A bill to codify the Department of Homeland Security’s activities for detecting and mitigating insider threats passed in the House on Tuesday by voice vote.
The same bill passed in November 2015 by a voice vote, but sponsor Peter King, R-N.Y., said on the House floor Tuesday that it did not make it to the president’s desk in the 114th Congress due to “last-minute scheduling issues with the Senate.”
The Department of Homeland Security Insider Threat and Mitigation Act of 2017 (H.R.666) would authorize and expand DHS efforts to detect the potential for leaks and mitigate those threats, King said. He added that the bill requires DHS to develop a strategy around the issue, and make sure employees understand how they are being monitored and what behavior may indicate an insider threat.
“Recent high-profile cases of government employees leaking classified information have caused drastic damage to U.S. national security and diplomacy,” King said Tuesday on the House floor in prepared remarks, evoking Edward Snowden as an example. “In response to these cases it is vital that Congress ensure federal agencies have the tools to detect and disrupt future insider threat situations before damage is done.”
DHS has more than 115,000 employees with access to classified information, King said, and even more with access to sensitive law enforcement information.
Bennie Thompson, D-Miss., said Tuesday during debate on the bill that he was supportive of DHS’s current insider threat program, but was concerned about agencies deploying evaluation programs “without transparency and congressional oversight.”
“I’m concerned that federal agencies, with an understandable urge to protect their IT systems and facilities, are racing to acquire the capability before knowing whether such costly systems are even effective,” Thompson said.
So while Thompson recommended passage of the bill, he also stressed the importance of agencies talking to Congress before deploying employee monitoring technology, such as software that would look at an employee’s credit or social media history. He said those conversations with Congress should not only include cost/benefit information, but what protections are in place for workers being monitored.