search menu icon-carat-right cmu-wordmark

The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures

Technical Report
In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2008-TR-009
DOI (Digital Object Identifier)
10.1184/R1/6584873.v1

Abstract

A study conducted by the U.S. Secret Service and the Carnegie Mellon University Software Engineering Institute CERT Program analyzed 150 insider cyber crimes across U.S. critical infrastructure sectors. Follow-up work by CERT involved detailed group modeling and analysis of 30 cases of insider IT sabotage out of the 150 total cases. Insider IT sabotage includes incidents in which the insider's primary goal is to sabotage some aspect of the organization or direct specific harm toward an individual. This paper describes seven general observations about insider IT sabotage based on our empirical data and study findings. We describe a system dynamics model of the insider IT sabotage problem that elaborates complex interactions in the domain and unintended con-sequences of organizational policies, practices, technology, and culture on insider behavior. We describe the structure of an education and awareness workshop on insider IT sabotage that incorporates the previously mentioned artifacts as well as an interactive instructional case.

Cite This Technical Report

Moore, A., Cappelli, D., & Trzeciak, R. (2008, May 1). The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures. (Technical Report CMU/SEI-2008-TR-009). Retrieved March 29, 2024, from https://doi.org/10.1184/R1/6584873.v1.

@techreport{moore_2008,
author={Moore, Andrew and Cappelli, Dawn and Trzeciak, Randall},
title={The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures},
month={May},
year={2008},
number={CMU/SEI-2008-TR-009},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6584873.v1},
note={Accessed: 2024-Mar-29}
}

Moore, Andrew, Dawn Cappelli, and Randall Trzeciak. "The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures." (CMU/SEI-2008-TR-009). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, May 1, 2008. https://doi.org/10.1184/R1/6584873.v1.

A. Moore, D. Cappelli, and R. Trzeciak, "The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2008-TR-009, 1-May-2008 [Online]. Available: https://doi.org/10.1184/R1/6584873.v1. [Accessed: 29-Mar-2024].

Moore, Andrew, Dawn Cappelli, and Randall Trzeciak. "The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures." (Technical Report CMU/SEI-2008-TR-009). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 May. 2008. https://doi.org/10.1184/R1/6584873.v1. Accessed 29 Mar. 2024.

Moore, Andrew; Cappelli, Dawn; & Trzeciak, Randall. The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures. CMU/SEI-2008-TR-009. Software Engineering Institute. 2008. https://doi.org/10.1184/R1/6584873.v1