How does the government hope to spot the next Edward Snowden? And how can federal employees pitch in to spot the 'threat'?
Thanks to a video game dubbed the "CyberAwareness Challenge" created by private contractor Defense Information Systems Agency (DISA), federal employees can be trained in the fine arts of password creation, social networking security and stealth peer-policing among coworkers.
"You've just been promoted and this is your first week in this position," the introduction reads, as the viewer is seated at their new virtual cubicle. "As with any new position, you will have a lot to do and learn. In your new role, you will be dealing with more information, and more sensitive information than ever before. You have to be aware that adversaries are constantly trying to get their hands on that information with a wide range of attacks. Remember information security is part of your responsibility and should be placed above all else."
The game, which is reportedly given to a "wide range of federal employees," takes new hires through a series of tests during which they are challenged to make the "secure" decision. In round three, participants are asked to assess the threat levels posed by their coworkers.
In one instance, the game warns federal workers that they should consider a hypothetical Indian-American woman named Hema a "high threat" because she frequently visits family abroad, has money troubles and "speaks openly of unhappiness with U.S. foreign policy."
In response to these 'indicators,' particularly the note regarding political dissatisfaction, Federation of American Scientists government secrecy expert Steve Aftergood toldHuffington Post, "It is not a threat indicator. It could apply to most members of Congress, if not to most Americans. By presenting the matter this way, the slide suggests that overt dissent is a security concern. That is an error."
Calling the CyberAwareness Challenge "ignorant and clumsy"--particularly the section which flags people who "speak openly of unhappiness with U.S. foreign policy"--
Unclassified versions of the training game are available for anyone to play online. According to Pentagon spokesman Lt. Col. Damien Pickart, several million people across the federal government have taken the training since it was released.
The game was produced in October 2012--one month before the Obama administration finalized its "Stasi-like" Insider Threat policy, revealed last month by McClatchy who reported at the time:
In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents.
The techniques are a key pillar of the Insider Threat Program, an unprecedented government-wide crackdown under which millions of federal bureaucrats and contractors must watch out for "high-risk persons or behaviors" among co-workers. Those who fail to report them could face penalties, including criminal charges.
_____________________
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
How does the government hope to spot the next Edward Snowden? And how can federal employees pitch in to spot the 'threat'?
Thanks to a video game dubbed the "CyberAwareness Challenge" created by private contractor Defense Information Systems Agency (DISA), federal employees can be trained in the fine arts of password creation, social networking security and stealth peer-policing among coworkers.
"You've just been promoted and this is your first week in this position," the introduction reads, as the viewer is seated at their new virtual cubicle. "As with any new position, you will have a lot to do and learn. In your new role, you will be dealing with more information, and more sensitive information than ever before. You have to be aware that adversaries are constantly trying to get their hands on that information with a wide range of attacks. Remember information security is part of your responsibility and should be placed above all else."
The game, which is reportedly given to a "wide range of federal employees," takes new hires through a series of tests during which they are challenged to make the "secure" decision. In round three, participants are asked to assess the threat levels posed by their coworkers.
In one instance, the game warns federal workers that they should consider a hypothetical Indian-American woman named Hema a "high threat" because she frequently visits family abroad, has money troubles and "speaks openly of unhappiness with U.S. foreign policy."
In response to these 'indicators,' particularly the note regarding political dissatisfaction, Federation of American Scientists government secrecy expert Steve Aftergood toldHuffington Post, "It is not a threat indicator. It could apply to most members of Congress, if not to most Americans. By presenting the matter this way, the slide suggests that overt dissent is a security concern. That is an error."
Calling the CyberAwareness Challenge "ignorant and clumsy"--particularly the section which flags people who "speak openly of unhappiness with U.S. foreign policy"--
Unclassified versions of the training game are available for anyone to play online. According to Pentagon spokesman Lt. Col. Damien Pickart, several million people across the federal government have taken the training since it was released.
The game was produced in October 2012--one month before the Obama administration finalized its "Stasi-like" Insider Threat policy, revealed last month by McClatchy who reported at the time:
In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents.
The techniques are a key pillar of the Insider Threat Program, an unprecedented government-wide crackdown under which millions of federal bureaucrats and contractors must watch out for "high-risk persons or behaviors" among co-workers. Those who fail to report them could face penalties, including criminal charges.
_____________________
How does the government hope to spot the next Edward Snowden? And how can federal employees pitch in to spot the 'threat'?
Thanks to a video game dubbed the "CyberAwareness Challenge" created by private contractor Defense Information Systems Agency (DISA), federal employees can be trained in the fine arts of password creation, social networking security and stealth peer-policing among coworkers.
"You've just been promoted and this is your first week in this position," the introduction reads, as the viewer is seated at their new virtual cubicle. "As with any new position, you will have a lot to do and learn. In your new role, you will be dealing with more information, and more sensitive information than ever before. You have to be aware that adversaries are constantly trying to get their hands on that information with a wide range of attacks. Remember information security is part of your responsibility and should be placed above all else."
The game, which is reportedly given to a "wide range of federal employees," takes new hires through a series of tests during which they are challenged to make the "secure" decision. In round three, participants are asked to assess the threat levels posed by their coworkers.
In one instance, the game warns federal workers that they should consider a hypothetical Indian-American woman named Hema a "high threat" because she frequently visits family abroad, has money troubles and "speaks openly of unhappiness with U.S. foreign policy."
In response to these 'indicators,' particularly the note regarding political dissatisfaction, Federation of American Scientists government secrecy expert Steve Aftergood toldHuffington Post, "It is not a threat indicator. It could apply to most members of Congress, if not to most Americans. By presenting the matter this way, the slide suggests that overt dissent is a security concern. That is an error."
Calling the CyberAwareness Challenge "ignorant and clumsy"--particularly the section which flags people who "speak openly of unhappiness with U.S. foreign policy"--
Unclassified versions of the training game are available for anyone to play online. According to Pentagon spokesman Lt. Col. Damien Pickart, several million people across the federal government have taken the training since it was released.
The game was produced in October 2012--one month before the Obama administration finalized its "Stasi-like" Insider Threat policy, revealed last month by McClatchy who reported at the time:
In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents.
The techniques are a key pillar of the Insider Threat Program, an unprecedented government-wide crackdown under which millions of federal bureaucrats and contractors must watch out for "high-risk persons or behaviors" among co-workers. Those who fail to report them could face penalties, including criminal charges.
_____________________