BACKGROUND

In 2013, a Navy contractor killed 12 people and wounded four others at the Washington Navy Yard, revealing major gaps in how the Department of Defense (DoD) handled insider threats. The system in place back then was overly complicated. It required special credentials to report concerns, which made it harder for people to flag serious risks like espionage, cybercrimes, workplace violence, or mental health issues before they got out of control.

On top of that, the process was outdated. It relied on paper forms and disconnected systems, making it slow to track, analyze, and respond to threats.

To fix this, DoD launched the Defense Insider Threat Management and Analysis Center (DITMAC) in 2014. The goal was simple: Catch and respond to threats early, before they turned into major incidents.

But even the new system had problems. Access was still limited, and the reporting process was so fragmented that it was tough to connect different types of threats across the agency.

In September 2022, a DoD inspector general audit revealed just how much was falling through the cracks. Incidents were reported late—or not at all. Some even took more than two years to process. Without clear timelines or consistent oversight, reporting was all over the place, leaving DoD vulnerable to espionage, data breaches, and more.

The audit recommended tightening up the timelines, improving oversight, and making sure all unreported incidents were properly handled by DITMAC.

CHALLENGE

Before REI Systems was brought in to revamp the system, DITMAC’s insider threat reporting had several major issues.

First, access was too restricted—only users with special credentials could submit reports, which created a bottleneck. This made it harder for people to report threats like espionage, sabotage, cybercrimes, and workplace violence, limiting the data DITMAC could gather.

The process was also slow and outdated, relying on manual methods like paper forms and disconnected systems. Without a centralized platform, it took too long to track and manage reports, causing delays in analyzing and responding to potential threats.

On top of that, communication between departments was inefficient. Triage managers had to go back and forth between teams, with no clear way to track conversations. This made it hard to escalate reports to the right people quickly, creating gaps in addressing insider threats.

SOLUTION

REI approached the challenge with a comprehensive solution: building the DoD Insider Threat Reporting Portal using Salesforce Service Cloud. This new platform centralized insider threat reporting, making it accessible for both DoD personnel and the public. By maximizing the use of out-of-the-box features like Web to Case, Case Assignment Rules, Case Notification Rules, and pre-built reports and dashboards, we were able to quickly and efficiently develop a solution that streamlines the reporting process, improves case management, and enhances threat response time.

One of the most significant improvements was the introduction of anonymous reporting. Now, anyone can submit a report through a secure webpage—no special credentials needed. This has made it easier to report threats, and each submission is automatically converted into trackable cases, allowing triage managers to review, manage, and escalate them more efficiently. This feature expands the number of reports across all 43 DoD components, ensuring better coverage of insider threats.

DITMAC’s multidisciplinary approach was supported by the platform’s improved information sharing and collaboration features. Automatic routing ensured threats are sent to the right team without delays, streamlining the process and speeding up response times. Further, all internal comments and communication on a given case/threat are logged within the system.

A key highlight of the new system is the real-time dashboard, which gives triage managers a clear view of all ongoing cases. This visibility enables quicker decisions and more efficient responses to insider threats, reducing the risk of unresolved issues.

IMPACT

The new DITMAC platform transformed insider threat reporting across DoD, creating a more accessible, efficient, and responsive system:

• Broader Access: The new system allows for anonymous submissions, removing barriers and making it easier for both military and civilian personnel to report threats.
• Faster Threat Management: With automated workflows, DITMAC can now assess and escalate insider threats much faster, significantly reducing delays.
• Improved Visibility: Real-time dashboards give managers better insights into emerging trends, allowing them to act proactively and reduce risk.
• Scalable and Secure: The software-as-a-service-based (SaaS) platform ensures the system can scale with growing demands while maintaining the strict security standards required by DoD.

With these features, the system is now able to catch and respond to threats early, before they turn into major incidents.

LESSONS LEARNED

This project offered valuable insights into managing complex security needs. Navigating the strict compliance standards, including IL4 accreditation, was one of the biggest challenges REI faced. Ensuring secure communication between Salesforce and DoD components required innovative workarounds, especially within the .mil domain.

Additionally, managing multiple stakeholders with varying expertise was a constant balancing act. Delays arose when new documentation requirements surfaced late in the project. Early identification of full documentation needs would have helped avoid such setbacks, reinforcing the importance of proactive planning in future projects.

To comply with security restrictions, REI had to develop certain features from scratch, which required additional time but highlighted the need for flexibility in secure environments.

Overall, the project underscored the importance of early planning, especially for compliance-related documentation, and the necessity of creative problem-solving when working within the highly regulated framework of DoD.