What If the Insider Threat Memo Is about David Petraeus?

In a holiday document dump, President Obama transmitted Minimum Standards for Insider Threat Detection Programs. As mere citizens, we don’t get to see those standards. We only get to see the memo accompanying them, which leaves us guessing what–if anything–to make of the timing and content of the memo. In addition to Steven Aftergood’s general overview, Falguni Sheth, Kevin Gosztola, and Jesselyn Radack have some thoughts.

The simplest explanation for the timing of the memo is that’s when the Insider Threat Task Force developing them finished the Standards. The Standards were due a year after Obama ordered the creation of them on October 7, 2011.

Sec. 6.3. The Task Force’s responsibilities shall include the following:

(a) developing, in coordination with the Executive Agent, a Government-wide policy for the deterrence, detection, and mitigation of insider threats, which shall be submitted to the Steering Committee for appropriate review;

(b) in coordination with appropriate agencies, developing minimum standards and guidance for implementation of the insider threat program’s Government-wide policy and, within 1 year of the date of this order, issuing those minimum standards and guidance, which shall be binding on the executive branch;

That would mean they were due 45 days before Obama transmitted them. Perhaps the delay can be explained by either the election or a review within the White House (and I’m wonder whether Obama’s victory influenced how Obama received these Standards).

So it could well be that this memo was released as a holiday dump through sheer chance, Obama finishing up business before taking time with the family.

The timing of the transmittal might also be explained by personnel changes. James Clapper and Eric Holder (or their designees) would be the mandatory co-Chairs of the Task Force. While reports suggest Holder will stick around for another year, it’s unclear whether Clapper will be.

But then there’s the possibility that the Petraeus scandal influenced this release.

As a threshold matter, the EO mandating these Standards includes CIA involvement (by designees of but not the Director himself) on both the Task Force and Steering Committee on Insider Treats. It also reserves the authority of the Director of CIA with regards to security of information systems under an earlier EO and a National Security Directive. What happens where you’re in the middle of rolling out an Insider Threat Detection Program and one of the key players involved in it is embroiled in an insider threat investigation himself?

The EO also allows the Director of National Intelligence to “issue policy directives” to help the agencies of the Intelligence Community comply with this.

With respect to the Intelligence Community, the Director of National Intelligence, after consultation with the heads of affected agencies, may issue such policy directives and guidance as the Director of National Intelligence deems necessary to implement this order.

Perhaps such “policy directives” no longer seem like such a good idea if the CIA Director can’t even limit his threat profile.

Then there’s the possibility that the behavior of one of the players in the scandal demonstrated that the Standards are not yet being met. While reportedly Petraeus and Paula Broadwell only shared a GMail account–and therefore there is no allegation that they used the classified networks addressed in the EO–we have fewer details about what network General Allen was using to exchange sexy-time emails with Jill Kelley. Furthermore, whlie we know Broadwell had classified information on her computer and in her house, we don’t have much detail on this, either. As a Reserve Officer, her behavior may well have demonstrated holes in the program implemented by DOD.

In other words, it may be that the Standards had been languishing for 45 days after they were completed, but the Petraeus scandal identified that the Insider Threat Detection should have but did not identify some of the activities going on. That might have created some urgency for Obama to transmit them, so he could start cracking heads at the agencies where they standards were not being met. Obama’s memo also promises the standards will “provide the workforce with insider threat awareness training,” so it’s possible the Administration believes that if just its top Generals had a bit more training they might not destroy their careers by compromising security. Though, as Marc Ambinder explained, because he was in the chain of command for the nuclear football, Petraeus would have had extensive indoctrination on potential threats.

Or maybe it’s something else entirely.

The language used in Obama’s memo differs in some interesting ways from the language in the EO on Insider Threats. The latter always refers to agencies, cited back to a 2009 EO

(a) For the purposes of this order, the word “agencies” shall have the meaning set forth in section 6.1(b) of Executive Order 13526 of December 29, 2009.

Which in turn cites back to laws defining both agencies and departments of the military.

Obama’s memo, however, always refers to both agencies and departments:

This Presidential Memorandum transmits the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Minimum Standards) to provide direction and guidance to promote the development of effective insider threat programs within departments and agencies to deter, detect, and mitigate actions by employees who may represent a threat to national security.


The Minimum Standards provide departments and agencies with the minimum elements necessary to establish effective insider threat programs. [my emphasis]

Legally, I suspect there is no difference here, given that agencies as used in the EO includes military departments. But the emphasis seems to be different.

In addition, the EO defines the Insider Threat differently. The EO emphasizes unauthorized disclosure of classified information–the threat identified by WikiLeaks.

Sec. 6.1. There is established an interagency Insider Threat Task Force that shall develop a Government-wide program (insider threat program) for deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions, and systems of individual agencies.

But Obama’s memo includes “violent acts against the Government.”

These threats encompass potential espionage, violent acts against the Government or the Nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems. [my emphasis]

Mind you, violent acts should be included. After all, Nidal Hasan was emailing Anwar al-Awlaki 9 months before he attacked at Fort Hood. And the release of the Webster report provided recommendations that may have been integrated into these Minimum Standards. Plus, given the fearmongering over cyberthreats, Obama may have wanted this out shortly following his EO on cybersecurity.

But again, the emphasis is different.

It may be any of these things: simply the normal timing, the issues others have addressed, real physical threats we may not know about.

But it is, at the very least, ironic that Obama formally implemented these Minimum Standards less than two weeks after two top national security figures were exposed for showing at least bad judgment about their own Insider Threat exposure.

