Lead Insider Threat Researcher, National Insider Threat Center
Andrew Moore is the lead researcher in the CERT Insider Threat Center. Andy works with teams across the SEI applying modeling and simulation techniques to cyber security, and system and software engineering problems. He has over 30 years of experience developing and applying mission-critical system analysis methods and tools, leading to the transfer of critical technology to both industry and the government.
Before joining the SEI in 2000, he worked for the U.S. Naval Research Laboratory (NRL) developing, analyzing, and applying high-assurance system development methods for the Navy. Andy has served as principal investigator on numerous projects sponsored by ODNI, OSD, NSA, DARPA, and CMU's CyLab. Andy has published a book, two book chapters, a special journal issue on insider threat modeling and simulation, and a wide variety of technical journal and conference papers. Recently, Andy won the SEI's AJ Award for Leading and Advancing. In addition, a book he co-authored - The CERT Guide to Insider Threats -was inducted into the Cybersecurity Cannon - "a list of must-read books for all cybersecurity practitioners." Andy's research interests include socio-technical system simulation modelling and analysis, cybersecurity, insider threat, software acquisition and sustainment, IT controls analysis, survivable systems engineering, and system risk analysis.
Modeling the Influence of Positive Incentives on Insider Threat Risk Reduction, Proceedings of the International Conference of the System Dynamics Society, System Dynamics Society, Jul 15, 2017
Common Sense Guide to Mitigating Insider Threats, Fifth Edition, Software Engineering Institute, Carnegie Mellon, Dec 30, 2016.
The Critical Role of Positive Incentives for Reducing Insider Threats, Software Engineering Instititute, Carnegie Mellon, Dec 30, 2016.
Effective Insider Threat Programs: Understanding and Avoiding Potential Pitfalls, Software Engineering Institute, Carnegie Mellon, Oct 30, 2015.
Introduction to the Special Issue on Insider Threat Modeling and Simulation, Computational and Mathematical Organization Theory, Sep 30, 2015.
Social Network Dynamics of Insider Threats: A Preliminary Model, Proceedings of the International Conference of the System Dynamics Society, System Dynamics Society, Jul 20, 2015.
A Dynamic Model of Sustainment Investment, Software Engineering Institute, Carnegie Mellon, Feb 27, 2015.
Dynamics of Software Sustainment, Software Engineering Institute, Carnegie Mellon, Jul 31, 2014.
Acquisition Archetypes: The Hidden Laws of Software-Intensive Development Programs, CrossTalk - The Journal of Defense Software Engineering, May 30, 2014.
Data-Driven Software Assurance: A Research Study, Software Engineering Institute, Carnegie Mellon, May 30, 2014.
Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits, Security and Privacy Workshop, IEEE, May 30, 2014.
The Decline and Fall of Joint Acquisition Programs, Proceedings of the Eleventh Annual Acquisition Research Symposium, Naval Postgraduate School, Apr 30, 2014.
Modeling Sustainment Dynamics, 12th Annual Conference on Systems Engineering Research, Mar 31, 2014.
Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies, Proceedings of the 2014 47th Hawaii International Conference on System Sciences, Jan 31, 2014.
Four Insider IT Sabotage Patterns and an Initial Effectiveness Analysis, Workshop on Pattern Languages of Programs, Oct 31, 2013.
Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector, Software Engineering Institute, Carnegie Mellon, Jul 31, 2013.
Modeling the Evolution of a Science Project in Software-Reliant System Acquisition Programs, Proceedings of the International Conference of the System Dynamics Society, System Dynamics Society, Jul 22, 2013.
A System Dynamics Model for Investigating Early Detection of Insider Risk, Proceedings of the International Conference of the System Dynamics Society, System Dynamics Society, Jul 22, 2013.
The Joint Program Dilemma: Analyzing the Pervasive Role that Social Dilemmas Play in Undermining Software Acquisition, Proceedings of the Naval Postgraduate School Acquisition Research Symposium, Naval Postgraduate School, May 31, 2013.
Analyzing Cases of Resilience Success and Failure: A Research Study, Software Engineering Institute, Carnegie Mellon, Dec 31, 2012.
Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders, Proceedings of the Workshop on Pattern Languages of Programs, Oct 31, 2012.
