Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insider Threat. CSCE 727 - Farkas2 Reading List The National Infrastructure Advisory Council’s (NIAC) Final Report and Recommendation on the Insider Threat.

Published byTamsyn Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "Insider Threat. CSCE 727 - Farkas2 Reading List The National Infrastructure Advisory Council’s (NIAC) Final Report and Recommendation on the Insider Threat."— Presentation transcript:

1 Insider Threat

2 CSCE 727 - Farkas2 Reading List The National Infrastructure Advisory Council’s (NIAC) Final Report and Recommendation on the Insider Threat to Critical Infrastructures, http://www.dhs.gov/xlibrary/assets/niac/niac_insider_threa t_to_critical_infrastructures_study.pdf, 2008 http://www.dhs.gov/xlibrary/assets/niac/niac_insider_threa t_to_critical_infrastructures_study.pdf CERT, Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector, www.cert.org/archive/pdf/insiderthreat_it2008.pdf, 2008 www.cert.org/archive/pdf/insiderthreat_it2008.pdf

3 Analyzing the Insider Threat Defining the insider threat (physical and cyber) Analyzing scope, dynamics, and effect of globalization Obstacles and challenges to address the threat CSCE 727 - Farkas3

4 Why is it Challenging to Address the Insider Threat? Trusted employee Security breaches often undetected Lack of reported data (organizations handle the events discretely) Difficulties to understand the causes and implications of the threat CSCE 727 - Farkas4

5 Insider Threat “… one or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm.” NIAC’s final report and recommendations of the Insider Threat to Critical Infrastructures, 2008 CSCE 727 - Farkas5

6 Access To the systems, facilities, or information Additional “insiders” – Unescorted vendors – Consultants – Contractors Trust CSCE 727 - Farkas6

7 Technical Aspect CERT/SEI and US Secret Service study: Technical aspects: – Most insiders had authorized access at the time of malicious activities – Access control gaps facilitated most of the insider incidents – Most insiders modified or deleted information using only user commands – Some used technical means for compromising accounts CSCE 727 - Farkas7

8 Access Control Issues Access exceeded what was needed to do the job Access was obtained following termination or changes in position The insider was able to use another employees account or computer Technical control was insufficient Insider could circumvent technical control CSCE 727 - Farkas8

9 Trust Procedures to support trust management – Establish appropriate level of trust at employment – Monitor compliance over time – Revoke access Mission critical positions CSCE 727 - Farkas9

10 10 Consequences of Misuse Critical Infrastructure: – Interruption of services to a geographic area or sector – Large scale economic loss – Psychological effects (loss of public confidence) – Loss of life Public Policy: public health, public psychology, economic activity

11 Other Consequences Sabotage (cyber of physical) Theft Fraud Intellectual property theft, etc. CSCE 727 - Farkas11

12 Actors Psychologically impaired disgruntled or alienated employees Ideological or religious radicals Criminals What are the corresponding motivations? CSCE 727 - Farkas12

13 Psychology of the Insider Shaw, E.D., Ruby, K.G., & Post, J. M. (1998). The insider threat to information systems. Security Awareness Bulletin, 2–98, 27–46. Focuses on computer technology specialists “…introversion is characteristic of computer technology specialists as a group, as well as scientists and other technology specialists.” CSCE 727 - Farkas13

14 Technically Capable Insiders’ Characteristics Social and personal frustration Computer dependency Ethical flexibility Reduced loyalty Entitlement Lack of empathy CSCE 727 - Farkas14

15 CERT Insider Threat Blog Insider Threat Team: Insider Threat Case Trends of Technical and Non-Technical Employees, http://www.cert.org/blogs/insider_threat/2011/01/insider_t hreat_case_trends_of_technical_and_non- technical_employees.html http://www.cert.org/blogs/insider_threat/2011/01/insider_t hreat_case_trends_of_technical_and_non- technical_employees.html Non-technical incidents increase until 2006 Damage: – Average technical insiders: more than $750,000 – Average non-technical insiders: more than $800,000 CSCE 727 - Farkas15

16 Insider Incidents CSCE 727 - Farkas16 Copyright: CERT Insider Threat

17 Who Will Carry Out the Malicious Intent? Lots of disgruntled employees – there is NO direct correlation between disgruntled employees and insider threats Mechanism to betrayal: – Growing discontent – Recruitment by hostile outside entities – Infiltration of a malicious actor to a trusted position CSCE 727 - Farkas17

