The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures

A study conducted by the U.S. Secret Service and the Carnegie Mellon University Software Engineering Institute CERT Program analyzed 150 insider cyber crimes across U.S. critical infrastructure sectors. Follow-up work by CERT involved detailed group modeling and analysis of 54 cases of insider IT sabotage out of the 150 total cases. Insider IT sabotage includes incidents in which the insider’s primary goal was to sabotage some aspect of the organization or direct specific harm toward an individual. This paper describes seven general observations about insider IT sabotage based on our empirical data and study findings. We describe a System Dynamics model of the insider IT sabotage problem that elaborates complex interactions in the domain and unintended consequences of organizational policies, practices, technology, and culture on insider behavior. We describe the structure of an education and awareness workshop on insider IT sabotage that incorporates the previously mentioned artifacts as well as an interactive instructional case.

[1]  Randall F. Trzeciak,et al.  Common Sense Guide to Prevention and Detection of Insider Threats , 2006 .

[2]  J Swanson,et al.  Business Dynamics—Systems Thinking and Modeling for a Complex World , 2002, J. Oper. Res. Soc..

[3]  Eliot H. Rich,et al.  Simulating Insider Cyber-Threat Risks : A Model-Based Case and a Case-Based Model , 2005 .

[4]  John D. Sterman,et al.  System Dynamics: Systems Thinking and Modeling for a Complex World , 2002 .

[5]  Dawn M. Cappelli,et al.  Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis , 2006 .

[6]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[7]  O. ZAHN,et al.  Dynamics of Growth in a Finite World , 2009 .

[8]  M. Pursley Report Documentation Page Form Approved Omb No. 0704-0188 Please Do Not Return Your Form to the above Address. 1. Report Date (dd-mm-yyyy) Final Technical Report Receiver Statistics for Cognitive Radios in Dynamic Spectrum Access Networks Onr , 2007 .

[9]  Jean Hartley,et al.  Case study research , 2004 .

[10]  Jose J. Gonzalez,et al.  A system dynamics model of an insider attack on an information system , 2003 .

[11]  Dawn M. Cappelli,et al.  Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks , 2007 .

[12]  David F. Andersen,et al.  Preliminary System Dynamics Maps of the Insider Cyber-threat Problem , 2004 .