National Infrastructure Advisory Council's Final Report and Recommendations on the Insider Threat to Critical Infrastructures [open pdf - 387KB]
The National Infrastructure Advisory Council's primary goal with this document "was to address the assigned tasks and develop policy recommendations for the President and DHS in an effort to improve the security posture of our Nation's critical infrastructures. The NIAC also sought to leverage its findings to increase understanding of the insider threat and help CIKR operators mitigate insider threats. Insider threats exist for all organizations. Essentially, this threat lies in the potential that a trusted employee may betray their obligations and allegiances to their employer and conduct sabotage or espionage against them. Insider betrayals include a broad range of actions, from secretive acts of theft or subtle forms of sabotage to more aggressive and overt forms of vengeance, sabotage, and even workplace violence. The threat posed by insiders is one most owner-operators neither understand nor appreciate, and it is a term that is commonly used to refer to IT network use violations. This often leads to further confusion about the nature and seriousness of the threat. This misunderstanding or underestimation relates, in part, to the stigma that an act of insider betrayal carries with it-a stigma that can cause customers, partners, and shareholders to lose trust in an organization. This loss of trust can translate into lost business, revenue, and value. As a result, CIKR owner and operators often handle these types of events discretely and away from public view. This common practice has impeded the understanding of the threat and the efforts to address it, exacerbating the existing risk."
National Infrastructure Advisory Council: http://www.dhs.gov/xprevprot/committees/editorial_0353.shtm