Two companies announced Thursday a $6.5 million contract award to help the United States Army Cyber Command shore up counterintelligence efforts.
Applied Insight and DV United will work in tandem to support Army Cyber Command (ARCYBER) with its User Activity Monitoring Program (UAM). The two companies have experience handling cyber weapons systems, insider threat analysis and computer network defense for the Pentagon and the wider intelligence community.
Greg Walker, president of Applied Insight, told CyberScoop that prior partnerships with the Army, Air Force and FBI were key to fostering trust and securing the ARCYBER contract.
Thomas Dalton, chief operating officer of DV United, voiced similar sentiments.
“Our deep experience providing cyber and information security mission solutions to the government has assisted in securing federal networks, combating cybercrime and protecting critical infrastructure,” Dalton said in a press release.
Over five years, the two companies will monitor user activity, identify potential insider threats and work to prevent data loss. They will process security information in real-time, provide cyber intelligence to ARCYBER and draw insights from the raw data.
At the end of the day, Walker said, the goal is to sift false positives from genuine incidents and offer ARCYBER evidence that “is truly actionable.”
User information across the entire army network offers a massive data set, to which the companies can apply analysis, visualization and machine learning tools.
“What we’re being charged with is to develop and implement a solution that monitors the various enclaves across the army IT enterprise,” Walker told CyberScoop. “We’ll monitor all the user activity and will be doing big data analytics and visualization, all tied to cyber intel and human characteristics.”
Insider threats can stem from both “bad guys” and “someone who is sleeping behind the wheel,” Walker said, referring to individuals with access to sensitive information that could either intentionally or accidentally compromise it. Government agencies, corporations and organizations are highly vulnerable to insider threats, which result in data breaches, espionage, sabotage and the theft of national security secrets or intellectual property.
The damage and windfall from these threats has mushroomed in recent years, as insiders have maliciously purloined troves of sensitive secrets, cashed out on intellectual property or found themselves targeted by state-backed actors and cyber criminals looking to gain unauthorized network access.
A 2018 report found that insider security incidents cost organizations an average of $8.7 million, with one episode costing $26.5 million. Of the 159 organizations surveyed, 64 percent of the attacks stemmed from the negligent behavior of an employee or contractor, while 23 percent were attributed to a criminal insider.
At the Cybersecurity Leadership Forum earlier this month, William Evanina, director of the National Counterintelligence and Security Center, drilled down on the risks of insider threats to the U.S. government.
“The amount of resources and attention that nation-state adversaries and cyber criminals are putting towards insider threat programs shows that we’re at a big disadvantage,” Evanina said.