Novak, W.E., A.P. Moore, C. Alberts, 2012. " The Evolution of a Science Project: A Preliminary System Dynamics Model of a Recurring Software-Reliant Acquisition Behavior," SEI Technical Report CMU/SEI-2012-TR-001, July 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tr001.cfm
D.M. Cappelli, Moore, A.P., R.F. Trzeciak, The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud), Addison-Wesley, 2012.
Moore, A.P., Hanley, M., and Mundie, D. 2012. “A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders,” in Proc. 18th Conference on Pattern Languages of Programs (PLoP). PLoP'11, October 21-23 2011, ACM Press ACM 978-1-4503-1283-7, 2012. http://www.hillside.net/plop/2011/papers/D-6-Moore.pdf
Mundie, D. and A.P. Moore. 2012. “A Pattern for Trust Trap Mitigation,” in Proc. 18th Conference on Pattern Languages of Programs (PLoP). PLoP'11, October 21-23 2011, ACM Press ACM 978-1-4503-1283-7, 2012. http://www.hillside.net/plop/2011/papers/D-23-Mundie.doc
Moore, A. P., Cappelli, D. M., Caron, T.C., Shaw, E., Spooner, D. & Trzeciak, R. F. (2011). “A Preliminary Model of Insider Theft of Intellectual Property,” Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications, Special Issue Addressing Insider Threats and Information Leakage, 2011. http://www.isyou.info/jowua/papers/jowua-v2n1-2.pdf
Merrell, S., Moore, A. P., Stevens, J., “Goal-Based Assessment for the Cybersecurtiy of Critical Infrastructure,” in Proc. of the 2010 IEEE International Conference on Technologies for Homeland Security, Waltham, MA, 8-10 November 2010.
Brownsword, L., Woody, C., Alberts, C.J. , Moore, A.P., A Framework for Modeling the Software Assurance Ecosystem: Insights from the Software Assurance Landscape Project, Software Engineering Institute Technical Report CMU/SEI-2010-TR-028, Carnegie Mellon University, August 2010. http://www.sei.cmu.edu/reports/10tr028.pdf
Weiland, R.M., Moore, A.P., Cappelli, D.M., Trzeciak, R.F. Spooner, D., “Spotlight On: Insider Threat from Trusted Business Partners”, Joint CyLab (CMU) and CERT (SEI), February 2010. http://www.cert.org/archive/pdf/TrustedBusinessPartners0210.pdf
Moore, A.P., D.M. Cappelli, T. Caron, E. Shaw, R.F. Trzeciak, “Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model,” in Proc. Of the 1st International Workshop on Managing Insider Security Threats (MIST2009), Purdue University, West Lafayette, USA, June 16, 2009. http://www.cert.org/insider_threat/docs/Insider_Theft_of_IP_Model_MIST09.pdf
Brownsword, L., C. Woody, C.J. Alberts, A.P. Moore, The Landscape of Software Assurance—Participating Organizations and Technologies, AIAA Infotech@Aerospace Conference, Seattle, Washington, 6 - 9 April 2009. http://pdf.aiaa.org/preview/CDReadyMIA09_2070/PV2009_1919.pdf
Moore, A.P., D.M. Cappelli, R.F. Trzeciak, “The ‘Big Picture’ of Insider IT Sabotage Across U.S. Critical Infrastructures,” in Insider Attack and Cyber Security: Beyond the Hacker, eds. Stolfo, S.J., et. al., Springer Science + Business Media, LLC, 2008. Also published in SEI Technical Report - CMU/SEI-2008-TR-009. htp://www.cert.org/archive/pdf/08tr009.pdf
Hanley, M., Moore, A.P., D.M. Cappelli, R.F. Trzeciak, “Spotlight On: Malicious Insiders with Ties to the Internet Underground Community”, Joint CyLab (CMU) and CERT (SEI), March 2009. http://www.cert.org/archive/pdf/CyLab%20Insider%20Threat%20Quarterly%20on%20Internet%20Underground%20-%20March%202009P.pdf
Siviy, J., A.P. Moore, C.J. Alberts, A., C. Woody, J. Allen, “Value Mapping and Modeling SoS Assurance Technologies and Assurance Supply Chain,” Proc. of the 3rd Annual International IEEE Systems Conference, Vancouver, Canada, 23-26 March 2009, pg 236-240. (won Best Paper Award)
