Skip to content
All about technology.All about cybersecurity.

Streamlining operations for greater success: Strategies for federal administration to address external dangers and internal breaches from third parties and insiders

Persisting cybersecurity threats from external vulnerabilities and internal sources remain a significant concern, as the digital landscape becomes increasingly unpredictable.

 and  Administrator
3 min read
Federal Government's Approach to Counter Third-Party Dangers and Internal Security Risks in the...
Federal Government's Approach to Counter Third-Party Dangers and Internal Security Risks in the Pursuit of Efficiency

Streamlining operations for greater success: Strategies for federal administration to address external dangers and internal breaches from third parties and insiders

Securing the Federal Government in 2025: Addressing Third-Party Vulnerabilities, Insider Threats, and AI Risks

In the ever-evolving landscape of cybersecurity, federal government agencies are grappling with the challenges of third-party vulnerabilities, insider threats, and risks associated with the adoption of artificial intelligence (AI). To address these concerns, agencies are aligning their strategies with recent Executive Orders (EOs) and government initiatives that focus on secure software development, supply chain security, AI-cyber convergence, and efficiency.

Focus on Third-Party Risk Management

The June 2025 Executive Order (EO 14306) emphasises the importance of securing third-party software supply chains. Agencies are urged to adopt secure software development frameworks consistent with NIST Special Publication 800-218 (Secure Software Development Framework - SSDF). This involves greater vetting, monitoring, and governance of contractors and third-party vendors to reduce vulnerabilities introduced via external software and services.

Address Insider Threats with Governance Structures

Emerging cybersecurity policy trends in 2025 prioritise the establishment of leadership and governance programs within agencies to oversee cybersecurity coordination. Dedicated offices or programs focus on managing insider threat risks through enhanced monitoring, access control, and incident response protocols, improving internal security oversight without significantly expanding budgets.

Integrate AI Security with Cybersecurity Measures

The current administration’s cybersecurity EO highlights the convergence of AI and cybersecurity, signalling a need to address AI-specific risks such as algorithmic manipulation, data poisoning, and automation vulnerabilities. Agencies are advised to develop policies that align AI investments with comprehensive network visibility and control improvements, leveraging AI’s strengths while mitigating associated risks.

Leverage Federal Initiatives for Efficiency and Budget Constraints

The revised EO reduces prescriptive compliance burdens on agencies, allowing more flexibility to prioritise high-impact cybersecurity investments within budget constraints without sacrificing security. The government is also fostering public-private consortia (e.g., via NIST’s National Cybersecurity Center of Excellence) to develop best practices and share knowledge, thus improving efficiency and reducing duplication of effort.

Focus on Foreign Threat Mitigation

The EO sharpens attention on significant foreign cyber threat actors such as China, Russia, Iran, and North Korea. Agencies are directed to concentrate resources and sanctions on these actors, enabling more efficient use of limited budgets by focusing defenses where risk is highest.

Practical Measures for Federal Agencies

  • Adopting NIST’s SSDF for third-party software security.
  • Creating or strengthening dedicated cybersecurity governance units to monitor insider threats.
  • Developing integrated cybersecurity and AI risk management policies.
  • Participating in inter-agency and industry consortia for knowledge sharing and efficiency.
  • Prioritising defense efforts against prominent foreign cyber threats.

These strategies allow federal agencies to navigate the complex cybersecurity landscape in 2025 effectively while adhering to updated executive policies and fiscal limitations.

Note of Caution

Malicious insiders target agencies through deliberate actions for personal benefit. It is crucial for agencies to maintain vigilance and implement robust security measures to protect against insider threats.

The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik. Budget constraints and acquisition processes must keep up with the rapid pace of technological change in the strategic planning process.

This article is for informational purposes only and does not constitute business or legal advice. Organisations should consult with legal and compliance professionals to ensure their cybersecurity strategies meet all applicable federal, state, and international requirements.

  1. In light of budget cuts in the federal workforce, it is essential for the reimagined workforce to focus on adopting NIST's Secure Software Development Framework (SSDF) for third-party software security, as stressed by the June 2025 Executive Order (EO 14306), to reduce vulnerabilities and enhance the security of the federal government.
  2. With the urgency of managing insider threats in the context of cybersecurity, the need for federal agencies to create or strengthen dedicated cybersecurity governance units has become paramount, as per the emerging cybersecurity policy trends in 2025, to monitor insider threats effectively without significantly expanding budgets.

Read also:

    Related

    Latest