16 replies
  1. orionATL says:

    “insider threat detection program”?

    good lord, whatever its focus and intentions, that would seem ready-made for limiting and punishing whistle-blowing.

  2. marksb says:

    Great. Insider threat policies. My training said don’t do it if it in any way compromised the information or access to the information. Period.
    It’s like my training on sexual harassment and how it’s defined: if the person feels harassed, than it qualifies.
    If the information is classified, then any action taken that compromises the security of the information is a violation of your security clearance.
    Gosh I hope we haven’t stepped back to needing a list of do’s and don’ts in order to define a security breach.

  3. ryan says:

    The New York Times is reporting that the Allen investigation has zeroed in on “60 to 70 emails that bear a fair amount of scrutiny”, and that your presents will be wrapped up before the investigation will be – not expected till after the new year.

    I don’t see this as consistent with an adultery investigation. How would scrutiny of 70 love letters take 8 weeks? Would they be diagramming his sentences for complexity to help them verify the depth of his feeling? verifying that his doggerel was merely in iambic pentameter and didn’t include any sultry and incriminating dactyls or trochees?

  4. emptywheel says:

    @ryan: They could be cross checking to find out where Kelley was when she responded to them.

    It’s the hammer that the FBI apparently uses with all investigations these days.

  5. Kathleen says:

    Tom Ricks sure seems to be making the effort to say that the Republicans effort to shine the light on what took place at the US consulate in Benghazi is much ado about nothing.

    Al Qeada/Ambassador Stevens/CIA/Petraeus

    And can anyone explain why President Obama is so willing to put up such a fight for Susan Rice and was not willing to put up a fight for Elizabeth Warren to head her creation the CFPB. And why is Obama pushing so hard for Rice when Kerry is more qualified?

  6. klynn says:

    The language and timing could have multidimensional purposes.

    So much has been going on. It could all be coinkydinky. In addition to the whole Petraeus-Broadwell-Allen-Kelley…

    _ This summer (July 25) a Canadian spy case threatened our security:

    (This on the heels of the 2010 Russian spy ring.)

    -Also this summer, there is much to read in the month of July about Syria, the US, Russia,and Israel. Evidently, Israel killed one of our Syrian assets.


    And the same week this curious piece ran:

    (Which is noted just days later as being based on leaked information from either within WH or CIA.)

    -Saudi Intel building hit July 22

    -Bandar killed at end of July

    -This runs on July 30th:

    -Then this case:

    -On Oct. 21st it was reported that the 23rd Chemical Battalion was moving back to Camp Stanley in S. Korea invalidating a US agreement

    -Putin fires Defense minister and his deputies in early Nov.(Due to scandal.)

    I am not trying to create some grand plot. Simply pointing out much has been going on since July with interesting players involved. Many threats may be pointing to inside threats from many directions that Obama has to confront.

    Throw in the “Jimmy Carter Moment” question at the fundraiser on May 17th and subsequent GOP push for such…Only to watch the whole month of July go crazy and then the situation for the Sept 11 Benghazi violence, I don’t know. The whole collection of messes smell bad.

  7. Frank33 says:

    It has been a rough two days. It has been “cold turkey”, SpyFall withdrawal. I was getting so desperate, I was considering an RSS feed. Obvious lockdown on information by the authorities.

    But the lockdown has been breached! Abbe Lowell is going to sue “leakers”. And Abbe does some leaking. Ain’t it grand!

    The Washington lawyer representing the Tampa socialite involved in the sex scandal that prompted David Petraeus’s resignation as CIA director threatened to take legal action against the U.S. attorney in Tampa if he or other federal officials leak information about his client…

    A person close to Kelley said Tuesday that she is a prolific e-mailer and that she exchanged perhaps 1,000 e-mails with Allen. The person, who spoke on the condition of anonymity because Allen is under investigation by the Defense Department, said that some exchanges were “taken out of context, could be read to be flirtatious” but that the characterization of them as “ ‘phone sex,’ is not true.” The person also said that Kelley did not have an affair with Petraeus or Allen.

    However, Lowell is also treatening Tampa lawyer Barry Cohen. Cohen may not be amused. Jill, no not Jill, Natalie has sued Cohen for sexual harassment.

    Along with threatening legal action against the top federal prosecutor in Tampa, Lowell wrote a letter to the disciplinary office of the Florida Bar Association to complain about the conduct of Barry Cohen, who represented Kelley and her husband, Scott, in various financial matters in 2009 and 2010.

  8. Frank33 says:

    Abbe Lowell may be making a mistake messing with Cohen. But he also is threatening Adam Victor, with “defamation”. Victor has e-mails. And Victor is a very important person. Lowell wants to publicize South Korea Honorary General Jill, and Petraeus, scheming with the South Korea President. Please, help Abbe Lowell.

    Victor says Jill was name dropping P4, to support the “Clean Coal” no-bid deal with the South Korea President. Cohen made similar statements at a news conference about the name dropping of important people.

    Lowell’s harshest comments were aimed at Victor, who has granted numerous interviews telling reporters about a deal to build a coal-gasification plant he said Kelley tried to help broker earlier this year between his firm and South Korean interests…

    In his letter to Victor, Lowell asserted that the executive had defamed Kelley. Further, he said, it was Victor — not Kelley — who had brought up the topic of a fee.

  9. klynn says:


    So, does this mean, we are restricted in discussing the elements of the petraeus-broadwell-allen-kelley dynamics and any of us at EW could be threatened with legal action depending on what we post and discuss?

Comments are closed.