Year
2019
Abstract
Insider threat mitigation programs have historically focused on preventative and protective measures to mitigate insider threats (and resulting malicious acts) to nuclear facilities. These approaches tend to focus on deterring the behavior of individuals </i>through background checks and behavioral monitoring programs instead of focusing on collective </i>behaviors observed in the workplace. However, in recent years researchers across government and the private sector have hypothesized ways to utilize empirical data from increasingly networked security and facility “health-monitoring” systems to improve, and even automate portions of insider threat mitigation programs. Such approaches better integrate workplace behavior-related insights into traditional insider threat mitigation programs. These advances, while important to the long-term success of insider threat mitigation programs, present difficulties as researchers attempt to identify how to assess workplace behaviors as indicators of insider threat potential. More specifically, the challenge lies in differentiating between malicious intent and natural “organizational evolution” to explain observed anomalies in collective workplace behaviors. In order to better integrate quantitative data into a traditionally qualitative assessment framework, it is important to have defined observables on which to build measures of behaviors that represent insider potential manifesting into malicious action. This paper summarizes some preliminary insights from invoking resilience and organizational theory literatures to categorize observables characteristics of collective workplace behaviors and identify characteristics of potential insider threat mitigation measures robust across the full spectrum of plausible threat scenarios.