Insider Threat Modeling, Detection, and Mitigation Minitrack

 

Co-chairs


COL Ronald C Dodge JR, PhD (Primary Contact)

United States Military Academy

606 Thayer Road, Room 105, West Point, NY 10996, USA

Phone: +1-845-938-5569

Fax: +1-845-938-5141

Email: ronald.dodge@usma.edu


Aaron J. Ferguson, Ph.D.

National Security Agency (NSA) Integree at the DoD Cyber Crime Center/DCCI

911 Elkridge Landing Road, Linthicum, NY 21090, USA

Phone: +1-410-854-0691

Fax: +1-410-694-4323

Email: ajferg3@nsa.gov


Dawn M. Cappelli

Technical Manager, Enterprise Threat & Vulnerability Management &

CERT Insider Threat Center

4500 Fifth Avenue, Pittsburgh, PA 15213-2612, USA

Phone: +1-412-268-9136

Fax: +1-412-268-6989

Email: dmc@cert.org






Go to  HICSS Conference Sitehttp://www.hicss.hawaii.edu/HICSS_46/apahome46.htmhttp://www.hicss.hawaii.edu/HICSS_46/apahome46.htmhttp://www.hicss.hawaii.edu/hicss_46/apahome46.htmshapeimage_2_link_0shapeimage_2_link_1
 
 

The insider threat continues to be one of the prime security concerns of government and industry organizations.  The topic continues to dominate public discussion and is perceived by senior organizational leadership as one of the most significant and difficult to mitigate security vulnerabilities.  The threat from insider activity can be broadly defined as threats introduced to an organization by a trusted entity.  This definition encompasses both malicious insider activity where the participant plays a knowing role in the activity and the user who unknowingly introduces a threat inside the organizational security boundaries.


With the recent news surrounding WikiLeaks, Insider Threat is increasingly becoming a topic discussed at all levels of the government, technology conferences and industry.  While the concept of insider threat itself is not new, the ability to: develop robust insider threat model and integrate these models into technical, automated solutions is an area of heightened research (evidenced by the DARPA Cyber Insider Threat (CINDER) program).  As a result, developers, mathematicians, managers, and network owners are looking for ways to mitigate the problems caused by malicious insiders, i.e., exfiltration of personally identifiable information (PII), sabotage, and theft of intellectual property.


The technical area of the mini-track will focus on the aspects of insider threat that can be modeled, detection methodologies, and mitigation techniques.  Broadly defined, insider threat encompasses the knowing and unknowing participants in compromising the trusted interior of an organizations security boundary.  Research into detecting person or system characteristics indicative of insider threat and ways to mitigate this threat is of significant importance to all organizations.  This threat is of particular relevance to government as processes are heavily reliant on information technology (IT).  This reliance on IT subsequently exposes the government to data security threats to a greater extent than any other period in history.


Topics and research areas include, but are not limited to:


  1. -Defining and modeling precursor user behavior or system activity leading to malicious activity. 

  2. -Malware as a new insider threat

  3. -Case studies of insider events

  4. -The nature and scale of insider threats and how to build effective responses

  5. -Current and emerging technologies, and their likely effectiveness

  6. -Innovative/novel data collection of threat indicators

  7. -Screening and monitoring: balancing security and employees’ rights


More co-chair information


COL Ronald C Dodge Jr., PhD, is an active duty Colonel in the Army and is an Associate Professor in the Electrical Engineering and Computer Science department at the United States Military Academy.  He is the Associate Dean for Information and Education Technology and teaches operating systems and security courses.  Ron’s current research focuses are information warfare, virtualization, security protocols, and performance planning and capacity management.  He is a frequent speaker at national and international IA conferences.


Aaron J. Ferguson,  PhD, is a Technical Leader at the National Security Agency (NSA) detailed as a Visiting Scientist to the Department of Defense Cyber Crime Institute. His current field of expertise is Insider Threat and has organized several workshops and symposiums. His most recent workshop was an Insider threat Workshop held at the NSA Center of Academic Excellence Principals conference in November 2010. Aaron’s research focuses on development of ontologies and analytics that can be used to characterize, detect, and predict malicious insider activity. His other interests include malware analysis, vulnerability analysis, and software development. He is an adjunct professor in Computer Science at Howard University; Information Technology at the University of Maryland University College, and is a frequent speaker at national workshops and symposiums.


Dawn M. Cappelli, is a Senior Member of the Technical Staff in CERT at Carnegie Mellon University's Software Engineering Institute (SEI). She has over 25 years experience in software engineering, including programming, technical project management, information security, and research. She is technical lead of CERTs insider threat research, including the Insider Threat Study conducted jointly by the U.S. Secret Service and CERT.  One current focus of the CERT insider threat team is use of modeling and simulation to analyze and communicate the complexity of the insider threat problem. Dawn is a highly “sought after” and frequent speaker at national workshops and symposiums.


 

“Insider threats are among the prime security concerns of government and industry organizations”