Insider Threats in Critical Infrastructure Organizations – Discovery and Protection

Ivan Gaidarski1
1 Institute of Robotics “St. Ap. and Gospeller Matthew”, Bulgarian Academy of Sciences
2 Acad. Georgi Bonchev Str., Bl. 2, PO Box 79, 1113 Sofia, Bulgaria
ivangaidarski@ir.bas.bg
DOI: 10.46793/BISEC25.086G

 

ABSTRACT: In this article, we examine what constitutes critical infrastructure and the nature of internal threats to its information assets. We discuss innovative methods for detecting internal threats, measures to combat and mitigate them, and preventing the leakage of sensitive information. We examine the causes of internal threats – intentional actions or negligent behavior of employees with access to critical resources (insiders), as well as gaps in the organization’s IT security policies. Security measures include defining information sensitive to the organization, measures to detect internal threats, stop the leakage of sensitive information, analysis of user behavior, risk assessment and profiling, and analysis of information flows in the organization. We also present methods for protecting against leakage of sensitive data through a holistic approach that covers data both inside and outside the organization. We examine user activity monitoring systems and data leakage monitoring systems for data leakage prevention (DLP).

KEYWORDS: Critical Infrastructure, Insider, Threats, Data Leak Prevention, DLP

ACKNOWLEDGMENT: This work was supported by the NSP DS program, which has received funding from the Ministry of Education and Science of the Republic of Bulgaria under the grant agreement no. D01-74/19.05.2022.

REFERENCES:

  1. EU Directive 2008/114/EC, Identification and designation of European critical Infrastructures, 2008, Available online via https://eur-lex.europa.eu/eli/dir/2008/114/oj/eng, last accessed 2025/10/20
  2. USA Patriot Act, Public Law 107-56, 2001. Available online via http://epic.org/privacy/terrorism/hr3162.html. last accessed 2025/10/20
  3. Ellinas G., Panayiotou C., Kyriakides E., Polycarpou M., Critical Infrastructure Systems: Basic Principles of Monitoring, Control, and Security. In: Kyriakides E., Polycarpou M. (eds) Intelligent Monitoring, Control, and Security of Critical Infrastructure Systems. Studies in Computational Intelligence, vol 565. Springer, Berlin, Heidelberg, 2015
  4. Rinaldi, S.: Modeling and simulating critical infrastructures and their interdependencies. In: Proceedings of the 37th International Conference on System Sciences, 00(C):1–8 (2004), 2004
  5. Garcia Zaballos A., Jeun I., Best Practices for Critical Information Infrastructure Protection (CIIP), 2016. Inter-American Development Bank (IDB) and Korea Internet & Security Agency (KISA), 2016
  6. ISO (International Organization for Standardization). “Information Technology – Security Techniques – Information Security Management Guidelines Based on ISO/IEC 27002 for Process Control Systems Specific to the Energy Utility Industry.” ISO/IEC TR 27019:2013
  7. ITU (International Telecommunication Union). “Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts.” ITU Study Group Q.22/1. Geneva, 2008
  8. Schmitt, M. N., “Tallinn Manual on the International Law Applicable to Cyber Warfare.” Prepared for the NATO Cooperative Cyber Defense Center of Excellence, Cambridge University Press, 2013
  9. Polemi N., “Port Cybersecurity: Securing Critical Information Infrastructures and Supply Chains”, Elsevier, ISBN: 9780128118184, 2017
  10. Rhodes-Ousley,Mark. Information Security The Complete Reference, 2nd Edition, The McGraw-Hill, 2013
  11. Hintzbergen, Jule, Kees Hintzbergen. Foundations of Information Security Based on ISO27001 and ISO27002. Van Haren, 2010
  12. ISO 27001 official page: https://www.iso.org/isoiec-27001-information-security.html, last accessed 2025/10/20
  13. IT Governance Institute. COBIT Security Baseline: An Information Survival Kit. 2nd ed. IT Governance Institute, 2007
  14. NIST Special Publications (800Series): Available online via https://csrc.nist.gov/publications/sp800, last accessed 2025/10/20
  15. Gramm-Leach-Bliley Act (GLBA): Available online via https://www.ftc.gov/businessguidance/privacy-security/gramm-leach-bliley-act, last accessed 2025/10/20
  16. Anand, Sanjay. Sarbanes-Oxley Guide for Finance and Information Technology Professionals. Wiley, 2006
  17. Sarbanes-Oxley Act SOX: Available online via https://www.sarbanes-oxley-act.com, last accessed 2025/10/20
  18. Beaver, Kevin, and Rebecca Herold. The Practical Guide to HIPAA Privacy and Security Compliance. 2nd ed. Auerbach, 2011
  19. PCI Security Standard: https://www.pcisecuritystandards.org/standards/pci-dss/, last accessed 2025/10/20
  20. EU General Data Protection Regulation: Available online via https://eurlex. europa.eu/eli/reg/2016/679/oj/eng, last accessed 2025/10/20
  21. Gaydarski I, Minchev Z., (2017) Conceptual modelling of information security system аnd its validation through DLP systems, 9th International Conference on Business Information Security (BISEC-2017), 18th October 2017, Belgrade, Serbia
  22. Gaydarski I, Kutinchev P, Andreev R, Holistic approach to data protection – identifying the weak points in the organization, International Conference “Big Data, Knowledge and Control Systems Engineering” BdKCSE’2017, 6th December 2017, Sofia, Bulgaria
  23. Proofpoint Insider Threat Management, https://www.proofpoint.com/au/observeit-isnow-proofpoint, last accessed 2025/10/20
  24. Acronis Device Lock DLP: https://www.acronis.com/en/support/protect/dlp/, last accessed 2025/10/20
  25. Netwrix Data Loss Prevention: https://netwrix.com/en/products/endpoint-protector/, last accessed 2025/10/20
  26. CYREX 2018: https://securedfuture21.org/cyrex_2018/cyrex_2018.html, last accessed 2025/10/20
  27. Vicarius: https://www.vicarius.io, last accessed 2025/10/20
  28. Dimitrov W., ICT Security Trends. Cyber Security. Avangard Prima, Sofia, 200 p. 2017, ISBN 978-619-160-766-2.
  29. Dimitrov W., ICT Security Model. Cyber Security, Avangard Prima, Sofia. 2018, ISBN 978-619-160-950-5.
  30. AT&T Cybersecurity https://cybersecurity.att.com, last accessed 2025/10/20
  31. Fortra/ Digital Guardian DLP https://digitalguardian.com/, last accessed 2025/10/20
  32. Trelllix https://www.trellix.com/en-gb/, last accessed 2025/10/20
  33. Novakova Nedeltcheva G., Dimitrov W., Security dynamics – adaptation of ict infrastructure to cloud computing – threats and opportunities. International Scientific Journal Industry 4.0, 2:17–20, 2017.
  34. Novakova Nedeltcheva G., Dimitrov W.. Security dynamics – adaptation of ict infrastructure to cloud computing – threads and opportunities. 2nd Intern. Conference High Technologies, Business, Society (HTBS) – 2017. Borovets, Bulgaria, 13-16 March 2017., 2017.
  35. Dimitrov W., Dark data governance reduces security risks. BdKCSE’2016 – Big Data, Knowledge and Control Systems Engineering, 2016, December.

 

IZVOR: Proceedings of the 16th International Conference on Business Information Security BISEC’2025