Insider Threat Mitigation for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence Perspective [open pdf - 1MB]
From the Overview: "The National Counterintelligence Strategy of the United States of America, 2020-2022 highlights the expanding and evolving nature of threats to U.S. critical infrastructure organizations from foreign state and non-state actors. Foreign adversaries are no longer simply targeting the U.S. government, as was often the case during the Cold War, but today are using their sophisticated intelligence capabilities against a much broader set of targets, including U.S. critical infrastructure and other private sector and academic entities. These U.S. industry and academic organizations are now squarely in the geopolitical battlespace. The intent of this report is to raise awareness of the human threat to critical infrastructure, provide information on how to incorporate this threat vector into organizational risk management, and offer best practices on how to mitigate insider threats. This report complements existing NITTF [National Insider Threat Task Force] guidance by offering an expanded discussion of how critical infrastructure entities can use insider threat programs that focus on human behaviors to address key vulnerabilities and prevent them from being exploited by adversaries."
Office of the Director of National Intelligence: https://www.dni.gov/