Insider threat is a well-known phenomenon that is considered by most to be the greatest threat to any information security environment. Access control measures attempt to mitigate much of this through physical (hardware) and software-based means.
In the case of environments where industrial control systems (ICS) are prevalent, this threat is enhanced by the unique capability in such situations to cause physical harm to employees, the processes they manage and the plant itself. In addition, potentially damaging events to the environment and the population.
Perhaps more notably, insider threats are not always quantifiable by personnel as the SolarWinds breach has shown. Allowing software into your organization that controls, manages, or can modify any aspect of the defence-in-depth posture poses a different and new attack vector – by automated insiders.
This research will consider
- Insider threat modelling
- User behaviours
- Mitigation.
- Focusing on the unique role insider threat actors play in ICS environments.
