Document Actions
Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector
Title: Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector
Date: January 2008
Author: Eileen Kowalski, Dawn Cappelli, and Andrew Moore
Institution: Carnegie Mellon Software Engineering Institute
Bibliographic Entry: Cappelli, Dawn, Eileen Kowalski and Andrew Moore. “Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector.” Carnegie Mellon Software Engineering Institute. January 2008. http://www.ustreas.gov/usss/ntac/final_it_sector_2008_0109.pdf (accessed February 27, 2008).
Electronic Link: http://www.ustreas.gov/usss/ntac/final_it_sector_2008_0109.pdf
Key Words: critical infrastructure, illicit cyber activity, cyber security, insider activity
Summary of Key Points, Issues, Conclusions:
This report described the insider threat to critical infrastructure in illicit cyber activity in the information technology and telecommunications sector. Starting with examples of actual illicit insider cyber activity, the report discusses the findings of insiders, target organizations, attacks and consequences of the attacks. The purpose of this report was to identify any pre-incident communications or behaviors exhibited by employees, identify vulnerabilities exploited by employees and to examine the insider activity in relation to critical infrastructure sectors.
Insider activity within critical infrastructure covers two main areas. The first is by those investigated by Secret Service include the banking, finance, IT and government sectors. Also, until this study, no comprehensive examination of insider activity within or across sectors has been conducted, even though it is now considered a national priority.
Topic areas covered include: components of the incident, detection of the incident and identification of the insider, pre-incident planning and communication, nature of harm to the organization, law enforcement and organizational response, characteristics of the insider and the organization, insider background and history, and insider technical expertise and interests.
Name of Researcher: Julie Curry
Institution: Integrative Center for Homeland Security, Texas A&M University
Date Posted: March 28, 2008