The most consequential breach in history?: The author of that email wasn’t alone, in Foreign Policy, Bruce Schneier shares: “The US government has experienced what may be the most consequential security breach in its history.”Booz Allen Hamilton issued a statement advising they had terminated the subcontractor within the Treasury Department who wrote that email, likely to protect the $10.66 billion in revenue that they totaled for fiscal year 2024, according to their Q4 report. How much of that came from US government engagement? That would be 98%, according to that same report.
The escalation of risk leaves the nation vulnerable: Insider risk management (IRM) teams are a part of every US government department and agency. Those teams (and CISOs too) have their hands full. The entire employee and contractor base is on edge. Those who raised the alarm are being removed from their positions or terminated.The question that must be asked is: Is the data on which your behavioral analytic tools are built of the same accuracy, trustworthiness, and fidelity as it was before the DOGE members touched your data sets? Can you conduct analysis with the same fidelity that was possible just a month ago today?Additionally, how many government employees, including at the CIA, who accepted DOGE’s wholesale buyout offers were part of an organization-wide IRM team? And how many are taking their data with them, as van Zadelhoff noted, 80% of departing personnel on average purloin information.
When will we know the actual damage from these risky moves?: Thousands of government employees have had their professional and personal lives thrown into turmoil over the past few weeks. Most will remain loyal, yet the laws of large numbers tell us there will be some who break trust. They may steal sensitive data, destroy critical data, or perform some other deleterious act.I agree with the Feb. 12 posting on LinkedIn by the National Counterintelligence and Security Center (NCSC) that “every leak makes us weak.” It also notes that it “conducts damage assessments across the government to evaluate actual or potential damage to national security from unauthorized disclosures of classified information. Such disclosures have provided adversaries (with) some of our most advanced intelligence sources and methods”Whether they were being prophetic remains to be seen; my gut tells me they, and many others, will be conducting a good number of damage assessments in the coming months and years.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3831772/the-purging-of-us-workers-who-deal-with-secrets-has-created-a-spike-in-insider-risk.html
