigations turned around within five days and two-day delivery for most "expedited" social media reports.

The agency is looking for prospective vendors that would be able to use a secure, encrypted internet website or document transfer tool to furnish the social media reports, the work statement says.

Defense writ large is building a massive information-sharing system that can profile security clearance-holders, to flag who among them might become traitors or other "insider threats."

The DOD Component Insider Threat Records System is part of the government-wide reaction to the 2010 sharing of classified diplomatic cables with WikiLeaks by former Pfc. Chelsea Manning.

NextGov

« Ransomware: Should You Pay The Ransom?
Google Wants Your Medical Records »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

Concordium

Concordium

Concordium aims to build the world’s leading open-source, permissionless, and decentralized blockchain with built-in user identity at the protocol level.

Iowa Cyber Hub

Iowa Cyber Hub

Iowa Cyber Hub is a cybersecurity education partnership between Iowa State University and Des Moines Area Community College.

Mayhem

Mayhem

Mayhem, by ForAllSecure, is a developer-first application and API security testing solution.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

GrayHats

GrayHats

GrayHats is a platform-based cybersecurity company devoted to delivering comprehensive, scalable, and proactive protection for businesses in an ever-evolving threat landscape.