Skip to content. Skip to navigation
Personal tools
Texas A&M University
 
Home TEX: Taxonomy for Education and eXploration Threat Vulnerability: Critical Infrastructure Critical Infrastructure Cyber/Computer Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector
Document Actions

Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector

Title:  Insider Threat Study:  Illicit Cyber Activity in the Information Technology and Telecommunications Sector

Date: January 2008

Author: Eileen Kowalski, Dawn Cappelli, and Andrew Moore

Institution: Carnegie Mellon Software Engineering Institute

Bibliographic Entry: Cappelli, Dawn, Eileen Kowalski and Andrew Moore. “Insider Threat Study:  Illicit Cyber Activity in the Information Technology and Telecommunications Sector.”  Carnegie Mellon Software Engineering Institute. January 2008. http://www.ustreas.gov/usss/ntac/final_it_sector_2008_0109.pdf (accessed February 27, 2008).

Electronic Link:  http://www.ustreas.gov/usss/ntac/final_it_sector_2008_0109.pdf
   
Key Words: critical infrastructure, illicit cyber activity, cyber security, insider activity

Summary of Key Points, Issues, Conclusions:      
This report described the insider threat to critical infrastructure in illicit cyber activity in the information technology and telecommunications sector.  Starting with examples of actual illicit insider cyber activity, the report discusses the findings of insiders, target organizations, attacks and consequences of the attacks.  The purpose of this report was to identify any pre-incident communications or behaviors exhibited by employees, identify vulnerabilities exploited by employees and to examine the insider activity in relation to critical infrastructure sectors.

Insider activity within critical infrastructure covers two main areas.  The first is by those investigated by Secret Service include the banking, finance, IT and government sectors.  Also, until this study, no comprehensive examination of insider activity within or across sectors has been conducted, even though it is now considered a national priority. 

Topic areas covered include: components of the incident, detection of the incident and identification of the insider, pre-incident planning and communication, nature of harm to the organization, law enforcement and organizational response, characteristics of the insider and the organization, insider background and history, and insider technical expertise and interests.

Name of Researcher: Julie Curry

Institution: Integrative Center for Homeland Security, Texas A&M University

Date Posted:  March 28, 2008