Insider Threats To Critical Infrastructure
Critical Infrastructure Insider Threat Overview
By virtue of their access to sensitive facilities and sensitive
information / networks, critical infrastructure employees pose a serious
threat to commit or facilitate malicious acts such as terrorism,
sabotage, criminal acts, etc.
There have been several incidents involving terrorist organizations that
have sought to recruit critical infrastructure employees to assist them
in planning or conducting terrorist attacks, or they have tried to gain
employment as critical infrastructure workers for the same purposes.
Recent and past Insider Threat incidents are bringing the awareness of
the "Insider Threat Problem" to a
HIGH LEVEL
of concern to the U.S. Government and Critical Infrastructure Providers.
The security of the U.S.
Critical
Infrastructure Sectors is vital to the safety and well being
of American citizens, and the daily operations of Critical
Infrastructure Providers.
An Insider Threat incident could be caused by just 1 employee, or an
employee(s) in collusion with a terrorist organization, or cyber
criminal / organization.
Any incident (Cyber Attack, Terrorism, Insider Threat) that could
incapacitate or destroy a critical infrastructure sector(s), would
impair and effect national security and public safety.
A 2013 report from DHS titled:
Risks To U.S. Critical Infrastructure From Insider Threat, provides
numerous
Insider Threat Scenarios that could impact critical infrastructure
sectors.
Critical Infrastructure Sectors

Critical Infrastructure Insider Threat Incidents
Ten Individuals Charged In $50 Million Russian Smuggling Scheme / Some
Current - Former Airlines Employees
(2020)ober 19, 2020
Russian
Hackers Targeting U.S. Utilities Through Critical Infrastructure
Employee (2018)
FBI Completes Investigation Into Unauthorized Flight of Aircraft By
Employee Drom Seattle-Tacoma Airport (2018)
PenAir Employee Sabotages Ticketing And Station Management Network
Database (2018)
Two Critical U.S. Dams At High Risk From Insider Cyber Threats
(2018)
Heathrow Airport British Airways Baggage Handlers Helped Smuggle 32
Million Of Cocaine & Cannabis Stuffed In Suitcases (2018)
TSA Workers Helped Puerto Rico-Based Ring Smuggle 20 Tons/ $100M Of
Cocaine For Over A Decade, Prosecutors Say (2017)
Daallo Airlines Jet Explosion Involves Airport Employees (2016)
Pilots Arrested For Being Drunk (2016)
Airport Security Seizes 70 Pounds Of Cocaine From Airline Employee
(2016)
Former Citibank Employee Sentenced For Shutting Down 90% Of Firm's
Network (2016)
DC Metro Transit Cop Appears in Court for Allegedly Trying to Assist
ISIS (2016)
Fatal Descent Of Germanwings Plane Was ‘Deliberate,’ French Authorities
Say (2015)
6 Other Times Commercial Pilots Were Suspected Of Crashing Planes On
Purpose
The Insider Threat Is Real: Gaps In Airport Security Highlighted In NBC
News Video (2015)
The
Inside Story Of The Biggest Hack In History To Oil Company
(Caused By Insider) (2015)
Chicago Airport Fire Started By Employee (2014)
Chicago Airport Fire Report By Dept. Of Transportation Office Of The
Inspector General (2015)
Six People / 4 Airport Baggage Handlers Accused Of Drug Smuggling At San
Diego International Airport (2014)
Drug Smuggling Plot Involving Aviation Employee / TSA Airport Screeners
/ Security Officials At LAX (2012)
20 Airport Workers Held In Smuggling Of Drugs For Decade (2003)
Drug Smuggling Sting Nabs 55 Airline Employee And Contractor (1999)
Other Insider Threats Incidents To Critical Infrastructure
Do
you have an Insider Threat incident that has impacted a critical
infrastructure sector, that is not listed above? Please send to:
jimhenderson@nationalinsiderthreatsig.org
The Importance Of Employee Continuous Evaluation And Reporting
A company (Endera) that
provides an Employee Continuous Evaluation and Reporting service
enrolled 60,000 employees from a global airline. (Source)
The Endera service monitors thousands of data sources, and provides
alerts within 15 minutes to 24 hours on the enrolled employees.
