CERT Symposium to Explore Insider Risk Management
• Article
September 1, 2020—The Software Engineering Institute’s (SEI) CERT National Insider Threat Center (NITC) will hold its seventh annual symposium over two virtual sessions on September 10 and 24. This year’s event for members of the Department of Defense, U.S. and international governments, and public-sector insider threat programs will focus on proactive approaches to reducing the impact and likelihood of insider incidents within organizations.
The NITC, part of the SEI’s CERT Division, defines insider threat as "the potential for an individual who has or had authorized access to an organization's assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization." Insiders can be current or former employees, trusted business partners, contractors, suppliers, or anyone to whom an organization grants access to its critical assets. The effects of realized insider threats can spread beyond individual organizations to endanger national security and people’s safety.
The SEI is holding the NITC Symposium 2020 in support of National Insider Threat Awareness Month this September. For the second year running, the National Counterintelligence and Security Center, National Insider Threat Task Force (NITTF), Office of the Undersecretary of Defense for Intelligence and Security, Department of Homeland Security (DHS), and Defense Counterintelligence and Security Agency (DCSA) are partnering with insider threat community stakeholders to emphasize the importance of safeguarding the nation from insider threats.
The theme of this year’s Awareness Month is resilience. “Insiders pose unique security and resilience challenges because of their authorized access to organizations' critical assets,” said Dan Costa, deputy director of the NITC and the CERT Division’s technical manager of Enterprise Threat and Vulnerability Management. “Insider threat actors have certain behaviors that are observable before a harmful act occurs, such as signs of disgruntlement, financial stress, or an interest in benefiting another organization at the expense of your employer. These activities require different detection and response strategies than threats from external attackers.” Costa will further promote insider threat awareness with a blog post in September.
The CERT Division has a history of developing resources, such as the CERT Resilience Management Model (CERT-RMM), to help organizations assess and improve their resilience to disruption, including from insider incidents.
The DCSA’s Center for Development of Security Excellence kicks off National Insider Threat Awareness Month with the Insider Threat Virtual Security Conference on September 3. The SEI will then hold the NITC Symposium 2020 virtually over two days. Symposium attendees will learn about the latest challenges and best practices in insider risk management from the SEI’s researchers and insider threat program practitioners in both government and industry.
The September 10 session of the symposium will feature a keynote presentation from Costa on moving from mitigating insider threats to managing insider risk. A panel on managing insider risk during a pandemic will include CERT NITC researchers and industry insider threat practitioners. The September 24 session will continue the conversation with a panel of government experts on risk and resilience management in the counter-insider-threat mission. Rockwell Automation’s Dawn Cappelli, formerly of the SEI, will deliver the day’s keynote presentation on strategies for maturing an insider risk program.
Since 2001, the SEI's CERT Division has been helping government, industry, and academic entities identify and mitigate insider threats. The CERT Division's recent research includes risk-based insider threat program scoping and applying text analytics, artificial intelligence, and machine learning to insider risk management.
The CERT NITC bases much of its research on an ever-expanding database of more than 3,000 actual insider threat cases. In 2012, the SEI used some of this empirical data to inform the definitive book The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). The SEI's Common Sense Guide to Mitigating Insider Threats, currently in its sixth edition, draws on the insider threat database to provide best practices in this continually changing field.
The CERT NITC’s research on insider threat continues beyond September. “This year, we're focused on helping organizations mature from mitigating insider threats to managing insider risk,” said Costa. “From a research perspective, this involves finding the most effective ways to quantify the impact and likelihood of insider threats using the best available information and analysis techniques.”
To keep up with the SEI’s insider threat work, register for the NITC Symposium 2020, subscribe to the Insider Threat blog, and explore the CERT NITC’s publications by browsing the topic “Insider Threat” in our digital library. For more information on the SEI’s insider threat research, email insider-threat-feedback@cert.org.