IT Superiority: Modernizing Federal Systems to Mitigate Insider Threats

The recent 2024 DoDIIS Worldwide conference, hosted by the DIA CIO, emphasized that through IT superiority, integrated risk deterrence is possible within the government rubric.

As threats evolve, modernizing technologies, addressing technical debt, consolidating systems, and embracing AI are key to proactive risk detection and response. 

Despite strides in technology refreshes, legacy systems remain a vulnerability, slowing decision-making and heightening risk. To stay ahead of adversaries, federal agencies must focus on consolidation and embracing AI to drive efficiency and resilience in insider risk management. 

Technical Debt Introduces Insider Risk

In critical infrastructure, some energy systems were found to use components with outdated firmware that hadn’t been updated in 20 years. This was only discovered through recent supply chain security analysis.

“Mean time between failures” (MTBF) is a term used to describe the expected lifespan of components or systems. By planning upgrades before reaching MTBF, organizations can reduce the risk of failure, as unexpected issues should be rare. However, without a proactive approach to maintenance and updates, insider threats—whether intentional or unintentional—can exploit vulnerabilities in outdated technology.

An efficient technical refresh program tracks new items throughout their lifespan, ensuring secure disposal through IT asset disposition (ITAD). This reduces the buildup of technical debt and limits the opportunities for insiders to bypass security measures. When technology lags, employees may resort to Shadow IT, introducing significant insider risk to the enterprise.

Modern Threats Require Technology Consolidation

Let there be no doubt: Adversaries, whether criminal or nation-state actors, are equipped with the latest tools to successfully compromise and exploit their targets. It is therefore essential for organizations to implement solutions that keep pace with these threats. While the mechanisms and functionalities may be complex, deployment does not have to be. Platform consolidation should be the focus. The challenge with complex, multi-vendor, siloed solutions in a NOC or analysis pod is that they hinder efficient cybersecurity and decision-making. Only through a consolidated approach can entities proactively detect and mitigate insider risks without being bogged down by unnecessary complexity and false positives. 

Getting Proactive

Just as proactive planning is needed for equipment failure, the same approach is required for monitoring user behavior to establish a “Pattern of Life” for individuals and organizations.

While data is always available, the challenge is extracting meaningful insights. By understanding the established norms of behavior, it becomes possible to detect changes or risk indicators in real time, allowing potential risky behavior to be identified before it occurs.

Insider Risk Management in Action

Jack Teixeira was sentenced to 15 years for sharing classified information on Discord, making it accessible to those without appropriate authorization or need to know. The investigation showed that the indicators to act proactively were available, but those in authority failed to monitor, resulting in Teixeira’s actions going undetected. 

Similarly, Reality Winner, as a new contractor with access to sensitive information, violated security within weeks of being hired and then printed and shared classified materials with the media within 90 days. The opportunity for proactive action was missed again. Enhanced monitoring for cause was present, yet not implemented. 

In contrast, in 2020, a criminal attempt to recruit an insider at Tesla was thwarted when an employee reported the approach, leading to the arrest and conviction of the Russian criminal. This was a success for Tesla’s insider risk management program, where the employee acted as hoped by rejecting the offer and protecting the company.

The reality is that instances where proactive engagement prevents a risk from becoming a threat are rarely celebrated publicly. However, these wins should be championed internally, as they validate the effectiveness of an efficient, proactive insider risk management program focused on both identified and evolving risks, ultimately preventing bona fide threats from arising.

Artificial Intelligence Will and is Increasing Efficiency

Governments worldwide are continuously exploring how AI can be effectively used to manage vast amounts of disparate data. The saying “data is king” has held true for the past decade and will continue to do so. Both government and enterprises must evolve AI to deliver solutions at the speed of decision-making, particularly in the national security sector, where this capability is critical.

There are limits to the number of tasks an individual can handle at once. Adding more staff is neither cost-effective nor necessary when AI can enhance threat detection by speeding up and improving the accuracy of identifying high-risk activity.

Advanced AI solutions, like those provided by DTEX, allow analysts to quickly prioritize and investigate potential threats, drastically reducing detection and response times.

These efficiencies not only enhance security but also serve as a deterrent, particularly when AI platforms with natural language engagement simplify complex systems. Given the well-resourced nature of adversaries, government entities can partner with industry to achieve IT superiority and gain a decisive edge.

Looking Ahead

The 2024 DoDIIS Worldwide conference emphasized the importance of IT superiority in managing insider risks amidst evolving threats. By modernizing technologies, addressing technical debt, consolidating systems, and embracing AI, federal entities can enhance proactive threat detection and response, ensuring long-term security and resilience.

Request a demo to learn how DTEX enables proactive insider risk management through a consolidated approach backed by AI.