The change to the National Industrial Security Program Operating Manual (NISPOM) that was recently approved by the Department of Defense is a big one. Along with some new reporting and self-inspection requirements is the stipulation that all government contractors that fall under NISPOM guidelines immediately create a full insider thereat program at their companies.
Creating an insider threat program from the ground up where none existed before is certainly going to be a challenge for many companies. Especially when you consider that not every insider threat is actually going to stem from a malicious employee, so you can’t just give everyone a lie detector or find out who is deep in gambling debts to spotlight potential turncoats.
The heavy burden on contractors that Change 2 imposes is one of the reasons why it took so long to approve. But it’s a necessary and even critical step in these troubling times.