18 Psychology of the Insider Psychology plays a role in all the known cases in addition to – Ideology, religion, radicalization, and crime CERT study: comparing IT sabotage and espionage – Common set of personality traits – Behavioral deviation from what is expected CSCE 727 - Farkas18

19 Psychology of the Insider CERT first set of indicators for potential insiders (2008): – Difficult or high maintenance employee – Personality issues that affect social skills and decision making – History of rule violations – Social network risks – Medical/physical issues (e.g., substance abuse) CSCE 727 - Farkas19

20 What can be done? Employee screening – Need common screening practices Periodic reevaluation Incentives to maintain/increase loyalty Research to understand motivations and mitigate risk accordingly Technology/psychology/social studies CSCE 727 - Farkas20

21 Obstacles to Address Insider Threat 1. Lack of information sharing – Incentives of organizations to share their findings – Counterincentives! Lack of sufficient research – Risk management – Comprehensive model Lack of education and awareness – Privacy violation risk? – Discrimination? CSCE 727 - Farkas21

22 Obstacles to Address Insider Threat 2. Managing and maintaining employee identification Uneven background screening Cultural and organizational challenges Technological challenges – Not interoperable technologies among the organizations – Ethical boundaries in virtual space are not always clear – globalization CSCE 727 - Farkas22

23 CSCE 727 - Farkas23 Types of Insider Threats State and military espionage Economic espionage Corporate espionage Privacy compromises

24 CSCE 727 - Farkas24 State and Military Espionage Foreign intelligence agencies Goal: collect state and military secrets Target: foreign government Insider traitors, foreign agents, spies Motivation of traitor: – Financial gain, ideology, revenge

25 CSCE 727 - Farkas25 Examples 1987: Earl E. Pitts – special agent FBI – Became: KGB agent – Motivation: financial gain – Sentencing: fine ($500,000 + $250,000) 1994: Aldrich H. Ames – CIA agent – Became: KGB agent – Motivation: financial gain – Sentencing: life sentence

26 CSCE 727 - Farkas26 Economic Espionage Government intelligence (state sponsored_ Goal: acquire economic secret of foreign country, trade policies, and trade secrets Target: foreign corporations, research facilities, universities, defense contractors Method: similar to military espionage Technological competitions

27 Economic Espionage Seeking critical technologies Often ties with corporate espionage Level of security is the level of the weakest point CSCE 727 - Farkas27

28 CSCE 727 - Farkas28 Example Pierre Marion (France) – Admitted spying on foreign firms – IBM, Texas Instrument, Corning Glass Marc Foldberg (Renaissance Software, Inc. Palo Alto, CA) – copied software Motivation: financial gain Sentencing: community service Guillermo (Bill) Gaede – temp. employee of Intel Corp. – Motivation: financial gain – Sentencing: 33 months in federal prison

29 CSCE 727 - Farkas29 Corporate Espionage Corporation against other corporations Goal: acquire competitive advantage in domestic or global market Foreign or domestic competitors

30 CSCE 727 - Farkas30 Corporate Espionage Computer technology: convenient way Investigations – Go public or not Law – Inadequate – Gray areas

31 CSCE 727 - Farkas31 Examples Cadence Design Systems vs. Avant! -- software product General Motors vs. VW IBM vs. Hitachi

32 Dynamics Globally distributed workforce Most insiders are discovered after they committed the malicious act  increased damage Research: detect malicious behavior before it happens CSCE 727 - Farkas32

33 CSCE 727 - Farkas33 Privacy Violations Personal data – SS Administration – Law Enforcement – Medical – Financial Computer systems – Trusted security personnel? – Trusted system administrators? – Temporary employees?

Download ppt "Insider Threat. CSCE 727 - Farkas2 Reading List The National Infrastructure Advisory Council’s (NIAC) Final Report and Recommendation on the Insider Threat."

Similar presentations

Cyber Crime and Technology

Cyber Crime and Technology
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.

THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Warfare Theory of Information Warfare

Information Warfare Theory of Information Warfare
Overview of Joe B. Taylor CS 591 Fall 2008. Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.

Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Network security policy: best practices

Network security policy: best practices
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Chapter 13: Data Security & Disaster Recovery Database Management Systems.

Chapter 13: Data Security & Disaster Recovery Database Management Systems.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google