Definitions[edit | edit source]
An insider is
|“||[an] individual acting under the authority of the system owner or program manager. These include users, system administrators, maintenance personnel, and others authorized for physical access to system components.||”|
|“||[a]n entity inside the security perimeter that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.||”|
|“||[a]ny person with authorized access to any United States Government resource to include personnel, facilities, information, equipment, networks or systems.||”|
Potential security threats[edit | edit source]
The key to malicious or hostile activities in cyberspace is access to networked systems and information. Facilitating this access through the use of insiders can greatly reduce the technological sophistication necessary to mount an attack, because authenticated and authorized insiders may be able to circumvent barriers to external access, or may have legitimate access rights and privileges that would be denied to unauthorized users.
So while obtaining network access via hacking provides one potential path for malicious activity, insider (physical or logical) access to the network reduces, and can in some cases eliminate, the difficulties associated with hacking through network defenses. With the right insider, an offensive operation may involve simply copying information to a portable storsge medium that can be carried from the premises. A single well-placed, knowledgeable insider can also exploit IT systems to disrupt local infrastructure.
References[edit | edit source]
- DHS Privacy Office Annual Privacy Report to Congress, April 2003 to June 2004, App. F, at 9 n.3.
- NIST Special Publication 800-82, at B-4.
- 12 FAM 090 (full-text).