Professional Lifecycle and Performance risk indicators focus on problems with an employee's work performance, conduct, or professional standing. These fall into three categories:
- Performance Concerns: Declining or poor performance ratings
- Disciplinary Actions: Reprimands, HR complaints, suspensions, unauthorized absences
- Employment Status: Demotions, separations (voluntary or involuntary, pending or completed), negative references from previous jobs
Foreign Considerations risk indicators focus on potential security risks based on an individual's foreign connections; these connections include:
- Citizenship: Having citizenship in a country viewed as a national security concern or having a spouse or family member with such citizenship
- Foreign Activities: Traveling to countries of concern, traveling frequently abroad (excluding official travel), serving in a foreign military or government
- Foreign Ties/Finance: Possessing a foreign passport, voting in foreign elections, having foreign assets or business interests, residing abroad, or receiving benefits from a foreign nation
- Foreign Contacts: Living with someone who is a foreign national, having foreign national contacts, or engaging in unauthorized contact with foreign intelligence agents
- Aiding Foreign Intelligence: Actions that enable or facilitate the activities of foreign intelligence entities
Security and Compliance Incidents risk indicators focus on an individual's trustworthiness and adherence to security protocols. These behaviors fall under the following categories:
- Improper Access and Data Security: Accessing classified information, physical facilities, or computer systems without authorization or proper need-to-know
- Financial Misconduct: Misusing government issued credit cards, expense violations, or time entry violations
- Security Lapses: Violations of security protocols, physical access anomalies (unusual physical access patterns), or virtual access anomalies (unusual computer access patterns)
- Non-compliance/Personal Conduct Issues: Failing to complete required training, neglecting to report necessary security clearance information, or engaging in outside employment that conflicts with security regulations
- Security Clearance Issues: Having a security clearance denied, suspended, or revoked
- Misuse of Privileges: Abusing access granted for official duties
- Security Issues: Security infractions, security violations, non-compliance with training, physical or virtual access anomalies, accessing facilities or systems outside of authorized hours.
Technical Activity risk indicators focus on identifying unauthorized or abnormal data movement and access attempts within a system. Technical Activity risk indicators include:
- Email Activities: Suspicious recipient, keywords, PII, large attachment, irregular volume (small/medium)
- Removable Media: Unauthorized USB, irregular data transfer (USB)
- Optical Drive: Unauthorized burning, irregular data transfer (optical drive)
- File Transfer: FTP, unauthorized file hosting, irregular volume (approved/unapproved)
- Printing/Faxing/Scanning/Copying: Irregular volume, irregular, and suspicious recipient
- Data Tampering: Erasing, modifying, tampering with records
- User Activity: Excessive screenshots, abnormal intranet browsing and suspicious websites, unexplained encrypted data storage, irregular data upload, excessive uploads, and large downloads
- Software: Unauthorized software, modifying registry/system files, starting/stopping services, modifying configuration files, disabling antivirus, firewall changes, introducing malicious code, outdated security software
- Network Activity: Network scans, unauthorized encryption software, and violating web policy
Unauthorized Disclosure is any communication or physical transfer of classified or controlled unclassified information (CUI) to an unauthorized recipient.
- Public Domain: Includes and is not limited to podcasts, print articles, internet-based articles, books, journals, speeches, television broadcasts, blogs, and postings
- Technology: Release and/or enabled theft of information relating to any defense operation, system, or technology determined to be classified and/or controlled unclassified information
- Unauthorized Recipient: Information wherein individual disclosed classified information and/or controlled unclassified information to unauthorized person or persons
Criminal, Violent, and Abusive Conduct potential risk indicators relate to violent behavior, criminal activity, and concerning personal situations, which include:
- Violent Behavior: Criminal violent behavior, sexual assault, domestic violence, threats of violence, exhibiting violence at work
- Criminal Activity: criminal behavior (other than violent), voluntary admission of crime, substantiated report, arrest, criminal proceedings (charges/convictions)
- Weapons: Possessing unauthorized weapon, weapon mishandling, criminal behavior involving weapons
- Legal Issues: Failure to follow court order, parole, probation, violation of parole/probation
- Criminal Associations: Criminal affiliations
Financial Considerations risk indicators focus on financial concerns, including criminal activity (theft, fraud), major financial difficulties (bankruptcy, foreclosure), and unresolved issues (delinquent debts, high debt ratio, tax issues). It also includes signs of suspicious wealth (unexplained affluence) and potential addictions (a gambling problem).
