Insider Threats To Critical Infrastructure

Critical Infrastructure Insider Threat Overview
By virtue of their access to sensitive facilities and sensitive information / networks, critical infrastructure employees pose a serious threat to commit or facilitate malicious acts such as terrorism, sabotage, criminal acts, etc.

There have been several incidents involving terrorist organizations that have sought to recruit critical infrastructure employees to assist them in planning or conducting terrorist attacks, or they have tried to gain employment as critical infrastructure workers for the same purposes.

Recent and past Insider Threat incidents are bringing the awareness of the "Insider Threat Problem" to a
HIGH LEVEL of concern to the U.S. Government and Critical Infrastructure Providers.

The security of the U.S. Critical Infrastructure Sectors  is vital to the safety and well being of American citizens, and the daily operations of Critical Infrastructure Providers.

An Insider Threat incident could be caused by just 1 employee, or an employee(s) in collusion with a terrorist organization, or cyber criminal / organization.

Any incident (Cyber Attack, Terrorism, Insider Threat) that could incapacitate or destroy a critical infrastructure sector(s), would impair and effect national security and public safety.

A 2013 report from DHS titled: Risks To U.S. Critical Infrastructure From Insider Threat, provides numerous Insider Threat Scenarios that could impact critical infrastructure sectors.


Critical Infrastructure Sectors




Critical Infrastructure Insider Threat Incidents

Ten Individuals Charged In $50 Million Russian Smuggling Scheme / Some Current - Former Airlines Employees (2020)ober 19, 2020

Russian Hackers Targeting U.S. Utilities Through Critical Infrastructure Employee (2018)

FBI Completes Investigation Into Unauthorized Flight of Aircraft By Employee Drom Seattle-Tacoma Airport (2018)

PenAir Employee Sabotages Ticketing And Station Management Network Database (2018)

Two Critical U.S. Dams At High Risk From Insider Cyber Threats (2018)

Heathrow Airport British Airways Baggage Handlers Helped Smuggle 32 Million Of Cocaine & Cannabis Stuffed In Suitcases (2018)

TSA Workers Helped Puerto Rico-Based Ring Smuggle 20 Tons/ $100M Of Cocaine For Over A Decade, Prosecutors Say (2017)

Daallo Airlines Jet Explosion Involves Airport Employees (2016)

Pilots Arrested For Being Drunk (2016)

Airport Security Seizes 70 Pounds Of Cocaine From Airline Employee (2016)

Former Citibank Employee Sentenced For Shutting Down 90% Of Firm's Network (2016)

DC Metro Transit Cop Appears in Court for Allegedly Trying to Assist ISIS (2016)

Fatal Descent Of Germanwings Plane Was ‘Deliberate,’ French Authorities Say (2015)

6 Other Times Commercial Pilots Were Suspected Of Crashing Planes On Purpose

The Insider Threat Is Real: Gaps In Airport Security Highlighted In NBC News Video (2015)

The Inside Story Of The Biggest Hack In History To Oil Company (Caused By Insider) (2015)

Chicago Airport Fire Started By Employee (2014)

Chicago Airport Fire Report By Dept. Of Transportation Office Of The Inspector General (2015)


Six People / 4 Airport Baggage Handlers Accused Of Drug Smuggling At San Diego International Airport (2014)

Drug Smuggling Plot Involving Aviation Employee / TSA Airport Screeners / Security Officials At LAX (2012)

20 Airport Workers Held In Smuggling Of Drugs For Decade (2003)

Drug Smuggling Sting Nabs 55 Airline Employee And Contractor (1999)

Other Insider Threats Incidents To Critical Infrastructure


Do you have an Insider Threat incident that has impacted a critical infrastructure sector, that is not listed above? Please send to:




The Importance Of Employee Continuous Evaluation And Reporting
A company (Endera) that provides an Employee Continuous Evaluation and Reporting service enrolled 60,000 employees from a global airline. (Source)

The Endera service monitors thousands of data sources, and provides alerts within 15 minutes to 24 hours on the enrolled employees.

