Appendix C
Meeting Agenda

CYBER -S ECURITY AND THE INSIDER THREAT TO CLASSIFIED INFORMATION

A PLANNING MEETING

NOVEMBER 1–2, 2000

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD

NATIONAL RESEARCH COUNCIL

2001 WISCONSIN AVENUE, NW

GREEN BUILDING, ROOM 118

WASHINGTON, D.C.

Scope and Purpose:

The purpose of this exploratory meeting is to determine an appropriate role for the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) in examining information technologies (and related policy) to cope with “insider” threats to the cyber-security of classified information. Participants will examine the following inter-related topics: i) Are there issues with respect to the insider threat to classified systems that an NRC study could help address? If so, what are those issues? ii) How could CSTB help to identify and explicate a research agenda for information security technologies and associated policies and practices that are directed against the insider threat? iii) What would be the utility and impact of a CSTB study in this area?

If it is decided that a CSTB study would be useful, meeting participants will generate a set of questions that such a study should address. CSTB will subsequently develop a study proposal based on these questions. Sample questions/issues that such a study might address are included below to jump-start the discussion. Participants should feel free to disregard, expand upon, or otherwise change these sample questions. The goal is not to flesh out answers to these questions in detail, but to explore the surrounding issues enough to examine the nature and extent of the problem and to determine whether further investigation by an NRC-convened committee would be fruitful.

  • What is an appropriate long-term technical research agenda that will address the issue of insider threat mitigation?

  • What is the ‘right’ balance between technology and other strategies when attempting to prevent, detect, and respond to insider problems?

  • Are there substantive distinctions between insider threats to classified and to unclassified systems and, if so, do such differences lend themselves to different technological strategies and/or policies?

For each of the interactive panels below, the panelists will each speak for 5–8 minutes to initiate discussion and the rest of the time will be spent in a roundtable discussion.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 14
Summary of Discussions at a Planning Meeting on Cyber-Security and the Insider Threat to Classified Information Appendix C Meeting Agenda CYBER -S ECURITY AND THE INSIDER THREAT TO CLASSIFIED INFORMATION A PLANNING MEETING NOVEMBER 1–2, 2000 COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD NATIONAL RESEARCH COUNCIL 2001 WISCONSIN AVENUE, NW GREEN BUILDING, ROOM 118 WASHINGTON, D.C. Scope and Purpose: The purpose of this exploratory meeting is to determine an appropriate role for the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) in examining information technologies (and related policy) to cope with “insider” threats to the cyber-security of classified information. Participants will examine the following inter-related topics: i) Are there issues with respect to the insider threat to classified systems that an NRC study could help address? If so, what are those issues? ii) How could CSTB help to identify and explicate a research agenda for information security technologies and associated policies and practices that are directed against the insider threat? iii) What would be the utility and impact of a CSTB study in this area? If it is decided that a CSTB study would be useful, meeting participants will generate a set of questions that such a study should address. CSTB will subsequently develop a study proposal based on these questions. Sample questions/issues that such a study might address are included below to jump-start the discussion. Participants should feel free to disregard, expand upon, or otherwise change these sample questions. The goal is not to flesh out answers to these questions in detail, but to explore the surrounding issues enough to examine the nature and extent of the problem and to determine whether further investigation by an NRC-convened committee would be fruitful. What is an appropriate long-term technical research agenda that will address the issue of insider threat mitigation? What is the ‘right’ balance between technology and other strategies when attempting to prevent, detect, and respond to insider problems? Are there substantive distinctions between insider threats to classified and to unclassified systems and, if so, do such differences lend themselves to different technological strategies and/or policies? For each of the interactive panels below, the panelists will each speak for 5–8 minutes to initiate discussion and the rest of the time will be spent in a roundtable discussion.

OCR for page 14
Summary of Discussions at a Planning Meeting on Cyber-Security and the Insider Threat to Classified Information   Wednesday November 1, 2000 3:30–4:00pm Welcome and overview of the NRC and CSTB Anita Jones, University of Virginia 4:00–5:30 Panel: The Psychological and Social Aspects of the Insider Threat Michael Caloyannides, Mitretek Systems, Inc., [facilitator] Bradley Wood, SRI International David Keene, Defense Information Systems Agency What are the psychological models of the insider? In what ways does the threat manifest itself for different types of insiders (e.g., disgruntled employees, blackmailed insiders, “sleepers”, unwitting accomplices, etc.)? Are there psychological and social issues that are more prevalent in military settings than in corporate settings? Does this change the nature of the strategies used against the insider threat? What policies and practices can actually be implemented that will help to cope effectively with the insider threat? Etc. 5:30–7:00 Dinner with after dinner speaker, Green Building, Room 126 A Management Framework for Security Ron Knecht, Science Applications International Corporation   Thursday November 2, 2000 8:00–8:30am Breakfast 8:30–10:00 Panel: State of the Practice—Technology Carl Landwehr, Mitretek Systems, Inc., [facilitator] Nicholas Trio, IBM T.J.Watson Research Center James Anderson, Consultant What is the current state of the practice in terms of technological strategies to mitigate the insider threat? What technologies seem most effective? Which technologies are most commonly employed? Are these the most useful? Etc. 10:00–10:15 Break 10:15–11:45 Panel: Emerging Capabilities and Future Research Karl Levitt, University of California, Davis [facilitator] Earl Boebert, Sandia National Laboratories Gary Mcgraw, Cigital Terry Benzel, Network Associates What are the open research questions with respect to the insider threat? Are there new technologies on the horizon that seem likely to be effective? What are the most vexing open problems, and why? Etc. 11:45–12:45 Lunch—Case Studies: Legal Aspects of the Insider Threat to Information Systems Michael Woods, Federal Bureau of Investigation

OCR for page 14
Summary of Discussions at a Planning Meeting on Cyber-Security and the Insider Threat to Classified Information 12:45–1:15 Classified, Open, and Sensitive Systems Richard Brackney, National Security Agency 1:15–1.45 Related NRC/CSTB Work: Topics for and Elements of a CSTB Project with Examples Marjory Blumenthal, Computer Science and Telecommunications Board 1:45–2:00 Break 2:00–4:00 Roundtable discussion of what NRC/CSTB could do in this arena Anita Jones [facilitator] What are the major issues? What obstacles stand in the way of addressing them? Are there issues for which a consensus does not seem to have been reached in the community? Who is interested in addressing them? What benefits would be derived from solving them? Is a CSTB/NRC project on this subject warranted? If so, what questions should define the charge of the project? What parties might be interested in supporting such a project? 4:00 Adjourn