Bill summaries are authored by CRS.

Shown Here:
Passed House without amendment (01/31/2017)

(This measure has not been amended since it was introduced. The summary has been expanded because action occurred on the measure.)

Department of Homeland Security Insider Threat and Mitigation Act of 2017

(Sec. 2) This bill amends the Homeland Security Act of 2002 to direct the Department of Homeland Security (DHS) to establish an Insider Threat Program, which shall: (1) provide training and education for DHS personnel to identify, prevent, mitigate, and respond to insider threat risks to DHS's critical assets; (2) provide investigative support regarding such threats; and (3) conduct risk mitigation activities for such threats.

DHS shall establish a Steering Committee. The Under Secretary for Intelligence and Analysis shall serve as the Chair and the Chief Security Officer as the Vice Chair of the Committee.

The Under Secretary and the Chief Security Officer, in coordination with the Steering Committee, shall:

  • develop a holistic strategy for DHS-wide efforts to identify, prevent, mitigate, and respond to insider threats to DHS's critical assets;
  • develop a plan to implement the strategy across DHS components and offices;
  • document insider threat policies and controls;
  • conduct a baseline risk assessment of such threats;
  • examine existing programmatic and technology best practices adopted by the federal government, industry, and research institutions;
  • develop a timeline for deploying workplace monitoring technologies, employee awareness campaigns, and education and training programs related to potential insider threats;
  • consult with the the Under Secretary for Science and Technology and other stakeholders to ensure that the Insider Threat Program is informed by current information regarding threats, best practices, and available technology; and
  • develop, collect, and report metrics on the effectiveness of DHS's insider threat mitigation efforts.

DHS must submit to specified congressional committees biennial reports over the next six years on:

  • how DHS and its components and offices have implemented such strategy;
  • the status of DHS's risk assessment of critical assets;
  • the types of insider threat training conducted;
  • the number of DHS employees who have received such training; and
  • information on the effectiveness of the Insider Threat Program, based on such metrics.