skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Addressing the insider threat

Conference ·
OSTI ID:6230731
; ; ;

Computers have come to play a major role in the processing of information vital to our national security. As we grow more dependent on computers, we also become more vulnerable to their misuse. Misuse may be accidental, or may occur deliberately for purposes of personal gain, espionage, terrorism, or revenge. While it is difficult to obtain exact statistics on computer misuse, clearly it is growing. It is also clear that insiders -- authorized system users -- are responsible for most of this increase. Unfortunately, their insider status gives them a greater potential for harm This paper takes an asset-based approach to the insider threat. We begin by characterizing the insider and the threat posed by variously motivated insiders. Next, we characterize the asset of concern: computerized information of strategic or economic value. We discuss four general ways in which computerized information is vulnerable to adversary action by the insider: disclosure, violation of integrity, denial of service, and unauthorized use of resources. We then look at three general remedies for these vulnerabilities. The first is formality of operations, such as training, personnel screening, and configuration management. The second is the institution of automated safeguards, such as single-use passwords, encryption, and biometric devices. The third is the development of automated systems that collect and analyze system and user data to look for signs of misuse.

Research Organization:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Organization:
USDOE; USDOE, Washington, DC (United States)
DOE Contract Number:
W-7405-ENG-36
OSTI ID:
6230731
Report Number(s):
LA-UR-93-1181; CONF-9305151-3; ON: DE93012626
Resource Relation:
Conference: 15. computer security group training conference: mission possible - connected and protected, Albuquerque, NM (United States), 3-6 May 1993
Country of Publication:
United States
Language:
English

Similar Records

Addressing the insider threat
Conference · Sat May 01 00:00:00 EDT 1993 · OSTI ID:6230731
+1 more
LAVA/CS. Computer Security Risk Assessment
Technical Report · Thu Jun 25 00:00:00 EDT 1987 · OSTI ID:6230731
Computer Security Risk Assessment
Software · Tue Feb 11 00:00:00 EST 1992 · OSTI ID:6230731

Related Subjects

99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
98 NUCLEAR DISARMAMENT, SAFEGUARDS, AND PHYSICAL PROTECTION
COMPUTERS
SECRECY PROTECTION
ADVERSARIES
SAFEGUARDS
SECURITY
TRAINING
VULNERABILITY
EDUCATION
990200* - Mathematics & Computers
055001 - Nuclear Fuels- Safeguards
Inspection
& Accountability- Technical Aspects