{"id":2076,"date":"2025-02-25T06:00:00","date_gmt":"2025-02-25T06:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2076"},"modified":"2025-02-25T06:00:00","modified_gmt":"2025-02-25T06:00:00","slug":"doges-us-worker-purge-has-created-a-spike-in-insider-risk","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2076","title":{"rendered":"DOGE\u2019s US worker purge has created a spike in insider risk"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>We talk a good deal about insider risk, how it evolves from threats within an organization, and how to get ahead of its escalation by being proactive and dealing with situations as they arise, well before they become a threat or reality.<\/p>\n<p>Whatever you may think of the cost-cutting measures introduced by US President Donald Trump, the decision to purge workers in classified areas \u2014 the FBI, the CIA, and even the <a href=\"https:\/\/www.csoonline.com\/article\/3829710\/firing-of-130-cisa-staff-worries-cybersecurity-industry.html\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> \u2014 has led to a massive magnification of insider risk.<\/p>\n<p>President Trump has demonstrated indifference to such risk previously, when in January 2021 <a href=\"https:\/\/www.csoonline.com\/article\/572085\/when-the-insider-threat-is-the-commander-in-chief.html\">he left the White House with reams of classified documents.<\/a> The danger of such moves needs to be highlighted: The risk posed by insiders within federal government spaces is at a level I\u2019ve seen and experienced only once before \u2014 in 1989.<\/p>\n<p>Let me set the table.<\/p>\n<p>When the end of the Cold War was evident, every Soviet Bloc intelligence or military officer could feel the change and knew their positions were in jeopardy. It didn\u2019t matter where they sat, the tension and anxiety were palatable.<\/p>\n<p>Some \u2014 not all \u2014 reached out to their adversaries in hopes of a lifeline. \u201cI\u2019ll empty the safe,\u201d was not an uncommon refrain. Some found a new home; others were turned away. The bottom line is that in times of personal crisis, the norms by which we measure trust sometimes go out the window.<\/p>\n<h2 class=\"wp-block-heading\">How a personal crisis for security workers can magnify risk<\/h2>\n<p>I am not alone in registering concern \u2014 I reached out to Mark van Zadelhoff, CEO of Mimecast, a cybersecurity company that specializes in email security and risk management, and his take was sobering.<\/p>\n<p>\u201cWith the new administration\u2019s push to downsize government, the rapid turnover of personnel \u2014 through position eliminations and transitions \u2014 creates a heightened risk of data exposure,\u201d Zadelhoff told CSO.<\/p>\n<p>\u201cDeparting employees pose significant risk: 80% of departing employees take valuable IP when they leave an organization, according to [Mimecast\u2019s] 2024 Data Exposure Report. Government employees carry the same risks when they depart, but the potential consequences, given their data access and its value to other nations, are on a much grander scale,\u201d he said.<\/p>\n<p>Whether federal departments need to have staff reductions is beside the point here \u2014 this is an incredibly dangerous way of going about doing it. The actions of DOGE, under the direction of Elon Musk, who dispatched his acolytes to <a href=\"https:\/\/www.csoonline.com\/article\/3815925\/musks-doge-effort-could-spread-malware-expose-us-systems-to-threat-actors.html\">plumb the depths of US government networks and databases<\/a> has acted like a high-octane risk ignitor within the federal government\u2019s digital infrastructure.<\/p>\n<p>It was widely reported that within the Treasury Department, an email was generated that described the DOGE members\u2019 efforts and machinations as constituting, \u201c<a href=\"https:\/\/www.wired.com\/story\/treasury-bfs-doge-insider-threat\/\">the single greatest insider threat risk the Bureau of the Fiscal Service has ever faced.<\/a>\u201d<\/p>\n<p>It\u2019s clear that disruption creates risk, and in this case, the problem is a mix of human nature and the nature of complex systems of dealing with sensitive information \u2014 any disruption has the potential for disaster and this is a big one.<\/p>\n<p>\u201cIn times of transition, distractions or disillusionment may lead to mishandling and leaks of confidential information \u2014 or even temptations towards hacktivism or espionage by departing team members,\u201d Zadelhoff said. \u201cThe inherent chaos and duration of these shifts only compounds the challenge, making threat detection and mitigation more difficult.\u201d<\/p>\n<h2 class=\"wp-block-heading\">The most consequential breach in history?<\/h2>\n<p>The author of that email wasn\u2019t alone, in <a href=\"https:\/\/www.csoonline.com\/article\/3815925\/musks-doge-effort-could-spread-malware-expose-us-systems-to-threat-actors.html\">Foreign Policy, Bruce Schneier shares:<\/a> \u201cThe US government has experienced what may be the most consequential security breach in its history.\u201d<\/p>\n<p>Booz Allen Hamilton issued a statement advising they had terminated the subcontractor within the Treasury Department who wrote that email, likely to protect the <a href=\"https:\/\/www.tenderalpha.com\/blog\/post\/fundamental-analysis\/booz-allen-hamilton-98-u-s-government-exposure-drives-stellar-performance-in-fiscal-2024?form=MG0AV3\">$10.66 billion in revenue that they totaled for fiscal year 2024, according to their Q4 report<\/a>. How much of that came from US government engagement? That would be 98%, according to that same report.<\/p>\n<h2 class=\"wp-block-heading\">The escalation of risk leaves the nation vulnerable<\/h2>\n<p>Insider risk management (IRM) teams are a part of every US government department and agency. Those teams (and CISOs too) have their hands full. The entire employee and contractor base is on edge. Those who raised the alarm are being removed from their positions or terminated.<\/p>\n<p>The question that must be asked is: Is the data on which your behavioral analytic tools are built of the same accuracy, trustworthiness, and fidelity as it was before the DOGE members touched your data sets? Can you conduct analysis with the same fidelity that was possible just a month ago today?<\/p>\n<p>Additionally, how many government employees, including<a href=\"https:\/\/news.clearancejobs.com\/2025\/02\/06\/cia-offers-workforce-buyout-and-employee-identification-to-white-house\/\"> at the CIA<\/a>, who accepted DOGE\u2019s wholesale buyout offers were part of an organization-wide IRM team? And how many are taking their data with them \u2014 as van Zadelhoff noted, 80% of departing personnel on average purloin information.<\/p>\n<h2 class=\"wp-block-heading\">When will we know the actual damage from these risky moves?<\/h2>\n<p>Thousands of government employees have had their professional and personal lives thrown into turmoil over the past few weeks. Most will remain loyal, yet the laws of large numbers tell us there will be some who break trust. They may steal sensitive data, destroy critical data, or perform some other deleterious act.<\/p>\n<p>I agree with the <a href=\"https:\/\/www.linkedin.com\/posts\/national-counterintelligence-and-security-center_dyk-activity-7295097422882439168-vJQ\">Feb. 12 posting on LinkedIn<\/a> by the National Counterintelligence and Security Center (NCSC) that \u201cevery leak makes us weak.\u201d It also notes that it \u201cconducts damage assessments across the government to evaluate actual or potential damage to national security from unauthorized disclosures of classified information. Such disclosures have provided adversaries (with) some of our most advanced intelligence sources and methods\u201d<\/p>\n<p>Whether they were being prophetic remains to be seen; my gut tells me they, and many others, will be conducting a good number of damage assessments in the coming months and years.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>We talk a good deal about insider risk, how it evolves from threats within an organization, and how to get ahead of its escalation by being proactive and dealing with situations as they arise, well before they become a threat or reality. Whatever you may think of the cost-cutting measures introduced by US President Donald [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":2077,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2076","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2076"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2076"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2076\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2077"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}