Cybersecurity challanges for critical infrastructure protection
In today’s world in the process the various enterprises there are cases when some employees (later on obtained an insider name) under the influence of various factors (external and internal) are beginning to produce different information to recipients outside the confidential nature (e.g., commercial, personal, corporate, etc.).
To date, the existing approaches for identifying insider activity (or insiders), such as psychological, technical, physical (searching) are not effective because they apply upon fulfillment of the incident (leakage, distortion, substitution, etc.), besides these measures (actions, events) do not allow to predict or to prevent these similar incidents (leakages of information) in the early stages of insider activities.
Therefore, the problem of insider detection for the modern enterprises and their activity and financial position may be considered of one the most important task that are required to be undertaken. Because, for the author’s opinion (on base of Geyets (2006) interpretation of the Pareto principle), a leakage of 20% of commercial secrets of enterprise in 80% of cases leads to collapse of this enterprise.
The many enterprises learned how to be on the defensive from external threats (cyber-attacks, intrusions, viruses etc.) but before internal threats (the insiders); many enterprises maybe considered defenseless!
1. Methods of the detection insiders as a part of system of corporate security based on cartography analysis
Definition 1: An Insider is a fellow, whose work varies in time under the influence of external, internal, and individual causes (Kavun, Sorbat and Kalashnikov, 2009). This work reflects a readiness of this fellow for actions. In addition, the socio-cultural environment of this fellow can be regarded as a violation of existing standards (disclosure of information with restricted access) and traditions (not doing the job, it is the second distinction).
Definition 2: Insider Information is substantial undisclosed Public Service Information (PSI) for the enterprise (Kurkin, 2004; Kavun and Sorbat, 2009). This information if disclosed could lead to the loss of competitiveness of the company or into its collapse (it’s the first distinction from other definitions). Employees who have this information are typically the system’s administrators or the owners. Employees who received this information have called insiders. All these processes refer to the sphere of economic and information security (Kavun, 2012).
In the course of its commercial activities, various organizations are subject to economic crime, negligence of employees, which leads them to financial, physical, temporal, economic and other kinds of losses. Such activities of the staff are called insider ones. The problem of insider’s detection was been considered in the report of Computer Security Institute in 2007 (Kavun, 2008). From year 2011 (INFECO, 2012), this problem has stated as being in first place in world among all set of threats and vulnerabilities. Thus, the problem of insider’s detection and defense preceded the problem of virus’s defense. Especially susceptible to insider attacks are the enterprises of bank and those associated with the financial sector. Insider attacks have a very high level of latency (concealment) and the lowest level of detection. Nevertheless, these methods have provided as only preventing the consequences of insider attacks, and are not providing for the detection of insiders within the enterprise.
These concepts are part of the categorical system fields of information and corporate security. The well-known experts and scholars in this area are Ponomarenko, Klebanova and Chernov (2004); Oleynikov (1997); Kurkin (2004); Messmer (2008); Campbell, Gordon, Loeb and Zhou, (2003); Yazar (2002), and Shkarlet (2007). Their works have demonstrated a systematic approach to address threats to information and economic security, but most of these studies relate to external threats.
Since the unauthorized information access within an enterprise by insider activity brings financial losses, there is a need to address the urgent task of preventing or identifying an insider or a group of insiders (the insider trading activity). Also in their works have been investigated questions of a systematic approach to eliminate the threats information and economic security, but most of these researches are based on the technical and technological aspects, which eliminates the possibility of identifying at early stages of insiders and prevent the loss of assets. No completely unresolved question of internal threats, which is also a consequence of the issue of detection (detection) insiders.
Purpose of work is show the possibility of formalizing task of identifying insiders (insider activity) in the company based on the authors developed a new modified criteria method and cartographic analysis.
This type of analysis allows will visually estimate the current state of the activity of the employee, will determine the allowable ranges exceeding boundary values, will look the trends of activity for a given period, and will take appropriate counter-measures to prevent any loss (Kavun and Sorbat, 2012).