Cappelli, D.M., T. Caron, R.F. Trzeciak, Moore, A.P., “Spotlight On: Programming Techniques Used as an Insider Attack Tool”, Joint CyLab (CMU) and CERT (SEI), December 2008. http://www.cert.org/archive/pdf/insiderthreat_programmers_1208.pdf
Cappelli, D.M., Moore, A.P., Trzeciak, R.F. and Shimeall, T.J., “Common Sense Guide to Prevention and Detection of Insider Threats,” Joint CyLab (CMU) and CERT (SEI), 3rd Edition, September 2008 (updated from July 2006 and April 2005). http://www.cert.org/archive/pdf/CSG-V3.pdf
Kowalski, E.F., M.M. Keeney, D.M. Cappelli, A.P. Moore, “Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector” Joint SEI and U.S. Secret Service Report, January 2008. http://www.cert.org/archive/pdf/insiderthreat_it2008.pdf
Kowalski, E.F., T. Conway, S. Keverline, M. Williams, D. McCauley, D.M. Cappelli, B.W. Willke, A.P. Moore, “Insider Threat Study: Illicit Cyber Activity in the Government Sector,” Joint SEI and U.S. Secret Service Report, January 2008. http://www.cert.org/archive/pdf/insiderthreat_gov2008.pdf
Greitzer, F.L., Moore, A.P., Cappelli, D.M., Andrews, D.H., Carroll, L.A., and Hull, T.D., “Combating the Insider Cyber Threat,” IEEE Security and Privacy, Vol. 6, No. 1, January/February 2008.
Cappelli, D.M., Desai, A.G., Moore, A.P., Trzeciak, R.F. “Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks,” Software Engineering Institute Technical Note CMU/SEI-2006-TN-041, March 2007. http://www.sei.cmu.edu/reports/06tn041.pdf
Moore, A.P., Cappelli, D.M., Joseph, H., Trzeciak, R.F. “An Experience Using System Dynamics to Facilitate an Insider Threat Workshop”. In Proceedings 24th International Conference of the System Dynamics Society, July 2007. http://www.cert.org/archive/pdf/ISDC2007.pdf
Band, S.R.; Cappelli, D. M.; Fischer, L.F.; Moore, A. P.; Shaw, E.D.; & Trzeciak, R.F 2006. “Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis” Software Engineering Institute Technical Report CMU/SEI-2006-TR-026, Carnegie Mellon University, December 2006. http://www.cert.org/archive/pdf/06tr026.pdf.
Moore, A.P. and Antao, R.S. “Improving Management of Information Technology: System Dynamics Analysis of IT Controls in Context,” in Proc. 24th International System Dynamics Conference, July 2006.
Moore, A.P., Antao, R.S. “Modeling and Analysis of Information Technology Change and Access Controls in the Business Context,” SEI Technical Note CMU/SEI-2006-TN-040, March 2007, http://www.sei.cmu.edu/publications/documents/06.reports/06tn040.html)
Cappelli, D.M., Desai, A.G., Moore, A.P., Shimeall, T.J., Weaver, E.A., and Willke, B.J. “Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage,” in Proceedings 24th International Conference of the System Dynamics Society, July 2006.
E. Rich, I.J. Martinez-Moyano, S. Conrad, D.M. Cappelli, A.P. Moore, T.J. Shimeall, D.F. Andersen, J.J. Gonzalez, R.J. Ellison, H.F. Lipson, D.A. Mundie, J.M. Sarriegui, A. Sawicka, T.R. Stewart, J.M. Torres, E.A. Weaver, J. Wiik, “Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model,” in Proceedings of the 23rd International Conference of the System Dynamics Society, July 2005. http://www.cert.org/insider_threat/docs/insider_threatISDC2005.pdf
Keeney, M.M., Kowalski, E.F., Cappelli, D.M., Moore, A.P., Shimeall, T.J., and Rogers, S.N. “Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors,” Joint SEI and U.S. Secret Service Report, May 2005. http://www.cert.org/archive/pdf/insidercross051105.pdf
Moore, A.P., and Cappelli, D.M. 2005. Analyzing Organizational Cyber Threat Dynamics. in Proceedings of the Workshop on System Dynamics of Physical and Social Systems for National Security, 21-22 April 2005.
