Insider Threat Modeling and Analysis

Insider Threat continues to be a prime security concern of government and industry organizations. The topic dominates public discussion and is perceived by senior organizational leadership as one of the most significant and difficult to mitigate security vulnerabilities. Developers, managers, network owners and other stakeholders in government and industry are looking for ways to mitigate the problems caused by insider threats. The threat from insider activity can be broadly defined as threats introduced to an organization by a trusted entity. This definition encompasses both malicious insider threats where the user plays a knowing role in the activity and unintentional insider threat, when the user unknowingly introduces a threat inside the organizational security boundaries. Both malicious and unintentional insider threats (UIT) may lead to data loss, compromise or destruction of organizational information or assets, theft or unauthorized disclosure of private information such as personal identifying information or intellectual property, and other outcomes that are harmful to the effective operation of the organization.

The insider threat continues to capture the attention of the public and all levels of the government, with the security breaches associated with WikiLeaks and the more recent leaks and discussions surrounding the NSA data monitoring once again bringing into focus the tradeoffs between security and privacy. While the concept of insider threat itself is not new, government sponsored research in the last 5-10 years has led to more advanced approaches to insider threat modeling and proposed automated solutions for combatting malicious insider exploits. Recent research has also called for greater attention to be devoted to increasing our understanding of the threats in social media—particularly social engineering threats—that can undermine organizational security.

The technical area of the mini-track will focus on the aspects of insider threat that can be modeled, human factors approaches to detection and mitigation, automated detection methodologies, and an understanding of similarities and differences in malicious versus unintentional insider threats, with implications for detection, prevention and mitigation.

Minitrack topics include, but are not limited to:

• Defining and modeling precursor user behavior or system activity leading to malicious activity.
• The interface between technology and human factors in detecting and mitigating insider threat
• Case studies of insider events (including UITs)
• The nature and scale of insider threats and how to build effective responses
• Current and emerging technologies, and their likely effectiveness
• Innovative/novel data collection of threat indicators
• Screening and monitoring: balancing security and privacy rights
• Insider threat and social media

More information on the mini-track chairs:

Frank L. Greitzer, Ph.D., is owner and Principal Scientist of PsyberAnalytix, a company that performs consulting research in cognitive and behavioral systems engineering and analysis. Dr. Greitzer holds a PhD degree in Mathematical Psychology with specialization in memory and cognition and a BS degree in Mathematics. His research and consulting activities currently focus on behavioral modeling and mitigation approaches in combatting the insider threat, and on assessing operator competency and performance in cybersecurity and secure power systems applications. Prior to founding PsyberAnalytix in 2012, Dr. Greitzer served as a Chief Scientist at the Pacific Northwest National Laboratory (PNNL), where he led the R&D focus area of Cognitive Informatics, conducting research applied to intelligence and counterintelligence analysis, cybersecurity and power systems operations, and training and performance evaluation.

Russell Palarea, Dr. Russell Palarea is the founder and President of Operational Psychology Services, a psychological constancy specializing in information security and violence prevention. Through his company, Dr. Palarea provides investigative consultation, operational training, and program development on threat assessment, counterterrorism, and insider threat to Fortune 500 companies, corporate and global security firms, local/state/campus law enforcement, and the State Department’s Diplomatic Security Service. From 2001-2011, Dr. Palarea served as a Staff Operational Psychologist with the Naval Criminal Investigative Service (NCIS), where he consulted with the Insider Threat Program, Threat Management Unit, and Counterterrorism Department. He has conducted research on stalking, workplace violence, assessment of communicated threats, and violence prevention with the Los Angeles Police Department Threat Management Unit, US Capitol Police Threat Assessment Section, Nebraska State Patrol, and Lincoln Police Department.

COL Ronald C Dodge Jr., PhD, is an active duty Colonel in the Army and is an Associate Professor in the Electrical Engineering and Computer Science department at the United States Military Academy. He is the CIO and Associate Dean for Information and Education Technology and teaches operating systems and security courses. Ron’s current research focuses are information warfare, virtualization, security protocols, and performance planning and capacity management. He is a frequent speaker at national and international IA conferences.