skip to main content

H.R. 666 (115th): Department of Homeland Security Insider Threat and Mitigation Act of 2017

H.R. 666 requires the Secretary of the Department of Homeland Security (DHS) to establish an insider threat program within the Department, mandates employee education and training programs, and establishes an internal DHS Steering Committee to manage and coordinate the Department’s activities related to insider threats.

The bill requires that the Insider Threat Program provide training and education for Department personnel to identify, prevent, mitigate, and respond to insider threat risks to the Department’s critical assets; provide investigative support regarding potential insider threats that may pose a risk to the Department’s critical assets; and conduct risk mitigation activities for insider threats.

The bill requires the Steering Committee, chaired by the Under Secretary for Intelligence and Analysis, to meet regularly and discuss cases and issues related to insider threats to the Department’s critical assets. The bill also requires the Under Secretary, not later than one year after enactment, to develop a strategy to identify, prevent, mitigate, and respond to insider threats to the Department’s critical assets and develop a plan to implement insider threat measures.

The bill further requires, not later than two years after enactment and biennially thereafter for the next four years, a report to Congress on how the Department and its components and offices have implemented the required strategy, the status of the Department’s risk assessment of critical assets, the types of insider threat training conducted, the number of Department employees who have received such training, and information on the effectiveness of the Insider Threat Program, based on metrics required by the bill.

Last updated Mar 18, 2017. Source: Republican Policy Committee

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress, and was published on Jan 31, 2017.


(This measure has not been amended since it was introduced. The summary has been expanded because action occurred on the measure.)

Department of Homeland Security Insider Threat and Mitigation Act of 2017

(Sec. 2) This bill amends the Homeland Security Act of 2002 to direct the Department of Homeland Security (DHS) to establish an Insider Threat Program, which shall: (1) provide training and education for DHS personnel to identify, prevent, mitigate, and respond to insider threat risks to DHS's critical assets; (2) provide investigative support regarding such threats; and (3) conduct risk mitigation activities for such threats.

DHS shall establish a Steering Committee. The Under Secretary for Intelligence and Analysis shall serve as the Chair and the Chief Security Officer as the Vice Chair of the Committee.

The Under Secretary and the Chief Security Officer, in coordination with the Steering Committee, shall:

develop a holistic strategy for DHS-wide efforts to identify, prevent, mitigate, and respond to insider threats to DHS's critical assets; develop a plan to implement the strategy across DHS components and offices; document insider threat policies and controls; conduct a baseline risk assessment of such threats; examine existing programmatic and technology best practices adopted by the federal government, industry, and research institutions; develop a timeline for deploying workplace monitoring technologies, employee awareness campaigns, and education and training programs related to potential insider threats; consult with the the Under Secretary for Science and Technology and other stakeholders to ensure that the Insider Threat Program is informed by current information regarding threats, best practices, and available technology; and develop, collect, and report metrics on the effectiveness of DHS's insider threat mitigation efforts. DHS must submit to specified congressional committees biennial reports over the next six years on:

how DHS and its components and offices have implemented such strategy; the status of DHS's risk assessment of critical assets; the types of insider threat training conducted; the number of DHS employees who have received such training; and information on the effectiveness of the Insider Threat Program, based on such metrics.