- Criminal Activity: Financial crimes, admissions of wrongdoing, and legal proceedings related to finances
- Debt Issues: Bankruptcy filings, foreclosures, defaults, liens, and excessive debt compared to income
- Tax Problems: Failure to file tax returns or wage garnishments due to unpaid taxes
- Suspicious Activity: Unexplained wealth alongside signs of gambling problems
Substance Abuse and Addictive Behavior risk indicators focus on substance abuse, including illegal and legal substances (alcohol and prescription drugs). It considers situations where abuse is discovered through self-admission, workplace incidents, failed drug tests, reports, arrests, or involvement in the criminal justice system. Additionally, it includes voluntary or involuntary treatment for substance abuse issues.
- Illegal drug use
- Drug trafficking
- Substance, alcohol, and prescription drug abuse
- Drug test failure
- Substance dependence
- Rehabilitation
Judgment, Character, and Psychological Conditions risk indicators focus on behaviors and characteristics that could raise concerns about an individual's suitability for a position, particularly those requiring security clearance or a high degree of trust. These concerns fall under several categories:
- Deception/Dishonesty: Falsifying information, past untruthfulness
- Disloyalty: Expressing ill-will towards the government or employer
- Mental Health Concerns: Self-harm, suicidal ideation, suicide attempt
While staying vigilant is important, there are things that don't belong in an insider threat report.
Here's what to keep out!
911 Disclaimer: The DoD Insider Threat Reporting Portal is staffed M-F and not equipped to handle situations that require immediate emergency assistance. In the event of an emergency, contact your local emergency services.
Protected Information: This includes medical information, salary details and confidential personal data.
Whistle Blowing: Whistleblowing should be reported to the Department of Defense Inspector General.
Insider threat concerns can be reported by anyone - civilians, contractors, employees, or members of the public. We partner with those dedicated to maintaining the security and integrity of the Department of Defense (DoD). Your awareness and timely reporting are vital to identifying and addressing potential risks effectively. All types of information could be relevant in preventing insider threat incidents and safeguarding the DoD enterprise.
Please check the acknowledgment box to proceed to the report
Any information entered herein will be used for official purposes only.
Please acknowledge the following in order to proceed:
Confidentiality and Privacy: You have the option to submit an insider threat report anonymously. You are not obligated to disclose your identity during the submission of an insider threat report. If you choose to provide your name and contact details, your identity will be kept confidential. Your personal information will only be disclosed for routine use in support of insider threat analysis, or in instances where disclosure is unavoidable during the course of an investigation, or when deemed necessary for law enforcement or administrative purposes.
Anonymous Filing Status: If you opt to file a report anonymously, please note that we will not have access to your identity, and consequently, we will be unable to reach out to you for further information.
The DoD Insider Threat Reporting Portal provides members of the DoD and the public the ability to anonymously report potential insider threat indicators exhibited by individuals with current or former placement and access who could pose risk to DoD information, resources and facilities. Additionally, the portal serves as an avenue to report potential unauthorized disclosures of classified and controlled unclassified information.
According to the 2017 National Defense Authorization Act, an insider threat is “a threat presented by a person who has, or once had, authorized access to information, a facility, a network, a person, or a resource of the Department and wittingly, or unwittingly, commits an act in contravention of law or policy that resulted in, or might result in, harm through the loss or degradation of government or company information, resources, or capabilities; or a destructive act, which may include physical harm to another in the workplace.
This site is currently under maintenance and not accepting threat reports.
If this is an emergency, contact 9-1-1 or your local emergency services.
Contact Law Enforcement to report suspected or actual criminal activity.