DoD Insider Threat Management and Analysis Center (DITMAC)

The DoD Insider Threat Management and Analysis Center (DITMAC) was created in response to the Washington Navy Yard shooting of September 16, 2013. Reviews of the shooting concluded that DoD could have done more to consolidate and share information necessary for identifying potential insider threats, developing a holistic picture of risk posed by insiders, and coordinating actions to mitigate risk. The Deputy Secretary of Defense approved the Washington Navy Yard Implementation Plan, including its recommendation to establish the DITMAC to address these deficiencies. The Under Secretary of Defense for Intelligence (USD(I)) then directed the Defense Security Service to establish the DITMAC to provide DoD with an enterprise-level capability for insider threat information integration and management.

In DoD Instruction 5205.83, the USD(I) directed that the DITMAC will:

  • Oversee the mitigation of insider threats to DoD
  • Assess enterprise-level risks, refer recommendations for action, synchronize responses, and oversee resolution of identified insider threat concerns
  • Develop enterprise-level risk criteria (thresholds) to facilitate Component reporting of potential threat information and assess the effectiveness of actions taken by Components to address, mitigate, or resolve insider threats
  • Support the Office of the USD(I) in establishing standards to ensure that the DoD Insider Threat Program complies with applicable statutes, Executive Orders, and other National and DoD regulations and policies that specify insider threat program requirements
  • Provide a single repository for enterprise-level DoD insider threat related information
  • Promote collaboration and sharing of insider threat information among DoD Components

DITMAC Frequently Asked Questions

  1. Why is mitigating insider threats so important to DoD?
  2. Are all insider threats malicious or intentional?
  3. I don’t work with classified information. Is my office still vulnerable to insider threats?
  4. Are insiders as dangerous as external threats?
  5. What is the DITMAC?
  6. Why is DITMAC needed?
  7. What specialties make up the DITMAC team?
  8. When will the DITMAC be operational?
  9. How do I report a potential insider threat to the DITMAC?

1. Why is mitigating insider threats so important to DoD?
Insider threats can cause significant damage to our people and our national security. DoD takes seriously the obligation to protect its people and assets whether the threats come from internal or external sources. Insider threat programs help ensure our hard-working and dedicated workforce have a safe environment to carry out our important missions.

[top]

2. Are all insider threats malicious or intentional?
No. An insider threat may be “unwitting” if the insider is unaware that his or her actions or behaviors are exposing DoD or a DoD Component to an elevated risk of harm or loss, perhaps through lack of training or negligence.

[top]

3. I don’t work with classified information. Is my office still vulnerable to insider threats?
Yes. There is no environment immune from the potential of insider threats. Insiders can threaten not only classified information but also sensitive information (which includes Personally Identifiable Information (PII)) and all types of DoD resources, to include people.

[top]

4. Are insiders as dangerous as external threats?
There should be no doubt that insiders present an equal threat to that posed by external actors. Their access and familiarity with the Department’s policies, security procedures, and technologies provide insiders opportunities to do great harm.

[top]

5. What is the DITMAC?
The DoD Insider Threat Management and Analysis Center (DITMAC) serves as DoD’s enterprise-level capability for insider threat information integration and management. The DITMAC enables information sharing, collaboration, analysis, and risk mitigation across the DoD Components to protect the lives of DoD personnel, safeguard national security information, and secure DoD resources.

[top]

6. Why is DITMAC needed?
The tragic shootings at the Washington Navy Yard and Fort Hood, along with other catastrophic insider threat events, have highlighted the need for coordinated DoD insider threat efforts. DITMAC provides an enterprise-level capability to consolidate and share information necessary to identify potential insider threats, develop a holistic picture of risk posed by insiders, and coordinate actions to mitigate risk.

[top]

7. What specialties make up the DITMAC team?
The DITMAC is developing a multifunctional team, comprised of personnel from several backgrounds to include, but not limited to law enforcement, counterintelligence, security, information assurance, cybersecurity, legal, and privacy.

[top]

8. When will the DITMAC be operational?
The DITMAC achieved initial operating capability and began receiving reporting from DoD Component Insider Threat programs in October 2016.

[top]

9. How do I report a potential insider threat to the DITMAC?
DoD personnel should report potential insider threats via their Component Insider Threat Hub/Program or other designated channels such as security or human resources.

[top]