A Technical History of the SEI
ihQTwP
ihQTwP
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Insider Threat<br />
The Challenge: Cyber Attacks by Insiders<br />
Insiders pose a challenging cybersecurity threat. They<br />
are trusted employees, former employees, or even contractors<br />
with access to internal systems and sensitive information;<br />
because <strong>the</strong>y have (or recently had) authorized,<br />
trusted access, it is hard to protect against <strong>the</strong>ir<br />
malicious actions [Trembly 2011]. These actions include<br />
IT sabotage, fraud, <strong>the</strong>ft <strong>of</strong> confidential or proprietary<br />
information, espionage, and threats to U.S. critical infrastructure<br />
[Gupta 2008]. The actions <strong>of</strong> a single insider<br />
have resulted in a range <strong>of</strong> impacts, including loss <strong>of</strong><br />
staff hours, loss <strong>of</strong> reputation and customer trust, and financial<br />
damage so extensive that businesses have been<br />
forced to lay <strong>of</strong>f employees or cease operation. Damage<br />
from insider incidents can have far-reaching repercussions,<br />
creating serious risks to public safety and national<br />
security, such as disruption <strong>of</strong> a service in a critical infrastructure,<br />
disclosure <strong>of</strong> classified information, or industrial<br />
espionage. Addressing insider threat is a challenge,<br />
as technological solutions alone are ineffective.<br />
The View from O<strong>the</strong>rs<br />
They have a great insider threat<br />
research team up <strong>the</strong>re; <strong>the</strong>y’ve<br />
been working on this for over 10<br />
years.<br />
– Dr. Ron Ross, National<br />
Institute <strong>of</strong> Standards and<br />
Technology [<strong>SEI</strong> 2011]<br />
CERT is <strong>of</strong>fering a fantastic Insider<br />
Threat Workshop that will be<br />
<strong>of</strong> extreme benefit to anybody in<br />
<strong>the</strong> computer security industry.<br />
– Lauren Gerber, in<br />
PC1news.com<br />
[Gerber 2009]<br />
A Solution: Insider Threat Research and Solutions<br />
The <strong>SEI</strong> has become a center <strong>of</strong> expertise on identifying and mitigating insider threat [Kaplan<br />
2011]. The <strong>SEI</strong> first investigated <strong>the</strong> malicious actions <strong>of</strong> insiders in 2000, when <strong>the</strong> DoD sponsored<br />
research to identify characteristics <strong>of</strong> <strong>the</strong> environment surrounding insider incidents in <strong>the</strong><br />
military services and defense agencies. The findings guided ongoing efforts to reduce <strong>the</strong> threat to<br />
critical information systems in <strong>the</strong> DoD and its contractor community. This work was <strong>the</strong> beginning<br />
<strong>of</strong> an ongoing partnership between <strong>the</strong> <strong>SEI</strong> and <strong>the</strong> DoD’s Defense Personnel Security Research<br />
Center (PERSEREC). The following year, <strong>the</strong> U.S. Secret Service National Threat Assessment<br />
Center (NTAC) and <strong>the</strong> <strong>SEI</strong> worked toge<strong>the</strong>r to conduct a unique study <strong>of</strong> insider<br />
incidents—psychologists from NTAC and technical experts from <strong>the</strong> <strong>SEI</strong> examined insider cases<br />
both from a behavioral and a technical perspective. It was <strong>the</strong> first study that used this dual approach.<br />
In 2002, <strong>SEI</strong> security experts assisted <strong>the</strong> U.S. Secret Service (USSS) with <strong>the</strong> cyber aspect<br />
<strong>of</strong> its protection mission at <strong>the</strong> Salt Lake City Olympic Games, categorized as a National Security<br />
Special Event. In talking with <strong>the</strong> Olympic Committee and considering potential problems,<br />
<strong>SEI</strong> staff realized <strong>the</strong> criticality and extent <strong>of</strong> insider threat. Work with <strong>the</strong> Secret Service continued,<br />
and research was stepped up. In 2013, <strong>the</strong> Secret Service honored <strong>SEI</strong> insider threat experts<br />
for <strong>the</strong>ir “efforts and superior contributions” to USSS law enforcement responsibilities. 39<br />
In 2003 and 2004, <strong>the</strong> Department <strong>of</strong> Homeland Security (DHS) added its sponsorship to <strong>the</strong> insider<br />
threat study and to building a database <strong>of</strong> <strong>the</strong> valuable information collected during <strong>the</strong><br />
39 See http://www.sei.cmu.edu/newsitems/USSS-award.cfm<br />
CMU/<strong>SEI</strong>-2016-SR-027 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 184<br />
Distribution Statement A: Approved for Public Release; Distribution is Unlimited.