The Results
Detected 11,000 Events In 120 Days
1,771 Events Were Defined As Critical
55 Bookings And Arrest Alerts

For More Information
Using External Data Sources For Insider Threat Detection And Mitigation




Insider Threat Mitigation Guidance

CISA 2020 Insider Threat Mitigation Guide


CISA 2019 Insider Threats Programs For The Critical Manufacturing Sector Implementation Guide

International Atomic Energy Agency - Preventive and Protective Measures Against Insider Threats


Electric Grid Security And Resilience - Establishing A Baseline For Adversarial Threats




Critical Infrastructure Insider Threat Reports

GAO 2020 Report On TSA Insider Threat Program

National Strategy for Aviation Security (2018)

Increasing Concern About Insider Threats At U.S. Airports - House Homeland Security Committee Report (2017)

Aviation Employee Screening And Security Enhancement Act Of 2017


Aviation Insider Threat Working Group - What We Know, Our Findings, And What We Recommend (2017)

International Air Transport Association - Insider Threats In Aviation (2015)

Aviation Security Advisory Committee: Employee Screening Working Group Report (2015)

DHS Report - Risks To U.S. Critical Infrastructure From Insider Threat (2013)

Insider Threat to Critical Infrastructures - Final Report And Recommendations (2008)

Insider Threat Study: Computer System Sabotage In Critical Infrastructure Sectors (2005)




Insider Threat Mitigation Training
Insider Threat Defense Group

Insider Threat Program Development - Management Training Course


Course Overview

This 2 day training course will ensure the Insider Threat Program (ITP) Manager, ITP Senior Official (Insider Threat Analyst, FSO, CSO, CISO, Etc.), and others who support the ITP (Human Resources, IT, Network Security, Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group.

The success of an ITP requires Key Stakeholder Commitments and Business Process Improvements. Students will leave this training with an in-depth understanding of the many underlying and inter-connected components of an ITP that are required for successful Insider Threat detection and mitigation

Insider Threat Mitigation also requires mimicking the mind of a Malicious Insider to assume their point of view. We incorporate the Insiders Playbook of Malicious Tactics into our training. This will help our students find holes in their organizations security defenses, before a REAL Malicious Insider does.

Insider Threat Mitigation Training requires more then just attending a course, reviewing PowerPoint presentations and taking an exam. We provide our students with an ITP Management Toolkit. The toolkit provides students with a How To - Step By Step Guide (ITP Management Handbook), templates, resources and a variety of Insider Threat Vulnerability checklists, to ensure your organization has a robust and effective ITP. Except for the handbook, all training materials will be provided in electronic format (USB Thumb Drive).

At the completion of this training, students will be well versed in how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks.

This training is based off the Instructors Real World Experience (10+ Years) helping the U.S. Government (Department of Defense, Intelligence Community) and businesses develop robust and effective ITP's, using a methodical approach and ability to Think Outside The Box.

Company / Course Recognition
The Insider Threat Defense Group (ITDG) is considered a Trusted Provider and is recognized as the Leader-Go To Company for ITP Development / Management Training and Insider Threat Mitigation Services. We have provided our training and services (In Over 14 U.S. States) to an impressive list of 600+ clients; U.S. Government Agencies (Department of Defense, Intelligence Community), Defense Contractors, Defense Security Service, Critical Infrastructure Providers, Fortune 500 Companies, Aviation/Airline Industry, Spacecraft Manufacturing- Launch Providers, Technology Companies, Banking - Financial Industry, Health Care Industry, and other large-small businesses and global corporations. (Client Listing)

Over 800+ individuals have attended our training and received Insider Threat Program Manager Certificates.




Protecting Critical Infrastructure Against Insider Threats


Web Based Training Course Overview
This course provides guidance to critical infrastructure employees and service providers on how to identify and take action against insider threats to critical infrastructure.




Copyright © 2021 - National Insider Threat Special Interest Group ™ - All Rights Reserved - Legal Notice