Software Engineering Institute

Securing American critical infrastructures is a national priority. In The National Strategy to Secure Cyberspace, the President's Critical Infrastructure Protection Board emphasizes the importance of securing the nation's critical infrastructures and improving national cyber security. As most of America's critical infrastructure is privately held, a key component of the strategy is strengthening public-private partnerships. Similarly, the U. S. Department of Homeland Security is engaged in initiatives to enhance protection for critical infrastructure and networks by promoting working relationships between the government and private industry. One of these initiatives specifically promotes awareness of the insider threat issue to organizations.

The insider threat is a problem faced by all industries and sectors today. The consequences of insider incidents can include lost staff hours, negative publicity, and financial damage so extensive that a business may be forced to lay off employees or close its doors. Furthermore, insider incidents can have repercussions extending beyond the affected organizations to include disruption of operations or services within critical sectors, or the issuance of fraudulent identities that create potential risks to the public and homeland security.

This report presents the findings of a research effort to examine reported insider incidents within the Information Technology and Telecommunications (IT) sector. This effort is part of a larger research initiative, the Insider Threat Study (ITS), a collaborative endeavor of the United States Secret Service's National Threat Assessment Center (NTAC) and the CERT® Program (CERT) of Carnegie Mellon University's Software Engineering Institute. The study stems from concern about the ability of employees with intent to exploit known system vulnerabilities and the effect of their activities on organizations, particularly those within critical infrastructure sectors.