Revenge of the nerds

Study looks at insider attacks on networks and how to stop them

Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors

Related Links

Hell hath no fury like a computer geek scorned. So warn the U.S. Secret Service and the U.S. Computer Emergency Readiness Team (CERT) in their Insider Threat Study, released this month.

Current or former employees or contractors with administrator-level access and a grudge can wreak havoc on companies' networks, the study found.

"The power of system administrators should not be underestimated: Almost all of the insiders in this study were granted system administrator or privileged access when they were hired," the report states. "Because of their elevated access level, they have the ability to cause catastrophic system failure or gradually compromise system or data confidentiality, integrity or availability over time."

The report aims to enhance agencies' and companies' ability to identify would-be assailants before they attack. It also discusses ways to enable network administrators to defend their databases and other programs when attacks occur.

The study looked at 49 insider attacks in critical infrastructure sectors from 1995 to 2002. The report states that 59 percent of attackers were former employees or contractors, and that 86 percent of them had been fired or resigned from their positions.

A negative event at work, such as a firing, demotion or dispute with a co-worker, instigated 92 percent of the attacks, the study found. Revenge was a primary motive in more than four out of five incidents.

A telling statistic from the report is that 61 percent of the attacks did not use high-tech means but instead exploited existing vulnerabilities in the systems or physical attacks, said Matt Doherty, special agent in charge of the Secret Service's National Threat Assessment Center. "It doesn't take a lot of tech savvy to do a lot of damage to a system," he said.

Organizations need a comprehensive security framework, including policies, procedures, hardware and software, to prevent attacks and analyze their aftermath when they occur, the report states.

The authors recommend that managers know when employees have negative incidents. They also advise managers to set up grievance procedures and other policies that foster constructive conversations with employees and help defuse potential attacks.

They also recommend offering security awareness training that teaches employees to recognize malicious insiders by their behavior. The authors conclude that organizations should:

  • Keep records of problem behavior and develop formal procedures to respond.
  • Create procedural and technical safeguards to prevent systems administrators from abusing their power.
  • Develop and follow formal policies and procedures to ensure that employees no longer have computer access after they resign or are fired.
  • Barring computer access to angry departees is easier said than done, said Dawn Cappelli, one of CERT's principal contributors to the study. Organizations must be vigilant at all times, not just when a problem employee leaves, she said.

    FCW in Print

    In the latest issue: Looking back on three decades of big stories in federal IT.


    • Anne Rung -- Commerce Department Photo

      Exit interview with Anne Rung

      The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

    • Charles Phalen

      Administration appoints first head of NBIB

      The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

    • Sen. James Lankford (R-Okla.)

      Senator: Rigid hiring process pushes millennials from federal work

      Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

    • FCW @ 30 GPS

      FCW @ 30

      Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

    • Shutterstock image.

      A 'minibus' appropriations package could be in the cards

      A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

    • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

      DOD launches new tech hub in Austin

      The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group