The U.S. government could save up to $30 billion in just over two decades if it were to adopt continuous evaluation of personnel with security clearances instead of sticking with the current methods of periodic reinvestigation and readjudication.

That’s according to a recent RAND Corporation research report titled Assessing Continuous Evaluation Approaches for Insider Threats.

RAND studied several federal agencies’ continuous evaluation programs (also referred to as continuous vetting) and concluded that current investigation and adjudication processes are overly time-consuming.

The inefficiencies, RAND says, have contributed to current backlogs — including 156,000 unprocessed periodic reinvestigations as of 2018.

Replacing current processes with continuous evaluations could generate cost savings in as little as six years and up to $30 billion over the next 25 years, the report says.

To get there, RAND recommends a number of related changes, including establishing “a common definition of ‘insider threat’ to facilitate intragovernmental efforts,” as well as a common definition of continuous evaluation.

It also recognizes that the volume and variety of data sources have increased exponentially since continuous evaluation first came into use decades ago, and recommends that the “federal government, private sector, and academic community should work together to develop an effective way to share the unique data and behavioral traits gained from actual insider cases.”

The report’s authors made yet another insightful finding and related recommendation — one that Haystax has advocated for years. They found that the notable dissimilarities between the Manning, Snowden and Hasan cases prompted agencies to start categorizing insider threats “by intent as opposed to considering them exclusively on a binary scale as threats or not threats.”

Based on that critical observation, RAND’s recommendation is as follows: “Because insider threats exist across a broad spectrum, it would be useful to categorize insider threats in attempting to reduce and mitigate them. Intent is often an explicit threat indicator among insider categories; by contrast, negligence is not. While negligence does not necessarily imply intent, negligence, as committed by insiders who fall under the well-intentioned category of insider (i.e., someone who commits violations through ignorance), for example, should also be considered a threat because it introduces serious liability and consequences.”

#  #  #

Note: The RAND report can be downloaded here. Full disclosure: Haystax is mentioned in the report due to its participation in a pilot program run by the DoD Insider Threat Management Analysis Center (DITMAC), which is testing new ways of determining pre-incident risk. RAND notes that the pilot uses Haystax’s probabilistic modeling approach “to create a daily risk report for top-level managers… with a reported detection accuracy rate of 95 percent.”