Inside the Insider Threat

Minitrack Description

Insider threats are a present and growing concern to organizations worldwide. Trusted employees have the capability for inflicting devastating consequences to their employer’s assets, data, and IT infrastructure, primarily because of their detailed knowledge and authorized access these systems. Indeed, the insider problem is also pernicious in the non-computer world; as the ancient Roman satirist Juvenal said, "Who will guard the guards themselves?" Any approach therefore must have not only a technical aspect, but also a non-technical (social, political, legal, cultural, and so forth) approach. Insider attacks may be accidental or arise from conflicting policies that confuse the putative attacker. These unintentional insider attacks are as dangerous as deliberate insider attacks, but must be handled differently due to the lack of maliciousness. Understanding how to cope with unintentional insider attacks effectively is also a complex, difficult problem.

Analyzing and detecting insider threats involve both technical and non-technical approaches across many different disciplines, including human-oriented ones. This minitrack solicits papers emphasizing this cross-cutting work as well as papers that present case studies and experiences in coping with insider attacks or preventing them.

Specific example topic areas include, but are by no means limited to:

• Active and passive indicators of insider attacks
• Visualization of both attacks and countermeasures
• Innovative measures to measure efficacy of both attacks and defenses
• Analyzing the effect of (potential or actual) insider attacks
• Data on the scope and effect of insider threats and/or attacks
• Creating realistic data sets
• Sharing real or realistic data sets
• Minimizing the cost of preventative measures
• Examining the causes of insider attacks
• Multi-disciplinary approaches to the insider problem
• Measuring the effectiveness of remediation technologies and methodologies
• Insider threats and social media case studies of insider threats and attacks, including unintentional attacks
• Human factors and the insider problem

More information on the minitrack chairs:

Jason W. Clark is a researcher at Carnegie Mellon University - Software Engineering Institute (SEI). His main area of interests are cyber-security with a focus on insider threats, specifically prediction, detection, and mitigation. He completed his Ph.D in Information Technology from George Mason University, where he specialized in cyber-crime and anonymous searching of the Internet. Prior to joining the SEI in 2012, Jason worked at the Institute for Defense Analyses (IDA) as a lead information security analyst and from 2003-2007 at the United States Census Bureau writing and reviewing security documentation and policy. He also teaches part-time courses at Northern Virginia Community College (NVCC), Southern New Hampshire University (SNHU), and Embry Riddle University.

Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and was on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis. His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He is active in the areas of network security, the study of denial of service attacks and defenses, policy modeling, software assurance testing, formal modeling of access control, and the insider problem. He is also interested in electronic voting, and was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified in the State of California. He is active in information assurance education. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional. He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.

Candice Hoke is the Founding Co-Director of the Center for Cybersecurity & Privacy Protection at Cleveland State University. She holds an M.S. in information security from Carnegie Mellon University and a J.D. from Yale Law School. For over a decade, her research has focused on regulation of cyber risks, and she worked as a cybersecurity engineer specializing in cyber risk management at CERT/Software Engineering Institute. In the mid-2000s, she developed expertise in voting technology security, and founded and directed the federally funded Center for Election Integrity at CSU. Professor Hoke’s interests extend to the underlying causes of cyber insecurity, including software quality and assurance issues, enterprise network architectures, and Internet engineering.