An official website of the United States Government 
Here's how you know

Official websites use .gov

.gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

DOD Program Aims to Deter Insiders From Harmful Acts

You have accessed part of a historical collection on Some of the information contained within may be outdated and links may not function. Please contact the DOD Webmaster with any questions.

The Defense Department is encouraging employees to keep the workplace safe by being alert to potential threats from colleagues or others as part of an employee awareness campaign that coincides with National Insider Threat Awareness Month.

Insider threats are posed by employees or anyone else who has been granted trusted access to DOD information systems, installations, or facilities who commit a harmful act, intentional or not.

To prevent damage and avert casualties, we need the workforce's help."
Dr. Brad Millick, director of DOD's counter-insider threat program in the Office of the Under Secretary of Defense for Intelligence

The department's counter-insider threat program aims to teach analysts in the various DOD component hubs to recognize concerning behaviors and potential threats. Dr. Brad Millick, director of DOD's counter-insider threat program in the Office of the Under Secretary of Defense for Intelligence, said the program's principal goal is to intervene before someone commits a hostile act.

To do that, Millick intends to enlist the help of all DOD employees. "What we are trying to do is tell people if you hear that, if you see that, if you sense that, pay attention to that. To prevent damage and avert casualties, we need the workforce's help."

In support of the DOD counter-insider threat program and National Insider Threat Awareness Month, the Defense Counterintelligence and Security Agency's Center for Development of Security Excellence provides many resources designed to educate the workforce about insider threats and the role of counter-insider threat programs.  

A graphic featuring a man with his head resting in his hands bears the words “Most Insider threats display concerning behaviors prior to engaging in negative events.  If you see something, say something!”
National Insider Threat Month
September is National Insider Threat Month. Defense Department employees are being asked to become better “sensors” to detect indicators that another employee either is or might evolve into an insider threat.
Photo By: DOD graphic
VIRIN: 190827-D-ZZ999-001

"Many people are uncomfortable reporting information about their co-workers or themselves to their security office or counter-insider threat program," said Rebecca Morgan, chief of the insider threat division at CDSE. She stated that her goal is to help individuals not only understand their responsibility in recognizing and reporting indicators, but also to share information about the true nature of counter-insider threat programs.  

"Counter-insider threat programs are designed to deter, detect, and mitigate risk. They are most effective when providing proactive intervention to individuals who are struggling with everyday stress. That intervention may prevent witting or unwitting threats to the enterprise via unauthorized disclosure, targeting and recruitment by foreign intelligence, acts of workplace violence or other forms of harm to the department and its assets," Morgan said. 

Although personal problems and indicators alone don't necessarily mean an employee poses a threat, Millick said, at times a combination of them can cause an employee to gravitate toward negative workplace events. Behaviors of concern or potential warning signs include, but are not limited to:

  • Threatening statements or actions
  • Signs of disgruntlement
  • Ideological challenges or opposition to the mission
  • Circumventing rules or behaviors reflecting ethical flexibility
  • Browsing files and records without authorization
  • Impact of external influences on work such as substance abuse problems, financial problems, or association with anti-U.S. or criminal groups

All DOD personnel must remain vigilant in recognizing and reporting concerning behaviors. If fellow employees see behaviors or hear comments that a co-worker is struggling, it's important to notify security officials and the counter-insider threat program.  

A hand places a folder with a “SECRET” cover sheet into a messenger bag.
Classified Info
The unauthorized removal of classified information from the workplace is one action of an insider threat. A “secret” cover sheet typically designates a folder that contains classified material that can be viewed only by those with proper clearance. This folder contains no classified material, however, and the cover sheet itself is unclassified.
Photo By: C. Todd Lopez, DOD
VIRIN: 190827-D-NU123-002

"Intervention can assure that resources are provided to the individual at risk and give them a means to reassess their situation and alter their plans," Millick said. This becomes even more critical if fellow employees recognize signs that a co-worker might carry out a threat. Threats of imminent harm should be communicated to security officials and/or 911 immediately. "The ideal situation is to prevent those who start out as great employees from harming the government, their co-workers and their personal and professional lives."

History has shown that even trusted insiders can be a threat to our national security and safety. Some high-profile examples of trusted insiders who carried out hostile acts against the federal government are:

  • Former Army Maj. Nidal Hasan, an active duty psychiatrist, killed 13 people and wounded 30 in a 2009 attack at Fort Hood, Texas.
  • Former Naval Criminal Investigative Service special agent John Beliveau accepted $30,000 in cash, several lavish trips, dinners and additional services in payment for classified information between 2008 and 2013.    
  • Former government contractor Aaron Alexis shot and killed 12 people at the Washington Navy Yard in September 2013.
  • Former government contractor Reality Winner leaked classified information in 2017.

Studies conducted after attacks by insiders show co-workers often suspected something was wrong with the individual, but they didn't believe their suspicions warranted an outreach to their agency's counter-insider threat program or internal security officials.

"A lot of the reports posted after horrific insider events indicate there's a pattern of behavior before the attack, or 'left of boom,' that is detectable, in small behaviors of concern, in stressors, or in base personality," Millick said.

If those behaviors are observed and reported to appropriate security or program staff, then employees can be helped before they pose a threat, he noted. "When we detect these behavior anomalies, we will work with stakeholders in the enterprise and get those folks the help and counseling needed," Millick said.

For more information on potential risk indicators, insider threat case studies, awareness videos and more, visit the Center for Development of Security Excellence Insider Threat Vigilance Campaign at

Related Stories