Earlier this month, I blogged on how workplace violence prevention policies can be the foundation of an insider threat program. Specifically, I described how Edward Snowden’s whistleblowing encouraged the U.S. government to require contractors to develop programs, policies and training to mitigate the threat.

I would like to further detail why and how insider threat training should address human behavior. In addition to establishing a workplace violence prevention program and inter-disciplinary Threat Assessment Teams, another effective way to build out the nucleus of an effective insider threat program is to create HUB Teams.

What is a HUB Team?

A HUB Team is a term coined by the Department of Defense in the aftermath of the Washington Navy Yard (WNY) shooting on September 16, 2013 to describe a centralized capability that quickly analyzes the results of automated records checks and reports of behavior of concern and recommends action, where appropriate.

The term originally referred to the DoD’s proposed Insider Threat Management and Analysis Center (DITMAC), which was recommended by the Secretary of Defense-led Internal Review Team seeking to identify and recommend actions for addressing gaps or deficiencies in DoD programs, policies and procedures related to the WNY shooting.

HUB Teams are typically comprised of personnel from several backgrounds including, for example, law enforcement, counterintelligence, security, information assurance, cybersecurity, law, human resources and privacy, among other areas.

HUB Teams and their responsibility to share information

HUB Teams were established as part of the Obama Administration’s National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs. The policy emphasizes four fundamental information sharing responsibilities. As summarized by the Office of the Director of National Intelligence, the HUB Team will:

  1. Ensure the agency’s insider threat program is developed and implemented in consultation with that agency’s Office of General Counsel and civil liberties and privacy officials so that all insider threat program activities to include training are conducted in accordance with applicable laws, whistleblower protections, and civil liberties and privacy policies.
  2. Establish oversight mechanisms or procedures to ensure proper handling and use of records and data described below, and ensure that access to such records and data is restricted to insider threat personnel who require the information to perform their authorized functions.
  3. Ensure the establishment of guidelines and procedures for the retention of records and documents necessary to complete assessments required by Executive Order 13587.
  4. Facilitate oversight reviews by cleared officials designated by the agency head to ensure compliance with insider threat policy guidelines, as well as applicable legal, privacy and civil liberty protections.

What’s the difference between a HUB Team and a Threat Assessment Team?

The former focuses on administrative information sharing; policy compliance; data retention and documentation protocols; and legal, privacy and civil liberty protections. The latter focuses on assessing the threat and interdicting it. Yet both are dedicated to the analysis and thoughtful response to situations of concern, and both identify potential risks and mitigate them before an adverse event occurs. At Hillard Heintze, we consider both a best practice, as they enhance collaboration within an organization as one tactic in an integrated, strategy-directed approach to workplace violence prevention.

What’s the same between a HUB Team and a Threat Assessment Team?

Both a HUB Team and a Threat Assessment Team require similarly intensive training. Our firm looks to train key stakeholder groups in the following manner:

  • General Workforce – Stresses the importance of “see something, say something” and the collective responsibility of the entire workforce in preventing workplace violence. Explains what to look for and how to report concerning behaviors and situations.
  • Managers and Supervisors – Describes their critical role in identifying and responding appropriately to disturbing, disruptive or threatening behavior and how to recognize the warning signs of potentially violent behavior.
  • Internal Threat Management Team or “HUB”– Presents the latest research and principles in the areas of threat assessment and violence prevention. Explores how to share information among members of the Threat Management Team and other resources within the limits of information sharing and confidentiality. Increases their ability to conduct threat assessment interviews, including exploration of the key questions that need to be answered. This session typically includes Interactive Behavioral Simulations®, which is high-impact workplace violence training that has been used to train thousands of federal agency personnel over many years. These powerful exercises allow participants to explore real-world situations while practicing new communication skills and strategies in a safe environment.