Inside the Insider Threat

Description

Insider threats are a present and growing concern to organizations worldwide. Trusted employees with detailed knowledge and authorized access privileges have the capability to inflict devastating consequences through intentional/malicious or unintentional/accidental means to an organization's critical assets that include people, data, facilities, and technologies. Given the complexity of the insider threat problem, anymitigation approach must have both a behavioral and a technical component.

Understanding and combatting both types of insider threat effectively poses complex and difficult problems for the research and operational communities. Unintentional insider threats are as dangerous as intentional ones, and both types of threats deserve careful study in order to better understand their origins and develop effective mitigation approaches. Because of differences in motivation and intent, these two types of insider threat must be handled differently. Just as human error may be traced to deep-seated systemic problems, unintentional insider threat incidents may arise from a variety of contributing organizational factors, such as conflicting policies that confuse the otherwise well-meaning perpetrator. Intentional insider threats are associated with more malicious motivations, but even these threats can have organizational contributing factors.

Analyzing and detecting insider threats therefore should involve examination of both technical and non-technical indicators. Effective approaches will require contributions from many different disciplines, including those that study human behavioral factors. This minitrack solicits papers emphasizing this cross-cutting work as well as papers that present case studies and experiences in coping with insider attacks or preventing them.

Specific example topic areas include, but are by no means limited to:

• Predicting insider threats
• Analyzing the effect of (potential or actual) insider attacks
• Data on the scope and effect of insider threats and/or attacks
• Understanding and mitigating unintentional insider threats
• Detecting data exfiltration
• Use of the Internet Dark Web to collude and assist with carrying out insider threat attacks
• Visualization of both attacks and countermeasures
• Creating realistic data sets (both real and synthetic)
• Sharing real or realistic data sets
• Measuring the effectiveness of mitigation technologies and methodologies
• Use of mathematical algorithms to reduce false positives, false negatives, and assist with anomaly detection
• Implementing artificial intelligence-based solutions to aid in discovery of patterns of insider behavior
• Examining the causes of insider attacks from a behavioral science perspective
• Analysis of social media/social engineering case studies of insider threats and attacks
• Human factors and the insider threat problem
• Examining possible organizational factors associated with insider threats
• Examining effectiveness of active versus passive indicators of insider attacks
• Multi-disciplinary approaches to mitigating the insider threat problem
• Recommendations for developing an insider threat program for a particular type of organization
• Recommendations for “Who is Watching the Watchers?”
• Research of effective training and awareness measures
• Minimizing the cost of preventive measures

Minitrack Leaders

Jason W. Clark is a researcher at Carnegie Mellon University - Software Engineering Institute (SEI). His main area of interests are cyber-security with a focus on insider threats, specifically prediction, detection, and mitigation. He completed his Ph.D in Information Technology from George Mason University, where he specialized in cyber-crime and anonymous searching of the Internet. Prior to joining the SEI in 2012, Jason worked at the Institute for Defense Analyses (IDA) as a lead information security analyst and from 2003-2007 at the United States Census Bureau writing and reviewing security documentation and policy. He also teaches part-time courses at Northern Virginia Community College (NVCC), Southern New Hampshire University (SNHU), and Embry Riddle University.

Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and was on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis. His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He is active in the areas of network security, the study of denial of service attacks and defenses, policy modeling, software assurance testing, formal modeling of access control, and the insider problem. He is also interested in electronic voting, and was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified in the State of California. He is active in information assurance education. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional. He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.

Frank L. Greitzer is Founder and Principal Scientist at PsyberAnalytix, LLC, which performs applied research and consulting in cognitive systems engineering and human-systems analysis to improve information technology/computational science support for decision making, training, and human information processing. He holds a PhD degree in Mathematical Psychology with specialization in memory and cognition and a BS degree in Mathematics. Dr. Greitzer recently retired from the Pacific Northwest National Laboratory (PNNL), where he served as a Chief Scientist for Cognitive Informatics and supported research in human-system integration, decision making and information processing in applied areas of cyber security, power grid/smart grid operational decision making, and intelligence/information analysis. With over thirty years of applied research and development experience in cognitive psychology, human information processing, and user-centered design, his research interests include human behavior modeling to anticipate cyber/insider and terrorist threats, cognitive support for control systems operators and decision makers, and associated decision support/visualization solutions, as well as design of evaluation methods and metrics to assess the performance and effectiveness of new methods and tools. Dr. Greitzer’s interests also include applying cognitive principles to develop innovative, interactive training and education applications.