Revenge of the nerds

Study looks at insider attacks on networks and how to stop them

Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors

Related Links

Hell hath no fury like a computer geek scorned. So warn the U.S. Secret Service and the U.S. Computer Emergency Readiness Team (CERT) in their Insider Threat Study, released this month.

Current or former employees or contractors with administrator-level access and a grudge can wreak havoc on companies' networks, the study found.

"The power of system administrators should not be underestimated: Almost all of the insiders in this study were granted system administrator or privileged access when they were hired," the report states. "Because of their elevated access level, they have the ability to cause catastrophic system failure or gradually compromise system or data confidentiality, integrity or availability over time."

The report aims to enhance agencies' and companies' ability to identify would-be assailants before they attack. It also discusses ways to enable network administrators to defend their databases and other programs when attacks occur.

The study looked at 49 insider attacks in critical infrastructure sectors from 1995 to 2002. The report states that 59 percent of attackers were former employees or contractors, and that 86 percent of them had been fired or resigned from their positions.

A negative event at work, such as a firing, demotion or dispute with a co-worker, instigated 92 percent of the attacks, the study found. Revenge was a primary motive in more than four out of five incidents.

A telling statistic from the report is that 61 percent of the attacks did not use high-tech means but instead exploited existing vulnerabilities in the systems or physical attacks, said Matt Doherty, special agent in charge of the Secret Service's National Threat Assessment Center. "It doesn't take a lot of tech savvy to do a lot of damage to a system," he said.

Organizations need a comprehensive security framework, including policies, procedures, hardware and software, to prevent attacks and analyze their aftermath when they occur, the report states.

The authors recommend that managers know when employees have negative incidents. They also advise managers to set up grievance procedures and other policies that foster constructive conversations with employees and help defuse potential attacks.

They also recommend offering security awareness training that teaches employees to recognize malicious insiders by their behavior. The authors conclude that organizations should:

  • Keep records of problem behavior and develop formal procedures to respond.
  • Create procedural and technical safeguards to prevent systems administrators from abusing their power.
  • Develop and follow formal policies and procedures to ensure that employees no longer have computer access after they resign or are fired.
  • Barring computer access to angry departees is easier said than done, said Dawn Cappelli, one of CERT's principal contributors to the study. Organizations must be vigilant at all times, not just when a problem employee leaves, she said.

    The Fed 100

    Save the date for 28th annual Federal 100 Awards Gala.


    • computer network

      How Einstein changes the way government does business

      The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

    • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

      Mattis mulls consolidation in IT, cyber

      In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

    • Image from

      DHS vague on rules for election aid, say states

      State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

    • Org Chart Stock Art - Shutterstock

      How the hiring freeze targets millennials

      The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

    • Shutterstock image: healthcare digital interface.

      VA moves ahead with homegrown scheduling IT

      The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

    • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

      MGT Act poised for a comeback

      After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group