Agent-Based Behavior Precursor Model of Insider IT Sabotage

  • Erika G. Ardiles CruzEmail author
  • John A. Sokolowski
  • Timothy Kroecker
  • Sachin Shetty
Part of the Understanding Complex Systems book series (UCS)


Insider IT sabotage can be defined as the use of information technology to cause harm to an organization or an individual. Behavioral precursors are usually observable during the evolution of the threat. These precursors include personal predispositions such as rule and policy violations or mental health disorders, expressed disgruntlement due to unmet expectations or stressful events experienced by highly skilled employees with access to administrate systems, networks, and data in the organization. This research uses an agent-based modeling and simulation approach for modeling behavior precursors of insider IT sabotage within an organization using a risk scale. The specific behavioral precursors include the individual’s predisposition, disgruntlement, stress levels, technical skill levels and the level of access to the computer systems. The simulation provides a framework for exploring the emergence and development of insider IT sabotage within organizations for different turnover rates.


Human behavior Behavior precursor Turnover rate Insider IT sabotage Agent-based modeling and simulation 



This work is supported by the Office of the Assistant Secretary of Defense for Research and Engineering (OASD (R&E)) agreement FA8750-15-2-0120


The views and conclusions contained in this paper are those of the authors and should not be interpreted as the as necessarily representing the official policies or endorsements the Office of the Assistant Secretary of Defense for Research and Engineering (OASD (R&E))


  1. 1.
    Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesle (2012)Google Scholar
  2. 2.
    Moore, A.P., Cappelli, D.M., Trzeciak, R.F.: The “big picture” of insider IT sabotage across US critical infrastructures. In: Insider Attack and Cyber Security, pp. 17–52. Springer, (2008)Google Scholar
  3. 3.
    Band, S.R., Cappelli, D.M., Fischer, L.F., Moore, A.P., Shaw, E.D., Trzeciak, R.F.: Comparing insider IT sabotage and espionage: a model-based analysis. DTIC Document (2006)Google Scholar
  4. 4.
    Colwill, C.: Human factors in information security: the insider threat–Who can you trust these days? Inf. Secur. Tech. Rep. 14(4), 186–196 (2009)CrossRefGoogle Scholar
  5. 5.
    Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90–101 (2013)CrossRefGoogle Scholar
  6. 6.
    Greitzer, F.L., Kangas, L.J., Noonan, C.F., Dalton, A.C., Hohimer, R.E.: Identifying at-risk employees: modeling psychosocial precursors of potential insider threats. In: 2012 45th Hawaii International Conference on System Science (HICSS), pp. 2392–2401. IEEEGoogle Scholar
  7. 7.
    Shaw, E.D., Fischer, L.F., Rose, A.E.: Insider risk evaluation and audit. DTIC Document (2009)Google Scholar
  8. 8.
    Greitzer, F.L., Kangas, L.J., Noonan, C.F., Dalton, A., Hohimer, R.: Identifying at-risk employees: a behavioral model for predicting potential insider threats. Pacific Northwest National Laboratory Richland, WA (2010)Google Scholar
  9. 9.
    Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: International Conference on Trust, Privacy and Security in Digital Business, pp. 26–37. Springer (2010)Google Scholar
  10. 10.
    Epstein, J.M.: Agent_Zero: Toward Neurocognitive Foundations for Generative Social Science. Princeton University Press, Princeton (2014)Google Scholar
  11. 11.
    Sokolowski, J.A., Banks, C.M.: Agent implementation for modeling insider threat. In: 2015 Winter Simulation Conference (WSC), pp. 266–275. IEEEGoogle Scholar
  12. 12.
    Sokolowski, J.A., Banks, C.M., Dover, T.J.: An agent-based approach to modeling insider threat. Comput. Math. Organ. Theory 22(3), 273–287 (2016)CrossRefGoogle Scholar
  13. 13.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations. DTIC Document (1973)Google Scholar
  14. 14.
    LaPadula, L.J., Bell, D.E.: MITRE technical report 2547, volume II. J. Comput. Secur. 4(2–3), 239–263 (1996)CrossRefGoogle Scholar
  15. 15.
    LaPadula, L.J., Bell, D.E.: Secure computer systems: a mathematical model. Technical report 25471996Google Scholar
  16. 16.
    Huselid, M.A.: The impact of human resource management practices on turnover, productivity, and corporate financial performance. Acad. Manag. J. 38(3), 635–672 (1995)Google Scholar
  17. 17.
    Guthrie, J.P.: High-involvement work practices, turnover, and productivity: evidence from New Zealand. Acad. Manag. J. 44(1), 180–190 (2001)MathSciNetGoogle Scholar
  18. 18.
    Wilensky, U.: “Netlogo, 1999,” Center for Connected Learning and Computer-Based Modeling. Northwestern University, Evanston, IL (2010)Google Scholar
  19. 19.
    Rescorla, R.A., Wagner, A.R.: A theory of Pavlovian conditioning: variations in the effectiveness of reinforcement and nonreinforcementGoogle Scholar
  20. 20.
    Willison, R., Warkentin, M.: Motivations for employee computer crime: understanding and addressing workplace disgruntlement through the application of organisational justice. In: Proceedings of the IFIP TC8 International Workshop on Information Systems Security Research. International Federation for Information Processing, pp. 127–144 (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Erika G. Ardiles Cruz
    • 1
    Email author
  • John A. Sokolowski
    • 2
  • Timothy Kroecker
    • 3
  • Sachin Shetty
    • 1
  1. 1.Old Dominion UniversityNorfolkUSA
  2. 2.Old Dominion UniversityNorfolkUSA
  3. 3.Airforce Research LaboratoryRomeUSA

Personalised recommendations