USING AN IDENTITY AND ACCESS MANAGEMENT SYSTEM AND SYSTEM DYNAMICS MODELING TO DETECT POSSIBLE INSIDER THREATS Open Access
Downloadable ContentDownload PDF
The difficulty of detecting insider threats before catastrophic events can occur continues to plague many industries, and the aviation industry is under particular pressure to detect possible infiltration by terrorists and their sympathizers posing as legitimate workers. Insider threats were thought to be isolated to corporate infrastructures, with malicious activities confined to the deletion of corporate data or stealing corporate or trade secrets. However, the recent malicious destruction of critical infrastructure and communications in the Federal Aviation Administration’s National Airspace System, Air Route Traffic Control Center, by a single authorized and properly credentialed individual has revealed the risk that insider threats pose. Insider threats evolve over time and can take weeks and sometimes months or years of planning, either by a lone individual or a group. Historically, the focus of aviation security has been cargo security after the Pan Am 103 bombing in 1988 in which explosives were placed in a suitcase. The focus was then switched to passengers, in the wake of the events of September 11, 2001. Only recently has the passenger focus been enhanced to include aviation workers in threat scenarios. In this dissertation, I outline a method to incorporate system dynamics in Identity and Access Management Systems designs to detect the possibility of insider threat. The research results show that when specific policy-based rules were applied to the access control system and forensics were applied to the resulting data, it was possible to detect unusual behaviors that would have otherwise gone undetected. The practical implications of this research would allow development of an operational framework whereby access control data could be analyzed in real time to detect and suggest insider threat signatures.