SUMMARY OF DISCUSSIONS AT A PLANNING MEETING ON CYBER-SECURITY AND THE INSIDER THREAT TO CLASSIFIED INFORMATION

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD

THE NATIONAL RESEARCH COUNCIL

THE NATIONAL ACADEMIES

NOVEMBER 1–2, 2000

Chair:

Anita K.Jones, Lawrence R.Quarles Professor of Engineering and Applied Science University of Virginia

Rapporteur:

Lynette I.Millett, Program Officer and Study Director Computer Science and Telecommunications Board

This white paper summarizes the discussions of a planning meeting sponsored by the National Research Council (NRC) on November 1–2, 2000. It has not been reviewed by the National Research Council and does not reflect the institutional views of the NRC in any way.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 1
Summary of Discussions at a Planning Meeting on Cyber-Security and the Insider Threat to Classified Information SUMMARY OF DISCUSSIONS AT A PLANNING MEETING ON CYBER-SECURITY AND THE INSIDER THREAT TO CLASSIFIED INFORMATION COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD THE NATIONAL RESEARCH COUNCIL THE NATIONAL ACADEMIES NOVEMBER 1–2, 2000 Chair: Anita K.Jones, Lawrence R.Quarles Professor of Engineering and Applied Science University of Virginia Rapporteur: Lynette I.Millett, Program Officer and Study Director Computer Science and Telecommunications Board This white paper summarizes the discussions of a planning meeting sponsored by the National Research Council (NRC) on November 1–2, 2000. It has not been reviewed by the National Research Council and does not reflect the institutional views of the NRC in any way.

OCR for page 1
Summary of Discussions at a Planning Meeting on Cyber-Security and the Insider Threat to Classified Information Meeting of November 1–2, 2000 on Cyber-Security and the Insider Threat to Classified Information CYBER-SECURITY AND THE INSIDER THREAT TO CLASSIFIED INFORMATION In order to determine whether to conduct a study on cyber-security and the insider threat to classified information, the Computer Science and Telecommunications Board (CSTB) of the National Academies (described in Appendix A) hosted a meeting on November 1– 2, 2000 to advise CSTB on the issues that such a study might address. Meeting participants endorsed the concept that CSTB should undertake a project that would examine high-grade threats (by definition including insider threats) to high-value information systems. Such a study should focus both on national security concerns and classified systems as well as non-classified, commercial enterprises. The meeting was chaired by Anita K.Jones, Lawrence R.Quarles Professor of Engineering and Applied Science, the University of Virginia. The steering committee consisted of Tom Bozek, Office of the Secretary of Defense; Michael Caloyannides, Mitretek Systems; and Carl Landwehr, Mitretek Systems. Meeting participants (Appendix B) included experts in information security, law, national defense, and law enforcement. The meeting agenda is given in Appendix C. 1. Introduction Public attention to information security today tends to focus on the problem of preventing harm that results from the actions of a hostile “outsider,” such as a hacker. However, security breaches accomplished with the cooperation of (or at the instigation of) an insider can cause significant damage. For example, an insider might be able to disable certain network security mechanisms, thereby allowing a collaborator on the outside to gain access. Or, an insider might be able to transmit electronically large volumes of sensitive information without ever being subjected to physical search. The compromised or actively hostile insider clearly presents a difficult challenge for the manager or security practitioner. The classic insider attack in which an individual uses authorized access to a computer system to view a sensitive piece of information, memorizes it, and then divulges it at a future date in a different location seems impervious to straightforward technological solutions. However, it may be possible to develop technologies that can mitigate the damage done when such individuals use technological means to assist in the information transfer or are more interested in sabotage than espionage. Technology can also be employed that increases the likelihood that the individual will be caught. Nevertheless, dealing with the insider threat inevitably involves organizational policies, practices, and processes as well as technological approaches. For example, in an environment in which most employees are trustworthy, what policies, practices, and processes can be implemented that will help to cope effectively with the insider threat? The CSTB meeting’s initial focus was on the threat to classified systems and information because the political and organizational issues that often arise with protection policies and practices (e.g., rights to privacy) are considerably fewer and less intense than if