An Intelligence Perspective on Insider Threat & the Unique Role It Plays in Industrial Control Systems (ICS) Environments
Insider threat is a well-known phenomenon that is considered by most to be the greatest threat to any information security environment. Access control measures attempt to mitigate much of this through physical (hardware) and software-based means.
In the case of environments where industrial control systems (ICS) are prevalent, this threat is enhanced by the unique capability in such situations to cause physical harm to employees, the processes they manage and the plant itself, as well as potentially damaging events to the environment and the population.
Perhaps more notably, insider threats are not always quantifiable by personnel as the SolarWinds breach has shown – allowing software into your organization that controls, manages, or can modify any aspect of the defense-in-depth posture an organization garners, poses a different and new vector of attack – by automated insiders.
This research will consider current literature on insider threat modeling, user behaviors, and mitigation. While much of the literature in this milieu is focused on IT environments, we will focus on the unique role insider threat actors play in ICS environments.