Bringing Science to Insider Threat Mitigation
For nearly two decades, the SEI's CERT Division has focused on gathering and analyzing data about actual malicious insider acts—including espionage, IT sabotage, fraud, and theft of confidential information—and potential threats to U.S. critical infrastructures.
In 2001, the DoD Personnel Security Research Center (PERSEC) sponsored the first CERT Division research into the malicious actions of insiders. A few years later, the Department of Homeland Security (DHS) added its sponsorship to build a database of information on more than 150 actual insider threat cases. The database now contains more than 1,000 cases, which CERT researchers analyze from technical and behavioral perspectives.
Carnegie Mellon University's CyLab published the first edition of the Common Sense Guide for mitigating insider threats in 2005, based on CERT Division research. CyLab establishes public/private partnerships to develop new technologies for measurable, secure, available, trustworthy, and sustainable computing and communications systems. Subsequent editions of the Common Sense Guide to Mitigating Insider Threats were released in 2006, 2009, 2012, and 2016.
Applying analytical methods to its insider threat cases, the CERT Division produced additional guidance and tools for government programs to detect, mitigate, and prevent insider threats that include
- interactive training simulation and workshops (beginning in 2007)
- the Insider Threat Vulnerability Assessment (beginning in 2009)
- The CERT Guide to Insider Threats (Theft, Sabotage, and Fraud) (first published in 2012)
- transition of linguistic analysis tools to DoD/IC customers (2015)
- certificate programs to build skills in preventing and handling insider threats (2015)