Insider Threat Study: Illicit Cyber Activity in the Government Sector
Securing American critical infrastructures is a national priority. In The National Strategy to Secure Cyberspace, the President's Critical Infrastructure Protection Board emphasizes the importance of securing the Nation's critical infrastructures and improving national cyber security. As most of America's critical infrastructure is privately held, a key component of the strategy is strengthening public-private partnerships. Similarly, the U. S. Department of Homeland Security is engaged in initiatives to enhance protection for critical infrastructure and networks by promoting working relationships between the government and private industry. One of these initiatives specifically promotes awareness of the insider threat issue to organizations.
The insider threat is a problem faced by all industries and sectors today. The consequences of insider incidents can range from a few lost staff hours to negative publicity and financial damage so extensive that a business may be forced to lay off employees or even close its doors. Furthermore, insider incidents can have repercussions extending beyond the affected organizations to include disruption of operations or services within critical sectors, or the issuance of fraudulent identities that create potential risks to the public and homeland security.
This report presents the findings of a research effort to examine reported insider incidents within the government sector. The report specifically focuses on employees who have perpetrated acts of financial fraud, document fraud, theft of intellectual property, and sabotage via computer against federal, state, and local government agencies. This effort is part of a larger research initiative, the Insider Threat Study, a collaborative endeavor of the United States Secret Service (Secret Service) National Threat Assessment Center (NTAC) and the CERT® Program of Carnegie Mellon University's Software Engineering Institute (CERT). The study stems from concern about the ability of employees with intent to exploit known system vulnerabilities and the effect of their activities on organizations, particularly those within critical infrastructure sectors.