Appendix C
Meeting Agenda
CYBER -S ECURITY AND THE INSIDER THREAT TO CLASSIFIED INFORMATION
A PLANNING MEETING
NOVEMBER 1–2, 2000
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
NATIONAL RESEARCH COUNCIL
2001 WISCONSIN AVENUE, NW
GREEN BUILDING, ROOM 118
WASHINGTON, D.C.
Scope and Purpose:
The purpose of this exploratory meeting is to determine an appropriate role for the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) in examining information technologies (and related policy) to cope with “insider” threats to the cyber-security of classified information. Participants will examine the following inter-related topics: i) Are there issues with respect to the insider threat to classified systems that an NRC study could help address? If so, what are those issues? ii) How could CSTB help to identify and explicate a research agenda for information security technologies and associated policies and practices that are directed against the insider threat? iii) What would be the utility and impact of a CSTB study in this area?
If it is decided that a CSTB study would be useful, meeting participants will generate a set of questions that such a study should address. CSTB will subsequently develop a study proposal based on these questions. Sample questions/issues that such a study might address are included below to jump-start the discussion. Participants should feel free to disregard, expand upon, or otherwise change these sample questions. The goal is not to flesh out answers to these questions in detail, but to explore the surrounding issues enough to examine the nature and extent of the problem and to determine whether further investigation by an NRC-convened committee would be fruitful.
-
What is an appropriate long-term technical research agenda that will address the issue of insider threat mitigation?
-
What is the ‘right’ balance between technology and other strategies when attempting to prevent, detect, and respond to insider problems?
-
Are there substantive distinctions between insider threats to classified and to unclassified systems and, if so, do such differences lend themselves to different technological strategies and/or policies?
For each of the interactive panels below, the panelists will each speak for 5–8 minutes to initiate discussion and the rest of the time will be spent in a roundtable discussion.
|
Wednesday November 1, 2000 |
3:30–4:00pm |
Welcome and overview of the NRC and CSTB Anita Jones, University of Virginia |
4:00–5:30 |
Panel: The Psychological and Social Aspects of the Insider Threat Michael Caloyannides, Mitretek Systems, Inc., [facilitator] Bradley Wood, SRI International David Keene, Defense Information Systems Agency What are the psychological models of the insider? In what ways does the threat manifest itself for different types of insiders (e.g., disgruntled employees, blackmailed insiders, “sleepers”, unwitting accomplices, etc.)? Are there psychological and social issues that are more prevalent in military settings than in corporate settings? Does this change the nature of the strategies used against the insider threat? What policies and practices can actually be implemented that will help to cope effectively with the insider threat? Etc. |
5:30–7:00 |
Dinner with after dinner speaker, Green Building, Room 126 A Management Framework for Security Ron Knecht, Science Applications International Corporation |
|
Thursday November 2, 2000 |
8:00–8:30am |
Breakfast |
8:30–10:00 |
Panel: State of the Practice—Technology Carl Landwehr, Mitretek Systems, Inc., [facilitator] Nicholas Trio, IBM T.J.Watson Research Center James Anderson, Consultant |
What is the current state of the practice in terms of technological strategies to mitigate the insider threat? What technologies seem most effective? Which technologies are most commonly employed? Are these the most useful? Etc. |
|
10:00–10:15 |
Break |
10:15–11:45 |
Panel: Emerging Capabilities and Future Research Karl Levitt, University of California, Davis [facilitator] Earl Boebert, Sandia National Laboratories Gary Mcgraw, Cigital Terry Benzel, Network Associates What are the open research questions with respect to the insider threat? Are there new technologies on the horizon that seem likely to be effective? What are the most vexing open problems, and why? Etc. |
11:45–12:45 |
Lunch—Case Studies: Legal Aspects of the Insider Threat to Information Systems Michael Woods, Federal Bureau of Investigation |
12:45–1:15 |
Classified, Open, and Sensitive Systems Richard Brackney, National Security Agency |
1:15–1.45 |
Related NRC/CSTB Work: Topics for and Elements of a CSTB Project with Examples Marjory Blumenthal, Computer Science and Telecommunications Board |
1:45–2:00 |
Break |
2:00–4:00 |
Roundtable discussion of what NRC/CSTB could do in this arena Anita Jones [facilitator] What are the major issues? What obstacles stand in the way of addressing them? Are there issues for which a consensus does not seem to have been reached in the community? Who is interested in addressing them? What benefits would be derived from solving them? Is a CSTB/NRC project on this subject warranted? If so, what questions should define the charge of the project? What parties might be interested in supporting such a project? |
4:00 |
Adjourn |