Insider Threat Risk Calculator

OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Human-Machine Interfaces OBJECTIVE: Develop a tool that would ingest leads from various sources, synthesize the leads with all other available information regarding a Possible Threat Actor (PTA), assign a risk level to the PTA, and notify Counter-Insider Threat (C-InT) analysts of the risk level. DESCRIPTION: Defense Agencies, along with C-InT Programs across the entire U.S. Government, collect leads on PTA's through multiple sources, some of which include: User Activity Monitoring (UAM), Information Technology professionals, and Agency reporting tools. Unfortunately, few if any C-InT programs have the workforce needed to adequately screen each lead, compare it with available other collected data, and assign a risk level to the PTA. The two main reasons for this is that screening thousands of leads each month requires a cost-prohibitive number of analysts, and the enormous volume of leads fatigues analysts, resulting in missed warning signals. Automating the lead screening process and leveraging Artificial Intelligence (AI) to assign risk levels to PTAs would enhance analysts' abilities to recognize potential threats and increase the time available for leaders to interdict and mitigate unfavorable behaviors. PHASE I: Demonstrate ability to ingest leads and collect from automated sources, written reports, and on-line reporting sources such as social media. Collections could include written documents, images, or video feeds. PHASE II: Demonstrate ability to fuse and synthesize the collected data and assign appropriate risk levels. The system should store in such a way that analysts could access and review the collected artifacts. Risk levels should appear as a percentage threat value with zero percent meaning no threat, and 100 percent meaning imminent threat. The risk level should also come with an associated write-up explaining how the system arrived at the risk level. PHASE III DUAL USE APPLICATIONS: Demonstrate ability to create human interface technologies that would allow Counter-Insider Threat analysts the ability to interpret the data collected and the risk levels assigned. The system should be capable of presenting all collected data, risk levels, and explanations of findings in an easily readable, intuitive human interface, such as an "analyst workbench" or other similar interface. REFERENCES: DoD Instruction 5205.16, The DoD Insider Threat Program. https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodd/520516p.pdf National Insider Threat Task Force Maturity Framework https://www.dni.gov/files/NCSC/documents/nittf/20181024_NITTF_MaturityFramework_web.pdf KEYWORDS: Insider Threat; Risk assessment; Risk Scoring