CERT Insider Threat Center

At the CERT Insider Threat Center, we conduct empirical research and analysis to develop and transition sociotechnical solutions to combat insider cyber threats. We have been researching this problem since 2001 in partnership with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.

The foundation of our work is our database of more than 1000 insider threat cases. We use system dynamics modeling to characterize the nature of the insider threat problem, explore dynamic indicators of insider threat risk, and identify and experiment with administrative and technical controls for insider threat mitigation. The CERT insider threat lab provides a foundation for identifying, tuning, and packaging technical controls as an extension of our modeling efforts. We developed an assessment framework based on fraud, theft of intellectual property, and IT sabotage incidents to help organizations identify their technical and nontechnical vulnerabilities to insider threats as well as executable countermeasures.

As part of an FFRDC, we are uniquely positioned, and serves the community as a trusted broker to assist the community in the short term and through our ongoing research for more than a decade.

What Is an Insider Threat?

A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems. In addition, insider threats can also be unintentional (non-malicious).