This report has been professionally converted for accurate flowing-text e-book format reproduction. The malicious insider threat is one of the most nefarious of potential cyber security breaches. There have been egregious insider data thefts in the last 10 years within the government. The Unintentional Insider Threat (UIT)—the individual who is incompetent or careless and accidentally divulges sensitive information—is also a major concern. Today, the Department of Defense (DoD) expends considerable effort to identify both forms of insider threats. Meanwhile, the DoD hopes to recruit innovative information technology personnel to better meet current and emerging cyber threats to national security. Although in its infancy, organizations like the Defense Innovation Unit represent this focused effort. This thesis investigates whether innovative personnel will pose increased insider threat potential. Our preliminary conclusion is that innovative people would not pose more of a malicious insider threat, but the UIT and innovator share one trait together: risk taking. Furthermore, mental health issues and disgruntlement are two traits shared by UIT and malicious insiders. The DoD should explore screening personnel for risk-taking traits, for example with the Balloon Analogue Risk Task (BART). Finally, the DoD should continue to be alert to mental health issues, and first line supervisors should intervene quickly to help disgruntled employees.

This compilation includes a reproduction of the 2019 Worldwide Threat Assessment of the U.S. Intelligence Community.

Personnel with authorized access are potentially the biggest threat to the Department of Defense (DoD). The cyber actor operating from outside the DoDIN is not as dangerous. The attacker without insider access has to circumvent world-class technology, firewalls, access control lists, intrusion detection systems, and encryption just to potentially access sensitive data. In fact, in 2018, insider threats accounted for 28% of all cyber-attacks. Trusted personnel already have the access; they have permission to be "inside the wire." The trusted insider is where the most dangerous threat lies. Meanwhile, the rapid pace of cyber innovation within the DoD is necessitating recruitment of a new type of personnel. As cyber technology continues to evolve, the cyber workforce will need to evolve with it; the DoD will need innovative people to work in it and lead it. The commonplace association of innovative high tech workers with quirky personality types naturally raises the question of whether hiring an innovative workforce will foster more insider threats. The research question this thesis examines in depth is: Do innovative thinkers pose an increased insider threat? A rigorous assessment of this question, going beyond superficial impressions and stereotypes, is necessary to guide DoD policy as it builds a personnel base to meet future information security challenges.