Insider Threat

What is the risk?

Higher education institutions and their employees are a top target for foreign intelligence services that seek information about U.S. technologies, federally funded research, intellectual property, classified or controlled unclassified information (CUI), (e.g., export‐controlled, proprietary, financial) or other sensitive information that could lead to a military, technological or economic advantage. As foreign adversaries use a number of different tactics to target such information, the collaborative nature of the academic community, it’s willingness to host foreign scholars, faculty autonomy, and the openness of many academic information technology networks all provide access points that a foreign intelligence operative could exploit.

Federal and state concerns about transfers of federally funded research, intellectual property, and other sensitive information from U.S. universities to foreign entities have escalated in recent years. According to a Defense Counterintelligence and Security Agency 2021 report, “Foreign Intelligence Entities target U.S subject matter experts, professors, and researchers in order to obtain sensitive U.S government information and technology.”

Insider Threat is the likelihood, risk, or potential that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the national security of the United States or to the institution.

In addition to traditional cyber security methods, such as phishing or hacking research systems, the FBI and the Department of State have identified certain techniques that have been used to access sensitive research information or intellectual property from university researchers:

• Sponsorship of foreign travel
• Study abroad opportunities
• Foreign conference or presentation opportunities
• Talent recruitment programs
• Gift or sponsored research funding
• Publishing opportunities
• Joint research opportunities
• In-kind research lab access or research personnel

These techniques may open opportunities for the inadvertent sharing or theft of intellectual property and sensitive or restricted information.  This can occur by adversaries gaining access to university systems or research as a visiting scientist, student, or as lab personnel, university researchers sharing sensitive research data for collaboration or as a requirement for gift/sponsored funding, or by researchers unknowingly being subjected to cyber security theft when traveling abroad. 

Failure to implement an insider threat program and otherwise mitigate the risk of an insider threat can lead to loss of an institution’s Facility Security Clearance, being barred from bidding on federal contracts, loss of IP, legal and reputational harm.

FIU’s Response:

In addition to the controls and mitigation measures outlined in the other Topic Sections of this website, FIU maintains an Insider Threat Program and has formed an “Insider Threat Program Working Group Committee”.  The purpose of this committee is to maintain FIU’s Insider Threat Program to gather, integrate, and report relevant and available information indicative of a potential or actual insider threat, consistent with the requirements of E.O. 13587 and Presidential Memorandum “National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs.”

FIU’s Insider Threat Program supports outward engagement with foreign students, scholars, and institutions that is essential to the University’s mission, while protecting people, facilities, technology, research, and IP and mitigating the risks posed by foreign adversaries intent on exploiting or inappropriately influencing federally funded research.

For questions regarding FIU’s Insider Threat Program or Committee, please contact Gregory Hughley, the Facility Security Officer (FSO) for Florida International University.  The FSO is responsible for managing FIU’s relationship with federal agencies under the National Industrial Security Program (NISP) requirements.  Mr. Hughley can be reached at (813) 898-4444 or via email at ghughley@fiu.edu.