Randazzo, M.R., Keeney, M.M., Kowalski, E.F., Cappelli, D.M., Moore, A.P. (2004, August) “Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector,”Joint SEI and U.S. Secret Service Report. http://www.secretservice.gov/ntac/its_report_040820.pdf
Anderson, D.F., Cappelli, D.M., Gonzalez, J.J., Mojtahedzadeh, M., Moore, A.P., Rich, E., Sarriegui, J.M., Shimeall, T.J., Stanton, J.M., Weaver, E., Zagonel, A. (2004, July) “Preliminary System Dynamics Maps of the Insider Cyber-Threat Problem,” in Proceedings of the 22nd International Conference of the System Dynamics Society.
Ellison, R., Moore, A.P., Bass, L., Klein, M., Bachmann, F. (2004 September) “Security and Survivability Architectural Reasoning Frameworks and Design Tactics,” SEI Technical Report CMU/SEI-2004-TN-022. http://www.sei.cmu.edu/publications/documents/04.reports/04tn022.html
Ellison, R.J., Moore, A.P. (2003, April) “Trustworthy Refinement through Intrusion-Aware Design: An Overview,” in Proc. Of the Third Annual High Confidence Software and Systems Conference, Baltimore, MD. - also published as SEI Technical Report CMU/SEI-2003-TR-002 (available at http://www.sei.cmu.edu/reports/03tr002.pdf)
Moore, A.P., Ellison R.J. (2003, November). “TRIAD: A Framework for Survivability Architecting,” in Proceedings of the Workshop on Survivable and Self-Regenerative Systems, 10th ACM Conference on Computer and Communications Security, Washington D.C.
R.J. Ellison, Linger, R.C., Lipson, H.F., Mead, N.R., Moore, A.P. (2002, July) “Foundations for Survivable Systems Engineering,” CrossTalk, Volume 15, Number 7, pg. 10-15. (available at http://www.cert.org/archive/html/SSE_foundations.pdf)
Moore, A.P., Ellison, R.J., Linger, R.C. (2001, June) “Attack Modeling for Survivable Systems Analysis,” Information/Systems Survivability Workshop, Dependable Systems and Networks Conference, Gothenburg, Sweden.
Moore, A.P. (2001, March). “Security Requirements Engineering through Intrusion-Aware Design,” Symposium on Requirements Engineering for Information Security, CERIAS, Purdue University. (available at http://www.cert.org/archive/pdf/req_position.pdf)
Moore, A.P., Mihelcic D.M., Klinker J.E. (1999, September) “How to Construct Formal Arguments that Persuade Certifiers," chapter in Industrial Strength Formal Methods in Practice, eds. M. Hinchey and J. Bowen, Springer Verlag London Limited, pg. 285-314.
Kang, M.H., Moore, A.P., Moskowitz, I.S. (1998, April) "Design and Assurance Strategy for the NRL Pump,” IEEE Computer, Volume 31, Number 4, pg. 56-64, April 1998.
Froscher, J., Goldschlag D.M., Kang, M.H., Landwehr C.E., Moore, A.P., Moskowitz, I.S., Payne, C.N. (1995, December) "Improving Inter-Enclave Information Flow for a Secure Strike Planning Application,” in Proc. Computer Security Applications Conf., New Orleans, LA, pg. 89-98. (won Outstanding Paper Award)
Moore, A.P. (1990, September) "The Specification and Verified Decomposition of System Requirements Using CSP,” IEEE Transactions on Software Engineering, Vol. 16, No. 9, pg. 932-948.
McHugh, J., Moore, A.P. (1986, April) "A Security Policy and Formal Top Level Specification for a Multi-Level Secure Local Area Network,” Proc. IEEE Symposium on Security and Privacy, pg. 34-39.
National Insider Threat Center, Enterprise Threat and Vulnerability Management, CERT Division, Software Engineering Institute (2004 - Present)
Acquisition Modeling Team, Software Solutions Division, Software Engineering Institute (2011 - Present)
Sustainment Modeling Team, Software Solutions Division, Software Engineering Institute(2014 - Present)
Senior Member of the Technical Staff: Survivable Systems Engineering, CERT Coordination Center, Software Engineering Institute, Pittsburgh, PA (2000 – 2004)
Computer Scientist: Computer Security Section, Center for High Assurance Computer Systems, Naval Research Laboratory, Washington, D.C. (1987–2000)
Computer Scientist: Software Architectures and Engineering, Arlington, VA (1986–1987)