SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

Announcing the National Insider Threat Center

Posted on by in

The CERT® Division of the Software Engineering Institute (SEI) at Carnegie Mellon University is proud to announce the creation of the CERT National Insider Threat Center (NITC). The establishment of this center builds on our 16 years of work in the insider threat domain. The NITC allows the SEI to enhance its insider threat work across the Department of Defense, U.S. government, industry, and academia. The Center's expanded capabilities give security practitioners access to insider threat assistance across the domain's lifecycle: research, technical solutions, vulnerability assessments, program development and evaluation, training, tool testing, and assessment licensing.

NITC_1.jpg

National Scope

Using funding provided by the Defense Advanced Research Projects Agency (DARPA), supplemented by funding from the SEI, the NITC makes it possible for organizations to engage the CERT Division to develop customized research projects, use our vast assortment of research material, or participate in training and certificate programs, including learning (or licensing) how to perform insider threat assessments or program evaluations. The NITC can also help you build your own insider threat program, perform Insider Threat Vulnerability Assessments, or perform program evaluations as trusted, third-party experts.

Tool Testing

One new capability of the NITC is the creation of virtualized environments for testing insider threat tools or developing and testing potential risk indicators of insider threats. Organizations considering the acquisition of insider threat tools can evaluate them in a customized, virtualized simulation of a Department of Defense, U.S. Government, industry, or academic environment.

Larger Reach

The NITC will now be the primary coordinator of the Open Source Insider Threat (OSIT) Information Sharing Working Group, a consortium of professionals who build insider threat programs. The group has more than 250 members representing more than 130 organizations. Through the OSIT Working Group, the NITC expands its pool of experts who contribute to insider threat research, increases the Center's awareness of the challenges facing the community, and is better positioned to support that community with suitable recommendations.

Expanded Mission

As a federally funded research and development center (FFRDC), the SEI is entrusted by our sponsor to provide independent, objective research in software and cybersecurity, with a mission to transition that knowledge to operational environments.

The mission of the NITC is to

  • evaluate new insider threat detection tools for both private and public developers
  • provide a robust set of baseline data to insider threat software developers
  • provide baseline metrics for objectively evaluating insider threat detection products
  • establish a gold standard for insider threat program capabilities
  • provide education on using insider threat detection technology and systems
  • collect and analyze insider incidents using the CERT empirical incident coding process to identify tactics, techniques, and procedures used by insiders to harm organizations
  • provide affiliated insider threat services that help organizations build insider threat programs, such as designing architectures to identify and integrate information into a data analytic hub; developing, deploying, testing, and measuring the efficacy of insider threat controls; performing insider threat vulnerability assessments; evaluating insider threat program effectiveness; and providing customized insider threat research and development

The NITC will continue to conduct empirical research and analysis to develop and transition socio-technical solutions to combat insider cyber and kinetic threats. This research is based on the CERT Insider Threat Corpus of more than 1,300 insider threat incidents. We will continue to engage with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community to develop a research agenda that meets the needs of operational communities.

As we continue to build the capabilities of the NITC, we welcome your feedback on the development of our research agenda. For additional information, please visit

Insider Threat Center website:
https://www.cert.org/insider-threat/

Insider Threat training opportunities:
https://www.cert.org/training/

Insider Threat publications:
https://www.cert.org/insider-threat/publications/index.cfm

Please send questions, comments, or feedback to insider-threat-feedback@cert.org.

More from Randy Trzeciak

Posts


View other blog posts by Randy Trzeciak.

Other Publications

Visit the SEI Digital Library for other publications by Randy.