Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems
Dec 31, 1998
This is the second in a series of conference reports on the topic of R&D initiatives to mitigate and thwart the insider threat to critical U.S. defense and infrastructure information systems. (The first conference, held August 1999, is reported on in RAND/CF-151-OSD.) This August 2000 workshop's three main focus areas were long-term (2-5 year) research challenges and goals toward mitigating the insider threat; developing insider threat models; and developing near-term solutions using commercial off-the-shelf(COTS) and government off-the-shelf (GOTS) products. The long-term research recommendations stressed the need to develop an underlying system architecture designed explicitly with security and survivability in mind (unlike essentially all operating systems and network architectures in use today). Other topics included R&D needed on differential access controls, means of recording and saving the provenance of a digital document, and dealing with the increasing use of mobile code (e.g., in the form of applets, viruses, worms, or macros) in complex information systems. The report also contains a number of recommendations regarding the purposes and design of models of insider behavior, and near-term recommendations for helping to prevent, discover, and mitigate the threat ofinsider misuse of information systems.
Figures and Tables
List of Symbols
Long-Term (2-5 Yr.) Research Challenges and Goals
Insider Threat Models
An Insider Threat Model for Model Adversaries
An Insider Threat Model for Adversary Simulation
Modeling Behavior of the Cyber-Terrorist
Can Technology Reduce the Insider Threat?
The Insider Threat to Information Systems
The Insider Espionage Threat
Insider Threat - A Theoretical Model
Information Assurance Cyberecology