The Initial Success of Our International Initiative: A Quick Reflection

In September 2023, as part of national insider threat awareness month initiatives, the Australian Insider Risk Centre of Excellence (AIR COE) and the Canadian Insider Risk Management Centre of Excellence (C-InRM CoE) took our first steps towards supporting the resilience of the Five Eyes (FVEY) international alliance, by leading two events in Washington D.C. and Toronto, Ontario, under the Five Eyes Insider Risk Practitioner Alliance (FIRPA) initiative.

FIRPA is especially relevant in light of recent warnings from FVEY nation-states that hostile foreign powers continue to represent threats to Western democracies. Insider threats are underscored with "employees placed inside Western companies to acquire crucial information on artificial intelligence, quantum computing, biometrics, robotics and other leading technologies".

Insights

Over the course of one week in September, in our engagements among a broader community of U.S. defense and Fortune 500 representing U.S. critical infrastructure, over 50 Canadian organizations representing all sectors of Canadian critical infrastructure, and other representatives from Australia, the U.K., and NZ, some insights that we gathered included:

• Industry collaboration on insider risk management (InRM) is not as robust as it could be. There are gaps in our collective knowledge on effective mitigations for detection and response, lack of integration of the social and behavioural science disciplines with corporate risk management, and guidance on effective reporting of present-day risks to senior corporate leadership--more has to be done.
• A centralized COE concept, established as an independent not-for-profit, where private, public, and academic organizations routinely interact on InRM, develop information sharing forums, undertake research studies, and promote common standards, best practices, training, workshops, and conferences within the industry, is needed.
• The COEs can serve as an advocate for the industry and represent InRM standards developed by the practitioner community-at-large, to government and regulatory agencies when new national security legislation and critical infrastructure protection initiatives are under consideration.

Support is Required

We know through our recent engagements with the wider InRM industry in the FVEY that additional support is required, especially to mitigate foreign nation-state interference via insider threat compromise.

A rapid scan of the media today will showcase the ongoing detrimental impact that insider threats have on our national government, critical infrastructure, and importantly, the erosion of trust among allies within the FVEY alliance. The AUKUS agreement heightening the risk of public servants, defence, and the judiciary being targeted in Australia, sensitive information leaks in Canada compromising FVEY allies' investigations, and ongoing incidents of mass disclosure of classified information posing ongoing challenges in the U.S. intelligence community, are but a few examples. Insider threat compromise is not a new phenomenon, but it is now the time for our broader Western alliance to stand-up and support non-traditional, collaborative and innovative risk management approaches to meet the challenges of the threat in the 21st century.

A non-traditional approach that is driving cross-industry support and innovation in this context means that all affected parties in the private, public, and academic domains have a role and a responsibility to be an active contributor and collaborator. This means that all impacted organizations need to actively participate in broader InRM initiatives, including advocating for more specific national legislation and regulation requiring dedicated insider risk management programs, providing funding for research and development to better understand behavioural indicators for proactive risk management, and establishing secure platforms to share information. We are seeing initial positive signs from the FVEY defence, intelligence, security, and critical infrastructure protection communities on the FIRPA and COE frameworks and mandates that are beginning to take shape, and it is also clear from recent feedback that more collaborative insider threat mitigation solutions are required now by the practitioner community at large.

Looking Ahead

The near-term is filled with promise, but we must continue to push forward on collaborative InRM initiatives to realize long term gains towards national security and critical infrastructure resiliency. We are harnessing the momentum generated in our discussions with the FVEY insider risk community of practice and channeling this into our activities for the upcoming year:

• Working with private, public, and academic parties in the U.S., U.K., and NZ, and providing technical guidance and advice on the establishment of counterpart COE organizations.
• Establishing FIRPA taskforces, and working with organizations in the FVEY towards tangible outputs focused on building common insider risk program standards and taxonomy, and promoting training and certification initiatives.
• Determining how to establish secure and centralized repositories of information sharing for insider threat modelling and risk mitigation.

This is just the beginning. We are planning to come together nationally and internationally at this time next year to share information on our progress to date, re-baseline, and discuss emergent risks and priorities. With our national government and industry partners to date, and to those organizations that would like to join us in the future, we're excited to be a part of the mission to secure and strengthen the FVEY alliance, and contribute national, centralized insider risk management capabilities--by the community, for the community.

Victor M. is the Executive Director of the Canadian Insider Risk Management CoE | CdE canadien pour la gestion des risques internes , and a Senior Manager, Federal Public Service Security Lead with 埃森哲 Canada

For additional insights from the Defence and Critical Infrastructure Insider Risk Workshops (Washington D.C.) , and the Insider Risk Management Security Partnerships Summit 2023 (Toronto, Ontario), please visit CanadianInsiderRiskManagementCOE.com/library.