Australia Enforces Insider Risk Management Programs to Combat Foreign Interference

In a decisive move to counter mounting foreign interference and insider threats, Australia has updated its Protective Security Policy Framework (PSPF) to mandate insider risk management (IRM) programs across government entities. This landmark requirement emerges amid growing concerns over nation state-backed threats and reflects a global movement toward legislation that emphasizes internal resilience. 

As the U.S. and other Five Eyes’ allies confront similar risks, Australia’s stance underscores the increasing urgency for comprehensive IRMs to protect national assets and other sensitive data and systems. This article delves into the PSPF’s implications and how organizations can proactively defend against internal threats.

New Mandates for Insider Risk Management Programs Signal a New Era in Security

The Protective Security Policy Framework (PSPF) is a comprehensive set of mandatory guidelines designed to enhance the security of Australian government entities by protecting people, information, and assets. The 2024 update to the PSPF introduces a crucial requirement for government agencies to develop and implement IRM programs, emphasizing the importance of identifying and mitigating internal threats. This shift highlights a growing recognition of the need for robust counter-insider threat strategies that can effectively monitor and respond to suspicious behavior.

The new requirements parallel those in Australia’s Security Of Critical Infrastructure (SOCI) Act as well as other mandates across the Five Eyes, notably the U.S. Executive Order 13587, which mandates insider threat programs across federal agencies. These frameworks collectively underscore a global trend toward mandating IRMs as a necessary measure for protective security and resilience against foreign influence.

Insider Threats Surge Amid Rising Geopolitical Tensions

This shift towards mandated IRM progams reflects the escalating nature of insider threats in a world where cyber warfare, espionage, and foreign interference are increasingly pervasive. 

DTEX’s Insider Threat Advisory exposes growing risks from North Korean state-backed actors who use insider tactics to infiltrate organizations, particularly those in sectors holding valuable intellectual property. North Korean operatives have been known to pose as IT workers to gain access to foreign systems and siphon data back to Pyongyang. This type of insider threat is especially concerning for government agencies and critical sectors as it reveals the ability of foreign adversaries to exploit employee vulnerabilities or obscure insider access, often with a high degree of sophistication. Volt Typhoon continues to be a major concern for both government and critical infrastructure. After the initial foothold into an organization’s environment, they will often blend in as much as possible and only use applications and tools that already exist, known as living-off-the-land.  

Australian Security Intelligence Organisation (ASIO) Director-General Mike Burgess and FBI Director Christopher Wray have both highlighted the increased risk posed by foreign interference, with Burgess warning of AI-fueled radicalization and social engineering tactics, and Wray calling China’s threat to critical infrastructure “unrelenting.” Together, these assessments paint a clear picture: foreign actors are leveraging insiders to bypass perimeter security and gain access to sensitive data—a tactic made more accessible with advancements in technology.

Insider Risks and National Security: AUKUS and Beyond

The insider threat risk goes beyond immediate organizational security to potentially impact major international alliances, such as AUKUS (Australia-United Kingdom-United States) and the Quad (Quadrilateral Security Dialogue). As these partnerships work to fortify the Indo-Pacific region against nefarious influence, the need to protect sensitive information shared among allies is paramount. 

A breach originating from an insider could destabilize trust within these partnerships, compromise joint military operations, and lead to a breakdown in intelligence sharing.

The implications of such breaches are particularly alarming when considering sensitive information related to advanced military capabilities under AUKUS Pillar Two. If a foreign adversary were to compromise this critical data, it could lead to severe national security risks, including the potential for unauthorized access to advanced military technologies or operational plans. This could enable adversaries to develop countermeasures, disrupt military readiness, or even engage in espionage that jeopardizes not only Australian security but also that of its allies. 

Moreover, the exposure of nuclear capabilities or submarine technologies could escalate geopolitical tensions and undermine strategic deterrence in the region.

Preparing for Insider Risk Program Compliance

Complying with the PSPF update requires a proactive, structured approach to insider threat mitigation. The U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Insider Threat Mitigation Guide outlines actionable steps for organizations looking to protect their data and assets:

• Establish an Insider Threat Program: Form a cross-functional team comprising security, IT, legal, HR, and leadership to oversee the program’s creation, implementation, and management.
• Conduct a Comprehensive Risk Assessment: Evaluate unique risk factors, such as access levels, clearance, and the types of sensitive data managed, to identify potential insider vulnerabilities.
• Define Policies and Controls: Implement strict access controls and data handling protocols, outlining acceptable and unacceptable behavior.
• User Activity Monitoring and Detection: Leverage monitoring solutions to track user behavior and detect anomalies signaling potential insider threats.
• Educate and Train Staff: Foster a culture of security by educating employees on the risks associated with insider threats and promoting vigilance.
• Develop a Robust Incident Response Plan: Prepare for potential incidents with a clearly defined response plan, enabling swift action in case of a breach and minimizing operational disruption.

How DTEX Supports Compliance and Proactive Insider Risk Management

Implementing effective IRM programs requires advanced technology solutions to detect, monitor, assess, and mitigate insider risks. DTEX’s InTERCEPT™ platform is designed to enable organizations to gain a holistic understanding of insider risk by correlating and aggregating important cyber, physical, psycho-social, and organizational data sources. 

In addition, DTEX provides user activity monitoring, escalation, and triage, enabling organizations to promptly investigate and respond to high-priority incidents. With analytical risk prioritization and advanced investigative tools, DTEX empowers organizations to proactively manage insider threats, protecting both national security interests and organizational stability.

Looking Ahead

The updated PSPF mandate emphasizes the urgency of IRM programs as foreign interference poses an ever-growing threat to national security. 

As organizations work to comply with these mandates, proactive insider risk management becomes essential—not only for regulatory compliance but also for maintaining national security across the Five Eyes. By implementing comprehensive IRM programs with support from trusted partners like DTEX, MITRE Corporation and FIRPA, both government and critical infrastructure entities can better protect their assets and ensure resilience in an increasingly complex threat landscape.

For support in developing a compliant insider risk management program, request a confidential briefing with one of DTEX’s insider risk experts.