Summarily firing workers who have access to national secrets is creating a nearly unprecedented environment for classified data exposure, writes CIA Distinguished Career Intelligence Medal awardee Christopher Burgess.
We talk a good deal about insider risk, how it evolves from threats within an organization, and how to get ahead of its escalation by being proactive and dealing with situations as they arise, well before they become a threat or reality.
Whatever you may think of the cost-cutting measures introduced by US President Donald Trump, the decision to purge workers in classified areas — the FBI, the CIA, and even the Cybersecurity and Infrastructure Security Agency (CISA) — has led to a massive magnification of insider risk.
President Trump has demonstrated indifference to such risk previously, when in January 2021 he left the White House with reams of classified documents. The danger of such moves needs to be highlighted: The risk posed by insiders within federal government spaces is at a level I’ve seen and experienced only once before — in 1989.
Let me set the table.
When the end of the Cold War was evident, every Soviet Bloc intelligence or military officer could feel the change and knew their positions were in jeopardy. It didn’t matter where they sat, the tension and anxiety were palatable.
Some — not all — reached out to their adversaries in hopes of a lifeline. “I’ll empty the safe,” was not an uncommon refrain. Some found a new home; others were turned away. The bottom line is that in times of personal crisis, the norms by which we measure trust sometimes go out the window.
How a personal crisis for security workers can magnify risk
I am not alone in registering concern — I reached out to Marc van Zadelhoff, CEO of Mimecast, a cybersecurity company that specializes in email security and risk management, and his take was sobering.
“With the new administration’s push to downsize government, the rapid turnover of personnel — through position eliminations and transitions — creates a heightened risk of data exposure,” van Zadelhoff told CSO.
“Departing employees pose significant risk: 80% of departing employees take valuable IP when they leave an organization, according to [Mimecast’s] 2024 Data Exposure Report. Government employees carry the same risks when they depart, but the potential consequences, given their data access and its value to other nations, are on a much grander scale,” he said.
Whether federal departments need to have staff reductions is beside the point here — this is an incredibly dangerous way of going about doing it. The actions of DOGE, under the direction of Elon Musk, who dispatched his acolytes to plumb the depths of US government networks and databases has acted like a high-octane risk ignitor within the federal government’s digital infrastructure.
It was widely reported that within the Treasury Department, an email was generated that described the DOGE members’ efforts and machinations as constituting, “the single greatest insider threat risk the Bureau of the Fiscal Service has ever faced.”
It’s clear that disruption creates risk, and in this case, the problem is a mix of human nature and the nature of complex systems of dealing with sensitive information — any disruption has the potential for disaster and this is a big one.
“In times of transition, distractions or disillusionment may lead to mishandling and leaks of confidential information — or even temptations towards hacktivism or espionage by departing team members,” van Zadelhoff said. “The inherent chaos and duration of these shifts only compounds the challenge, making threat detection and mitigation more difficult.”
The most consequential breach in history?
The author of that email wasn’t alone, in Foreign Policy, Bruce Schneier shares: “The US government has experienced what may be the most consequential security breach in its history.”
Booz Allen Hamilton issued a statement advising they had terminated the subcontractor within the Treasury Department who wrote that email, likely to protect the $10.66 billion in revenue that they totaled for fiscal year 2024, according to their Q4 report. How much of that came from US government engagement? That would be 98%, according to that same report.
The escalation of risk leaves the nation vulnerable
Insider risk management (IRM) teams are a part of every US government department and agency. Those teams (and CISOs too) have their hands full. The entire employee and contractor base is on edge. Those who raised the alarm are being removed from their positions or terminated.
The question that must be asked is: Is the data on which your behavioral analytic tools are built of the same accuracy, trustworthiness, and fidelity as it was before the DOGE members touched your data sets? Can you conduct analysis with the same fidelity that was possible just a month ago today?
Additionally, how many government employees, including at the CIA, who accepted DOGE’s wholesale buyout offers were part of an organization-wide IRM team? And how many are taking their data with them — as van Zadelhoff noted, 80% of departing personnel on average purloin information.
When will we know the actual damage from these risky moves?
Thousands of government employees have had their professional and personal lives thrown into turmoil over the past few weeks. Most will remain loyal, yet the laws of large numbers tell us there will be some who break trust. They may steal sensitive data, destroy critical data, or perform some other deleterious act.
I agree with the Feb. 12 posting on LinkedIn by the National Counterintelligence and Security Center (NCSC) that “every leak makes us weak.” It also notes that it “conducts damage assessments across the government to evaluate actual or potential damage to national security from unauthorized disclosures of classified information. Such disclosures have provided adversaries (with) some of our most advanced intelligence sources and methods”
Whether they were being prophetic remains to be seen; my gut tells me they, and many others, will be conducting a good number of damage assessments in the coming months and years.
