Insider threat programs within various U.S. government departments, including Health and Human Services, Transportation, and Veterans Affairs, have implemented policies designed to protect unclassified government information. These policies, as outlined in the Federal Register, allow these departments to monitor employees’ activities and communications. Similar measures are in place at the Department of the Interior, the Internal Revenue Service, and the Federal Deposit Insurance Corporation, encompassing strategies to collect and evaluate employee social media activity.
These programs are part of a national initiative overseen by a task force led by the Attorney General and Director of National Intelligence. Their goal is to identify behaviors that could signal an increased risk of various threats, including information leaks and workplace violence, as well as impacts on federal agencies’ resources or capabilities. According to research from Carnegie Mellon, over 60 percent of insider-threat incidents involve non-espionage-related fraud.
The U.S. government’s insider threat literature identifies several indicators of potential threats, including fraud, disgruntlement, ideological challenges, and moral outrage. It is reported that at least nine of the 15 Cabinet-level departments utilized contracts with companies like Everfox and Dtex Systems to monitor employees digitally. Everfox opted not to comment on these contracts.
Dtex Systems’ Intercept software is an example of technology used by federal agencies to generate risk scores based on anonymized metadata, such as URLs visited and files accessed on work devices. The company states that investigating high-risk employees requires dual approval in its system. Unlike some government monitoring practices, Dtex’s software does not record keystrokes or process email, call, chat, or social media content.
Government employees are reminded, via messages on startup of government-issued devices, that they should not expect privacy concerning communications made using government networks. There are questions about the extent to which existing monitoring programs are being used to align federal workers with political agendas.
Rajan Koo, Chief Technology Officer of Dtex, expressed the hope that the Trump administration would reconsider its approach to employee monitoring, noting that heavy reliance on surveillance tools could lead to a culture of dissatisfaction and a potential increase in insider threats.
Sources informed about U.S. insider-threat programs describe them as inefficient, as they generate a large number of alerts, including many false positives that require detailed analysis. Any efforts to expand these monitoring programs might increase false positives, complicating the workload further. Meanwhile, an official email from the Trump administration sought to encourage voluntary resignations among federal employees to create a “reliable, loyal, trustworthy” workforce, a move that could potentially face legal challenges if enforced through insider-threat programs.
