Timeline of the CERT Program’s Insider Threat Work

The CERT Program’s insider threat research began in 2000 and has continued to grow. In this section we present a brief timeline of the history of the CERT Program’s work in this area. Figure 1-5 summarizes the evolution of the body of work of the CERT Insider Threat Center.

Figure 1-5 CERT Insider Threat Center timeline

2000 Initial Research

The CERT Program’s original insider threat research was sponsored by the U.S. Department of Defense (DOD) in 2000, and focused on insider threats in the military services and defense agencies.

2001 Insider Threat Study

Our insider threat research ramped up the following year, in 2001, when the Secret Service National Threat Assessment Center (NTAC) and the CERT Program joined efforts to conduct a unique study of insider incidents, the Insider Threat Study (ITS). The Department of Homeland Security, Office of Science and Technology (DHS S&T) provided financial support for the completion of the study in 2003 and 2004. Four reports were produced as a result of that effort focusing on the banking and finance sector [Randazzo 2004], the information technology sector [Kowalski 2008a], the government sector [Kowalski 2008b], and the analysis of insider IT sabotage across all critical infrastructure sectors [Keeney 2005].