Software Engineering Institute

September 3, 2019—In the coming weeks, the SEI's CERT National Insider Threat Center (NITC) will release new information on its research to coincide with National Insider Threat Awareness Month, including a live webinar September 19 at 1 p.m. EDT titled Insider Threats: Your Questions. Our Answers. The CERT NITC will also release new blog posts and a Cyber Minute video on insider threat mitigation. A number of federal agencies, including the FBI, Office of the Undersecretary of Defense (Intelligence), and Department of Homeland Security, have chosen September to spotlight the risks insiders pose to national security.

The CERT NITC defines insider threat as "the potential for an individual who has or had authorized access to an organization's assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization." Insiders can be current or former employees, trusted business partners, contractors, suppliers, or anyone to whom an organization grants access to its critical assets. The effects of realized insider threats can spread beyond individual organizations to endanger national security and people’s safety.

"The challenge with insider threat mitigation is identifying the small number of individuals who pose an actual threat to critical assets," said Randy Trzeciak, director of the CERT NITC. "Then you have to implement a trust-but-verify model on those assets, while not alienating the entire workforce by building a security program that is perceived to distrust everyone."

Since 2001, the SEI's CERT Division has been helping government, industry, and academic entities identify and mitigate insider threats. The CERT Division’s research spans multiple domains, from the technical, including an exploration of tool sets for insider threat programs, to the behavioral and organizational, including a study on positive incentives in the workplace.

The SEI's insider threat experts have released more than 100 publications and videos, held webinars, hosted an annual symposium, helped organizations develop insider threat programs, and developed insider threat courses and workshops. The SEI also provides certificates in insider threat program evaluation, program management, and vulnerability assessment.

The CERT NITC bases much of its research on an ever-expanding database of nearly 3,000 actual insider threat cases. In 2012, the SEI used some of this empirical data to inform the definitive book The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). The SEI's Common Sense Guide to Mitigating Insider Threats, currently in its sixth edition, draws on the insider threat database to provide best practices in this continually changing field.

This month, the federal government is shining a spotlight on insider threats: their risks and indicators, mitigation techniques, and the importance of reporting potential threats while protecting privacy and civil liberties. "During the month of September," said Trzeciak, "we at the CERT NITC will work alongside the sponsoring organizations to raise awareness of the need to incorporate insider threat mitigation into existing security programs. We’ll provide actionable guidance for building, implementing, operating, and measuring program effectiveness. And we’ll highlight the great work that has been done across the DoD, U.S. government, law enforcement, industry, and academia in this domain."

To keep up with the CERT NITC's releases this month, register for the September 19 webinar at https://www.eventbrite.com/e/insider-threats-your-questions-our-answers-sei-webcast-registration-71362470069, subscribe to the Insider Threat Blog at https://insights.sei.cmu.edu/insider-threat/, subscribe to the SEI's YouTube channel at https://www.youtube.com/user/TheSEICMU/, and subscribe to the SEI Bulletin newsletter at https://www.sei.cmu.edu/subscribe-to-sei-bulletin/index.cfm. You can also email insider-threat-feedback@cert.org.