An Intelligence Perspective on Insider Threat & the Unique Role It Plays in Industrial Control Systems (ICS) Environments

 Insider threat is a well-known phenomenon that is considered by most to be the greatest threat to any information security environment.   According to a survey done by Lui, Oliver, Han, Zhang & Xiang1 74% IT or data security breaches were originated by insiders.

Access control measures attempt to mitigate much of this through physical (hardware) and software-based means.

In the case of environments where industrial control systems (ICS) are prevalent, this threat is enhanced by the unique capability in such situations to cause physical harm to employees, the processes they manage and the plant itself, as well as potentially damaging events to the environment and the population.

Perhaps more notably, insider threats are not always quantifiable by personnel as the SolarWinds breach has shown – allowing software into your organisation that controls, manages, or can modify any aspect of the defence-in-depth posture an organisation garners, poses a different and new vector of attack – by automated insiders.

This research will consider current literature on insider threat modelling, user behaviours, and mitigation. While much of the literature in this milieu is focused on IT environments, we will focus on the unique role insider threat actors play in ICS environments.

Download the full whitepaper to learn more.

www.dragos.com