The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures

  • Andrew P. Moore
  • Dawn M. Cappelli
  • Randall F. Trzeciak
Part of the Advances in Information Security book series (ADIS, volume 39)


A study conducted by the U.S. Secret Service and the Carnegie Mellon University Software Engineering Institute CERT Program analyzed 150 insider cyber crimes across U.S. critical infrastructure sectors. Follow-up work by CERT involved detailed group modeling and analysis of 54 cases of insider IT sabotage out of the 150 total cases. Insider IT sabotage includes incidents in which the insider’s primary goal was to sabotage some aspect of the organization or direct specific harm toward an individual. This paper describes seven general observations about insider IT sabotage based on our empirical data and study findings. We describe a System Dynamics model of the insider IT sabotage problem that elaborates complex interactions in the domain and unintended consequences of organizational policies, practices, technology, and culture on insider behavior. We describe the structure of an education and awareness workshop on insider IT sabotage that incorporates the previously mentioned artifacts as well as an interactive instructional case.


System Dynamics Model Critical Infrastructure Access Path Inside Attack Unmet Expectation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Anderson, D.F.; Cappelli, D.M.; Gonzalez, J.J.; Mojtahedzadeh, M.; Moore, A.P.; Rich, E.; Sarriegui, J.M.; Shimeall, T.J.; Stanton, J.M.; Weaver, E.; and Zagonel, A. 2004. Preliminary System Dynamics Maps of the Insider Cyber-Threat Problem. Proceedings of the 22nd International Conference of the System Dynamics Society, July 2004. Available at Scholar
  2. [2]
    Band, S.R.; Cappelli, D. M.; Fischer, L.F.; Moore, A. P.; Shaw, E.D.; and Trzeciak, R.F 2006. “Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis” Software Engineering Institute Technical Report CMU/SEI-2006-TR-026, Carnegie Mellon University, December 2006. Scholar
  3. [3]
    Cappelli, D. M.; Desai, A. G.; Moore, A. P.; Shimeall, T. J.; Weaver, E. A.; and Willke, B. J. 2006a. “Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks”. Proceedings of the 24th International System Dynamics Conference. Nijmegen, Netherlands, July 2006. Scholar
  4. [4]
    Cappelli, D.M.; Moore, A.P.; Shimeall, T.J.; and Trzeciak, R.J. 2006b. “Common Sense Guide to Prevention and Detection of Insider Threats: Version 2.1,” Report of Carnegie Mellon University, CyLab, and the Internet Security Alliance, July 2006 (update of the April 2005 Version 1.0). 070118.pdfGoogle Scholar
  5. [5]
    Keeney, M.M.; Kowalski, E.F.; Cappelli, D.M.; Moore, A.P.; Shimeall, T.J.; and Rogers, S.N. 2005. Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Joint SEI and U.S. Secret Service Report, May 2005. Available at Scholar
  6. [6]
    Meadows, D. L.; Behrens, W. W.; Meadows D. H.; Naill, R. F.; Randers, J.; and Zahn, E. K. O. 1974. Dynamics of Growth in a Finite World. Cambridge, MA: Wright-Allen Press, Inc..Google Scholar
  7. [7]
    Melara, C.; Sarriegui, J.M.; Gonzalez, J.J.; Sawicka, A.; and Cooke, D.L. 2003. A System Dynamics Model of an Insider Attack on an Information System. Proceedings of the 21st International Conference of the System Dynamics Society July 20-24, New York, NY, USA.Google Scholar
  8. [8]
    Moore, A.P.; Joseph, H.G.; Trzeciak, R.F.; Cappelli, D.M. 2007. Instructional Case of Insider IT Sabotage: An Instructor’s Manual, in preparation.Google Scholar
  9. [9]
    Naumes, W.; and Naumes, M.J. 1999. The Art & Craft of Case Writing. Thousand Oaks, California: SAGE Publications.Google Scholar
  10. [10]
    Rich, E.; Martinez-Moyano, I.J.; Conrad, S.; Cappelli, D.M.; Moore, A.P.; Shimeall, T.J.; Andersen, D.F.; Gonzalez, J.J.; Ellison, R.J.; Lipson, H.F.; Mundie, D.A.; Sarriegui, J.M.; Sawicka, A.; Stewart, T.R.; Torres, J.M.; Weaver, E.A.; and Wiik, J. 2005. Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model. Proceedings of the 23rd International Conference of the System Dynamics Society, July 2005.Google Scholar
  11. [11]
    Sterman, J.D. 2000. Business Dynamics: Systems Thinking and Modeling for a Complex World. New York, NY: McGraw-Hill.Google Scholar
  12. [12]
    Yin, R.K. (2003). Case Study Research (3 ed.) Thousand Oaks: Sage Publications.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Andrew P. Moore
    • 1
  • Dawn M. Cappelli
    • 1
  • Randall F. Trzeciak
    • 1
  1. 1.CERT®1Software Engineering Institute and CyLab at Carnegie Mellon UniversityPA 15213-3890

Personalised recommendations