Insider Threat Science, Measurement, Implementation, and Effect Minitrack



COL Ronald C Dodge JR, (Primary Contact)

United States Military Academy

606 Thayer Road, Room 105, West Point, NY 10996, USA

Phone: +1-845-938-5569

Fax: +1-845-938-5141


Dawn M. Cappelli

CERT Insider Threat Center, Carnegie Mellon University Software Engineering Institute

4500 Fifth Avenue, Pittsburgh, PA 15213-2612, USA

Phone: +1-412-268-9136

Fax: +1-412-268-6989


Aaron J. Ferguson

Information Assurance Directorate Analytic Tradecraft Office

National Security Agency (NSA)

911 Elkridge Landing Road, Linthicum, NY 21090, USA

Phone: +1-410-854-0691

Fax: +1-410-694-4323


Go to  HICSS Conference Site

The insider threat continues to be one of the prime security concerns of government and industry organizations.  The topic continues to dominate public discussion and is perceived by senior organizational leadership as one of the most significant and difficult to mitigate security vulnerabilities. The threat from insider activity can be broadly defined as threats introduced to an organization by a trusted entity.  This definition encompasses both malicious insider activity where the participant plays a knowing role in the activity and the user who unknowingly introduces a threat inside the organizational security boundaries.

With the recent news surrounding WikiLeaks, Insider Threat is increasingly becoming a topic discussed at all levels of the government, technology conferences and industry.  While the concept of insider threat itself is not new, the ability to: develop robust insider threat model and integrate these models into technical, automated solutions is an area of heightened research (evidenced by the DARPA Cyber Insider Threat (CINDER) program). As a result, developers, mathematicians, managers, and network owners are looking for ways to mitigate the problems caused by malicious insiders, i.e., exfiltration of personally identifiable information (PII), sabotage, and theft of intellectual property.

The technical area of the mini-track will focus on the aspects of insider threat that can be modeled, detection methodologies, and mitigation techniques.  Broadly defined, insider threat encompasses the knowing and unknowing participants in compromising the trusted interior of an organizations security boundary.  Research into detecting person or system characteristics indicative of insider threat and ways to mitigate this threat is of significant importance to all organizations. This threat is of particular relevance to both government and the private sector as processes are heavily reliant on information technology (IT). This reliance on IT subsequently exposes organizations to data security threats to a greater extent than any other period in history. The research over the last 5 years has introduced growth in our ability to protect our data and systems, but also introduces privacy concerns.

Topics and research areas include, but are not limited to:

  1. -Science of insider threat – for example, development of a common vernacular, ontology, definition, and standards for insider threat

  2. -Metrics & Measures of Effectiveness (MMoEs) for insider threat detection and mitigation.

  3. -Defining precursors and indicators

  4. -Developing detection algorithms

  5. -Modeling

  6. -Forensics

  7. -Psychology of insiders

  8. -Unintentional insider threats

  9. -Legal, social, and privacy issuess

More co-chair information

COL Ronald C Dodge Jr., PhD, is an active duty Colonel in the Army and is an Associate Professor in the Electrical Engineering and Computer Science department at the United States Military Academy.  He is the CIO and Associate Dean for Information and Education Technology and teaches operating systems and security courses.  Ron’s current research focuses are information warfare, virtualization, security protocols, and performance planning and capacity management.  He is a frequent speaker at national and international IA conferences.

Aaron J. Ferguson,  PhD, is the Technical Director at the National Security Agency (NSA) in the Analytic Tradecraft Automation Office. While his primary interest is in the application of machine learning analytics to cyber warfare problems, Insider Threat is a favorite area of research and development. Aaron's other interests include malware and vulnerability analytics, vulnerability analysis, and software development. He was the NSA Visiting Professor at the United States Military Academy at West Point in the Department of Electrical Engineering & Computer science from 2003-2006. He is currently an adjunct professor in Computer Science at Howard University in Washington, DC and in the Information Systems Management department at the University of Maryland University College. He is a frequent speaker at national workshops and symposiums..

Dawn M. Cappelli, CISSP, is Founder and Technical Manager of the CERT Insider Threat Center, and the Enterprise Threat & Vulnerability Management team in Carnegie Mellon’s Software Engineering Institute. Her team members are domain experts in insider threat and incident response; they research, analyze, and model cyber threats; develop and conduct security assessments; and provide solutions and training for preventing, detecting, and responding to illicit cyber activity.  Dawn is invited to speak at national and international venues, is adjunct professor in CMU’s Heinz College, Vice-Chair for CERT’s CSIH Certification Advisory Board, on the program committee for RSA and HICSS conferences, and was awarded the 2011 SEI Director's Office Award of Excellence.


“Insider threats are among the prime security concerns of government and industry organizations”

The HICSS-47  version of the minitrack had to be suspended due to the lack of funding for its contributors