The Results
Detected 11,000 Events In 120 Days
1,771 Events Were Defined As Critical
55 Bookings And Arrest Alerts
For More Information
Using External Data Sources For Insider Threat Detection And Mitigation
Insider Threat Mitigation Guidance
CISA 2020 Insider Threat Mitigation Guide
CISA 2019 Insider Threats Programs For The Critical Manufacturing Sector
Implementation Guide
International Atomic Energy Agency - Preventive and Protective Measures
Against Insider Threats
Electric Grid Security And Resilience - Establishing A Baseline For
Adversarial Threats
Critical Infrastructure Insider Threat Reports
GAO 2020 Report
On TSA Insider Threat Program
National Strategy for Aviation Security (2018)
Increasing Concern About Insider Threats At U.S. Airports - House
Homeland Security Committee Report (2017)
Aviation Employee Screening And Security Enhancement Act Of 2017
Aviation Insider Threat Working Group - What We Know, Our Findings, And
What We Recommend (2017)
International Air Transport Association - Insider Threats In Aviation
(2015)
Aviation Security Advisory Committee: Employee Screening Working Group
Report (2015)
DHS Report - Risks To U.S. Critical Infrastructure From Insider Threat
(2013)
Insider Threat to Critical Infrastructures - Final Report And
Recommendations (2008)
Insider Threat Study: Computer System Sabotage In Critical
Infrastructure Sectors (2005)
Insider Threat Mitigation Training
Insider Threat Defense Group
Insider Threat Program Development - Management Training Course
Course Overview
This
2 day training course will ensure the Insider Threat Program (ITP)
Manager, ITP Senior Official (Insider Threat Analyst, FSO, CSO, CISO,
Etc.), and others who support the ITP (Human Resources, IT, Network
Security, Etc.), have the Core Knowledge, Blueprint, Resources
needed for developing, managing, enhancing an ITP / ITP Working Group.
The success of an ITP requires Key Stakeholder Commitments and Business
Process Improvements. Students will leave this training with an
in-depth understanding of the many underlying and
inter-connected components of an ITP that are required for successful
Insider Threat detection and mitigation
Insider Threat Mitigation also requires mimicking the mind of a
Malicious Insider to assume their point of view. We incorporate the
Insiders Playbook of Malicious Tactics into our training. This will help
our students find holes in their organizations security defenses, before
a REAL Malicious Insider does.
Insider Threat Mitigation Training requires more then just attending a
course, reviewing PowerPoint presentations and taking an exam. We
provide our students with an ITP Management Toolkit. The toolkit
provides students with a How To - Step By Step Guide (ITP Management
Handbook), templates, resources and a variety of Insider Threat
Vulnerability checklists, to ensure your organization has a robust and
effective ITP. Except for the handbook, all training materials will be
provided in electronic format (USB Thumb Drive).
At the completion of this training, students will be well versed
in how to develop, implement, manage or enhance an ITP, and have the
in-depth knowledge to gather, correlate and analyze an extensive amount
of raw data sources to detect and mitigate Insider Threat Risks.
This training is based off the
Instructors
Real World Experience (10+ Years) helping the U.S. Government
(Department of Defense, Intelligence Community) and businesses develop
robust and effective ITP's, using a methodical approach and ability to
Think Outside The Box.
Company / Course Recognition
The Insider Threat Defense Group (ITDG) is considered a Trusted
Provider and is recognized as the Leader-Go To Company for ITP
Development / Management Training and Insider Threat Mitigation
Services. We have provided our training and services (In Over 14 U.S.
States) to an impressive list of 600+ clients; U.S. Government
Agencies (Department of Defense, Intelligence Community), Defense
Contractors, Defense Security Service, Critical Infrastructure
Providers, Fortune 500 Companies, Aviation/Airline Industry, Spacecraft
Manufacturing- Launch Providers, Technology Companies, Banking -
Financial Industry, Health Care Industry, and other large-small
businesses and global corporations. (Client
Listing)
Over 800+ individuals have attended our training and received
Insider Threat Program Manager Certificates.
FEMA
Protecting Critical Infrastructure Against Insider Threats
Web Based Training Course Overview
This
course provides guidance to critical infrastructure employees and
service providers on how to identify and take action against insider
threats to critical infrastructure.