ALEXANDRIA, Va. – “The global threat environment is converging into kind of a perfect storm.” 

Defense Counterintelligence and Security Agency (DCSA) Director David Cattler explained his perception that a storm of such magnitude is brewing as he spoke to insider threat and security professionals from military, government, industry and academia at the National Insider Threat Awareness Month (NITAM) conference held at the U.S. Patent and Trade Office on Aug. 18. 

Cattler described the 2025 NITAM theme, ‘Partnering for Progress,’ as timely, urgent and connected to what he sees advancing on the horizon.   

“First, our adversaries are on the move,” said Cattler. “Today's adversaries do not separate economic competition from national security. They see our intellectual property, supply chains and workforce as strategic terrain, as valuable as any battlefield, and that's why our National Industrial Security Program (NISP) oversight is not a niche issue.” 

NISP, established by Executive Order 12829, ensures that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids or research and development efforts. 

“It's central to defending our national power,” he pointed out. “China, our pacing threat, is building its military at an unprecedented rate. At the same time, it's running a global espionage campaign which targets us, our allies and our partners. Russia, Iran and North Korea and non-state actors are also becoming more sophisticated and aggressive. This is not a hypothetical threat landscape. It is active, adaptive and targeting us now.” 

Cattler recounted the following recent examples.  

• Volt Typhoon. In April of this year, the Wall Street Journal reported that China admitted to U.S. officials that it was behind the Volt Typhoon cyber‑attacks on U.S. infrastructure. 

• U.S. Treasury Hack. In December 2024, Chinese hackers breached a Treasury Department vendor, accessing more than 3,000 unclassified files, including those involving Treasury Secretary Janet Yellen.  

• Salt Typhoon. Another Chinese campaign targeting several U.S. telecommunications companies with cyberattacks. 

The rapid advance of technology is moving faster than policy can adapt to it, said Cattler, adding that it’s an ever-present concern impacting today’s security environment.     

“Artificial Intelligence, autonomous systems, cyber warfare and just the sheer volume of global data flows are transforming our operating environment,” he said. “Adversaries are using phishing, smishing, doxing and other cyber techniques to get inside our systems. One Fortune 100 defense contractor reports dealing with 65,000 phishing attempts every single month.”  

Cattler told the audience that domestic pressures are adding to the challenge. 

“Economic strain, public distrust and tighter budgets are real, and yet the demand for defense capability is increasing,” he said. “At the same time, our Secretary of Defense has set clear priorities to restore the warrior ethos, to reestablish deterrence, rebuild the force, match the threat, reform acquisition and modernize the defense industrial base, including the rapid fielding of new technologies.”  

Consequently, more businesses, many of them small and innovative, will enter the market and the defense industrial base.  

“We expect to issue more facility clearances, engage in more personnel vetting and conduct more training,” said Cattler. “Therefore, we will have even more insider risk to manage.” He emphasized DCSA’s mission as America’s Gatekeeper to protect the nation’s trusted workforce and trusted workspaces. “We are the gatekeepers, working with you and industry to ensure classified information and technology remains safe from unauthorized foreign access.”  

In his keynote speech, Cattler highlighted the importance of DOD, government, industry and academia’s partnership with DCSA to ensure a trusted federal and industrial workforce while enabling industry’s delivery of uncompromised capabilities.     

He also outlined the agency’s vision, mission and capabilities as the government’s premier provider of integrated security services across four pillars of activities. 

• Personnel security– 2.7 million background investigations annually, which translates to more than 10,000 new investigations each day.  

• Industrial Security – Oversight of more than 10,000 cleared companies; 13,000 facilities; and 5,500 classified information technology systems.  

• The agency will expand its foreign ownership, control or influence mission to assess all DOD contracts worth more than $5 million per award. 

• Counterintelligence and Insider Threat – DCSA received over 32,000 suspicious contact reports last year, with 3,000 to 4,000 considered serious. 

• Security Training – Millions of course completions each year, 5.4 million last year alone; 11,000 security certifications; and over 100 new polygraph examiners trained annually.  

“We are industry's partner in protecting the nation's competitive and security edge,” said Cattler, while addressing national security concerns, challenges and solutions. “Our adversaries are adapting faster than policy. Cyber-enabled espionage, AI driven targeting and foreign capital exploitation are expanding that threat landscape. We need modernization and efficiency. We need coherency and alignment between government and industry.” 

This alignment requires centralizing more security services within DCSA; increasing collaboration with cleared industry; and balancing compliance costs with mission risk. 

Cattler noted that insider threats are not always committed by foreign adversaries, while recounting the Washington Navy Yard shooter, a Navy reservist, was not unleashed on his coworkers by a foreign power but acted from personal resentments and possible mental illness.   

“His savage workplace attack, combined with the Bradley “Chelsea” Manning and Eric Snowden leaks, led to the establishment of DOD Insider Threat Management and Analysis Center (DITMAC),” said Cattler.   

DITMAC’s mission is to provide the DOD enterprise with a capability to identify, assess, and mitigate risk from insiders, to oversee and manage unauthorized disclosures, and to integrate, manage, mature, and professionalize insider threat capabilities. 

Insider threats, however, continue to be a problem. Recent Insider Threat events include:  

• 2023 – An Air National Guardsman analyst leaked classified national defense information on Discord (chat system) to impress his online friends.  

• 2025 – A Defense Intelligence Agency analyst sought to sell information in exchange for foreign citizenship.   

• 2025 -- The most recent insider threat incident took place earlier this month on Aug. 6 at Fort Stewart. Five Soldiers were wounded when a sergeant opened fire on them with a personal handgun. The shooter was apparently angry at co-workers. 

The DCSA director briefed the audience on the agency’s transformational step forward on insider threat vigilance this year. DCSA began deploying insider threat representatives directly into the operational heart of the defense enterprise, embedded within commands, insider threat hubs and installations nationwide.   

“These aren't just liaisons. They are strategic force multipliers that forge unbreakable partnerships between DCSA and component programs,” said Cattler. “They strengthen the partnerships between DITMAC and component insider threat programs, providing a critical link to insider threat resources, information and capabilities. As highlighted by our ‘Partnering for Progress,’ theme – this concept is woven into the very fabric of our agenda. DCSA is uniquely positioned to be your partner, and to connect you with key counterparts.”