DCSA backlog down 24%: No rise in inventory or timeliness

Mr Burgess points out that security clearance vetting is not foolproof — it depends on what applicants say during the vetting process. "If you meet the requirements to get a security clearance, you will get one. But that doesn't mean to say the security journey stops at this point," he says. "In this case, because of defence and security awareness, ASIO and the task force and the AFP were able to intervene and control this [Russian] operation." Comment: This is a case of Weak Security Clearance Management. From a cybersecurity perspective, the incident highlights a critical weakness in our security clearance management process. When the individual went on leave, their DREAMS token or access should have been automatically suspended by the IT team. This failure to do so is a clear indication of a systemic issue. From a Security Officer's perspective, the person responsible for ensuring compliance with security protocols failed to provide adequate training, awareness and connection to the individual, resulting in the lack of notification about the change in circumstances. The change in circumstances, in this case, being travel outside of Australia, is a critical factor that should have triggered a notification to the Security Officer. A phone app that detects when an individual leaves the country without notifying their Security Officer would be a valuable tool in preventing such incidents. This incident will undoubtedly lead to valuable lessons being learned and implemented to strengthen our security clearance management processes. Our Cleard Plus, Security-Officer-As-A-Service ensures this would not happen on a DISP Member's watch. (https://lnkd.in/gfvb6iSS - https://lnkd.in/g3bbV9U9 ) https://lnkd.in/gpkstdWt

Mr Burgess points out that security clearance vetting is not foolproof — it depends on what applicants say during the vetting process. "If you meet the requirements to get a security clearance, you will get one. But that doesn't mean to say the security journey stops at this point," he says. "In this case, because of defence and security awareness, ASIO and the task force and the AFP were able to intervene and control this [Russian] operation." Comment: This is a case of Weak Security Clearance Management. From a cybersecurity perspective, the incident highlights a critical weakness in our security clearance management process. When the individual went on leave, their DREAMS token or access should have been automatically suspended by the IT team. This failure to do so is a clear indication of a systemic issue. From a Security Officer's perspective, the person responsible for ensuring compliance with security protocols failed to provide adequate training, awareness and connection to the individual, resulting in the lack of notification about the change in circumstances. The change in circumstances, in this case, being travel outside of Australia, is a critical factor that should have triggered a notification to the Security Officer. A phone app that detects when an individual leaves the country without notifying their Security Officer would be a valuable tool in preventing such incidents. This incident will undoubtedly lead to valuable lessons being learned and implemented to strengthen our security clearance management processes. Our Cleard Plus, Security-Officer-As-A-Service ensures this would not happen on a DISP Member's watch. (https://lnkd.in/g68riaQk - https://lnkd.in/gtRmVScB ) https://lnkd.in/gTrB96hB

"About 10,000 cleared companies are in the National Industrial Security Program, and only 20 percent of them ever submit a suspicious contact report, Redding said. “So, what we know is limited.”" In Australia - DISP Members - How many SOUP or Contact Reports via AGSVA or ASIO have you submitted? Read more: https://zurl.co/vHsrw

"About 10,000 cleared companies are in the National Industrial Security Program, and only 20 percent of them ever submit a suspicious contact report, Redding said. “So, what we know is limited.”" In Australia - DISP Members - How many SOUP or Contact Reports via AGSVA or ASIO have you submitted? Read more: https://zurl.co/vHsrw

Saying online you have a 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗰𝗹𝗲𝗮𝗿𝗮𝗻𝗰𝗲 is a no-no, as per the Dept of Home Affairs latest PSPF Direction 003-2025, titled "𝘖𝘯𝘭𝘪𝘯𝘦 𝘋𝘪𝘴𝘤𝘭𝘰𝘴𝘶𝘳𝘦 𝘰𝘧 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘊𝘭𝘦𝘢𝘳𝘢𝘯𝘤𝘦 𝘢𝘯𝘥 𝘕𝘢𝘵𝘪𝘰𝘯𝘢𝘭 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘐𝘯𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯" While targeted at non-corporate Commonwealth entities, there is mention of Home Affairs extend these requirements to key private sector providers. With an implementation deadline of 1 Dec 2025 and strict reporting requirements, this document is an important read for anyone holding a security clearance or managing organisations that employ those with clearances. I've included a screenshot of some important first points, but anyone even potentially affected should read the full document at https://lnkd.in/gRY4X6cg or speak with your nominated Security Officer.

Insider threats are rising—and not just in theory. EY’s latest cyber study shows 47% of CISOs and 31% of C-suite leaders have faced insider-driven incidents in the past three years. As threat actors evolve—from nation-states to fraudsters and even competitors—the corporate insider is becoming a central risk vector. Let’s connect to explore how our team of former federal law enforcement, intelligence, and investigations professionals can help you stay ahead with threat-driven tactics. #InsiderRisk #Forensics #Integrity Ryan Dobson Christopher McCavitt Christine St. Pierre

"Federal government security officers responsible for personnel vetting and insider threat detection may need to pay even closer attention to the answers to the questions of ‘associations’ now to assess the trustworthiness of current cleared employees and contractors who are continuously vetted as well as prospective clearance holders.” RAND researchers David Stebbins and Sina Beaghley wrote." In Australia = discover #CleardLife and #CleardPlus read more: https://lnkd.in/gir8deNV

Protecting customers from fraud is one of our top priorities—but it requires team effort. We support The Aspen Institute Financial Security Program Task Force on a national plan to fight fraud and enable more collaboration between industries and government. Read it here: https://lnkd.in/eid526Qd

$4.6M warning shot: DOJ ramps up cyber enforcement on defense contractors The MORSECORP settlement shows that cybersecurity lapses are now legal and financial liabilities — not just technical ones.

"Preventive measures to mitigate the risk of insider threats. Step # 3 Conduct background checks: Conducting background checks on all employees, contractors and vendors before granting them access to sensitive and confidential data can help identify any potential risks. These checks can also be used to verify an individual’s employment history and criminal record." #AS4811 includes a 1:1 interview. Is your screening company asking about previous data breaches candidates have been involved in? https://lnkd.in/gY2t6wZk