United States
Australia
United Kingdom
Europe
New Zealand
Canada
ALEXANDRIA, Va. — At a gathering of insider threat and security professionals from across the military, government, industry and academia, Defense Counterintelligence and Security Agency Director David Cattler warned that “The global threat environment is converging into kind of a perfect storm.”
Speaking at the National Insider Threat Awareness Month conference on Aug. 18 at the U.S. Patent and Trade Office, Cattler tied the event’s 2025 theme, “Partnering for Progress,” to what he described as an urgent and accelerating risk landscape. “First, our adversaries are on the move,” he said. “Today’s adversaries do not separate economic competition from national security. They see our intellectual property, supply chains and workforce as strategic terrain, as valuable as any battlefield, and that’s why our National Industrial Security Program (NISP) oversight is not a niche issue.”
NISP, created by executive order, governs how cleared contractors protect classified information. “It’s central to defending our national power,” Cattler said, citing China as “our pacing threat” and pointing to an “active, adaptive” environment that also includes Russia, Iran, North Korea and non-state actors.
Cattler referenced recent cyber campaigns he said illustrate the scope of the challenge, including Volt Typhoon, which the Wall Street Journal reported China admitted to U.S. officials it conducted against U.S. infrastructure; a December 2024 breach of a Treasury Department vendor that exposed more than 3,000 unclassified files; and Salt Typhoon, another campaign targeting U.S. telecommunications firms.
Technology’s rapid evolution is outpacing policy, he said. “Artificial Intelligence, autonomous systems, cyber warfare and just the sheer volume of global data flows are transforming our operating environment,” Cattler told attendees. “Adversaries are using phishing, smishing, doxing and other cyber techniques to get inside our systems. One Fortune 100 defense contractor reports dealing with 65,000 phishing attempts every single month.”
Domestic pressures are compounding those risks, he added, noting rising demand for defense capability amid tighter budgets and public distrust. “Economic strain, public distrust and tighter budgets are real, and yet the demand for defense capability is increasing,” he said. “At the same time, our Secretary of Defense has set clear priorities to restore the warrior ethos, to reestablish deterrence, rebuild the force, match the threat, reform acquisition and modernize the defense industrial base, including the rapid fielding of new technologies.”
As the defense industrial base grows—particularly with small, innovative firms—DCSA expects a surge in clearances and vetting. “We expect to issue more facility clearances, engage in more personnel vetting and conduct more training,” Cattler said. “Therefore, we will have even more insider risk to manage.” He described DCSA’s role as America’s “Gatekeeper” for the trusted workforce and workspaces: “We are the gatekeepers, working with you and industry to ensure classified information and technology remains safe from unauthorized foreign access.”
Cattler outlined DCSA’s scale and planned expansions across four core lines of effort: personnel security, industrial security, counterintelligence and insider threat, and security training. The agency conducts about 2.7 million background investigations annually—more than 10,000 new cases each day—oversees more than 10,000 cleared companies and 13,000 facilities, and monitors 5,500 classified information technology systems. DCSA received over 32,000 suspicious contact reports last year, with 3,000 to 4,000 deemed serious, and recorded 5.4 million course completions, 11,000 security certifications, and training for more than 100 new polygraph examiners. The agency also plans to expand its foreign ownership, control or influence reviews to cover all Department of Defense contracts worth more than $5 million per award.
“We are industry’s partner in protecting the nation’s competitive and security edge,” Cattler said. “Our adversaries are adapting faster than policy. Cyber-enabled espionage, AI driven targeting and foreign capital exploitation are expanding that threat landscape. We need modernization and efficiency. We need coherency and alignment between government and industry.” That alignment, he said, means centralizing more security services within DCSA, increasing collaboration with cleared industry, and balancing compliance costs with mission risk.
Cattler also underscored that insider threats are not always foreign-directed, citing the Washington Navy Yard shooting as an example of violence driven by personal grievances and possible mental illness. “His savage workplace attack, combined with the Bradley “Chelsea” Manning and Edward Snowden leaks, led to the establishment of DOD Insider Threat Management and Analysis Center (DITMAC),” he said. DITMAC’s mission is to help the Defense Department identify, assess and mitigate insider risks, oversee unauthorized disclosures, and professionalize insider threat programs.
Recent cases continue to test those systems, he noted, including the 2023 leak of classified defense information on Discord by an Air National Guardsman; allegations in 2025 that a Defense Intelligence Agency analyst sought to sell information in exchange for foreign citizenship; and an Aug. 6 shooting at Fort Stewart in which five soldiers were wounded and a sergeant was accused of opening fire amid workplace anger.
To strengthen prevention and response, DCSA this year began embedding insider threat representatives within commands, hubs and installations nationwide. “These aren’t just liaisons. They are strategic force multipliers that forge unbreakable partnerships between DCSA and component programs,” Cattler said. “They strengthen the partnerships between DITMAC and component insider threat programs, providing a critical link to insider threat resources, information and capabilities. As highlighted by our ‘Partnering for Progress,’ theme – this concept is woven into the very fabric of our agenda. DCSA is uniquely positioned to be your partner, and to connect you with key counterparts.”
