Revenge of the nerds

Study looks at insider attacks on networks and how to stop them

Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors

Related Links

Hell hath no fury like a computer geek scorned. So warn the U.S. Secret Service and the U.S. Computer Emergency Readiness Team (CERT) in their Insider Threat Study, released this month.

Current or former employees or contractors with administrator-level access and a grudge can wreak havoc on companies' networks, the study found.

"The power of system administrators should not be underestimated: Almost all of the insiders in this study were granted system administrator or privileged access when they were hired," the report states. "Because of their elevated access level, they have the ability to cause catastrophic system failure or gradually compromise system or data confidentiality, integrity or availability over time."

The report aims to enhance agencies' and companies' ability to identify would-be assailants before they attack. It also discusses ways to enable network administrators to defend their databases and other programs when attacks occur.

The study looked at 49 insider attacks in critical infrastructure sectors from 1995 to 2002. The report states that 59 percent of attackers were former employees or contractors, and that 86 percent of them had been fired or resigned from their positions.

A negative event at work, such as a firing, demotion or dispute with a co-worker, instigated 92 percent of the attacks, the study found. Revenge was a primary motive in more than four out of five incidents.

A telling statistic from the report is that 61 percent of the attacks did not use high-tech means but instead exploited existing vulnerabilities in the systems or physical attacks, said Matt Doherty, special agent in charge of the Secret Service's National Threat Assessment Center. "It doesn't take a lot of tech savvy to do a lot of damage to a system," he said.

Organizations need a comprehensive security framework, including policies, procedures, hardware and software, to prevent attacks and analyze their aftermath when they occur, the report states.

The authors recommend that managers know when employees have negative incidents. They also advise managers to set up grievance procedures and other policies that foster constructive conversations with employees and help defuse potential attacks.

They also recommend offering security awareness training that teaches employees to recognize malicious insiders by their behavior. The authors conclude that organizations should:

  • Keep records of problem behavior and develop formal procedures to respond.
  • Create procedural and technical safeguards to prevent systems administrators from abusing their power.
  • Develop and follow formal policies and procedures to ensure that employees no longer have computer access after they resign or are fired.
  • Barring computer access to angry departees is easier said than done, said Dawn Cappelli, one of CERT's principal contributors to the study. Organizations must be vigilant at all times, not just when a problem employee leaves, she said.


    • Telecommunications
      Stock photo ID: 658810513 By asharkyu

      GSA extends EIS deadline to 2023

      Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

    • Workforce
      Shutterstock image ID: 569172169 By Zenzen

      OMB looks to retrain feds to fill cyber needs

      The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

    • Acquisition
      GSA Headquarters (Photo by Rena Schild/Shutterstock)

      GSA to consolidate multiple award schedules

      The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

    Stay Connected

    FCW Update

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.