Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: http://uscgproceedings.epubxp.com/i/436751
78 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings Examples of Insider Threats The careless insider: This is the most common type of insider threat. They are typically negligent, non-supervisory crew members who can cause a breach of operational information, administra- tive information, or personnel security data. They can cause harm or damage unintentionally, through carelessness or unthinking actions. Careless insiders usually have no real incentive to violate ship or operational security; they are just negligent. Regardless, they can be a real threat to operations. The naive insider: This describes a person who is vulnerable to being duped — often via social engineering, personal contacts, or other means — to disclose operational, personal, or sensi- tive information. They don't recognize the risk of revealing information to malicious parties and are particularly vulnerable to approaches by online hackers, foreign intelligence entities, international terrorists, drug cartels, and other criminal elements. The s ab o te ur : Clearly malicious insiders, saboteurs are personnel who attempt to harm the ship or shipmates for their own personal reasons or special causes that they feel so strong about that they will turn against the organization and its mission. They are often disgruntled, angry, or are subverted by loyalty to special causes such as environmental or political issues. Regardless of their motivations, they are a signifcant threat to the Coast Guard, its assets, and fellow personnel. Fortunately, these kinds of insiders are not widely present. The disloyal insider: One of the most harmful insiders over time, the disloyal insider includes personnel who have decided, for various reasons, to provide operational information or classifed or sensitive information to foreign intel- ligence entities, international terrorist organizations, drug cartels, or other organizations seeking to damage the unit or compromise operational missions. This damage is often not limited to the unit or ship; it can afect the entire Coast Guard, or even the United States. This category includes the spy who decides to commit espio- nage by providing classifed informa- tion for personal gain or ideological reasons to unauthorized elements. Th e ac t i ve s h o o te r i ns i d e r : An extremely dangerous insider, active shooters seem to be on the increase, due to media attention, copy-cats, or other troubling trends. These violent insiders usually have legitimate access to your ship or organization, and have made the decision to hurt or kill as many personnel as possible for their own reasons. These personnel are usually mentally unbalanced but, unfortu- nately, remain well-organized, moti- vated, and extremely violent. USCG leaders must have a well-prepared, aggressively exercised action plan for dealing with an active shooter on a ship or in a facility. This includes defensive actions for unarmed personnel (shelter in place), proper emergency response actions (armed), and constant drilling of a response plan for all members of a crew or organization. The moonlighter: Less present in the USCG environment, the moonlighter is someone who steals USCG or opera- tional information and uses it for their second occupation. This usually means their second job can beneft from inside information about the organization. Such information could include a ship's current mission, targets, location, or capabilities. These types use whatever information they have access to as a means of generating money or favors in return. Although they may see this type of information leaking as harm- less, they have no clear idea who the real end-users or benefciaries of their sensitive information may be — drug cartels, smugglers, poachers, interna- tional terrorists, and such. This category can also include individuals who seek or use inside information for monetary beneft — swinging contracts for kick- backs, providing contract sensitive data to contractors for money, selling USCG material or supplies for personal gain, and such. The hacker: This category covers USCG personnel who, for various reasons, including ego, will tr y to access restricted information and databases associated with Coast Guard opera- tional or intelligence activities. These personnel may try to get others to provide passwords, digital identifca- tions, and items that help them access information to which they are not authorized. Some hackers see this as a game. Some may have superiority complexes of such a nature that they are drawn to the challenge of defeating security or access controls. The leaker: Recently seen in the news, these insiders steal Coast Guard clas- sifed or sensitive data and provide it to the mass media or WikiLeaks-like websites. These insiders can compro- mise USCG classified information or disclose sensitive operational plans and activities. Many of these insiders have political or ideological leanings that drive them to make sensitive USCG operations or capabilities public. Kaspersk y Labs, Recognizing dif ferent t ypes of insiders, Securelist, http://securelist.com/ threats/recognizing-diferent-types-of-insiders/, (2014).