Mitigating Insider Threats Within U.S. Critical Infrastructure

The National Counterintelligence and Security Center of the Office of the Director of National Intelligence has released Insider Threat Mitigation for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence PerspectiveThis document highlights the importance of mitigating insider threats within U.S. critical infrastructure entities to meet the expanding nature of threats from foreign state and non-state actors. The National Insider Threat Task Force (NITTF) has produced standards to assist organizations in building an effective insider threat program. The model is focused on human behaviors and seeks to identify irregular behavior before significant damage occurs to the organization. “Improving ways to mitigate such threats is in the national interest and in the interests of individual organizations.”

Because critical infrastructure entities have become more reliant on Information and Communications Technologies (ICT), an important tool has been developed to deter and detect insider threats. User Activity Monitoring (UAM) observes and records activities of individuals and flags anomalous behavior. UAM differs from traditional cybersecurity tools by not focusing on information flowing out of an organization, but observing human behavior where it occurs. Foreign adversaries often target insiders within organizations they seek to exploit. Although this technology is a potent tool, the most effective “sensors” for insider threats are managers and other employees observing behaviors in the real world.

Threat awareness is the first step to successful mitigation. Industry and government must share a sense of organizational citizenship and become a shared responsibility among employees — assuming they are willing and trusted to communicate their concerns.

Understanding the ways in which insider threats can wreak havoc on organizational reputations, bottom lines, intellectual property, public safety, workplace safety, and U.S. national and economic security are crucial for success in this realm.


For more information, check out Featured Topics on Cyber Crime & National Security and Cyber Infrastructure Protection. Please note an HSDL login is required to view some of these resources.

Need help finding something? Ask one of our librarians for assistance!