Insider Threats to IT Security of Critical Infrastructures

Part of the Studies in Big Data book series (SBD, volume 84)


The chapter provides an outlook to contemporary innovative methods for detecting internal threats to the information security of critical infrastructure objects, mitigating these threats, as well as preventing the leakage of sensitive information. Internal threats are unpredictable and pose a major challenge to traditional IT security measures. A specific emphasis is placed on the insider threats problem emerging due to: careless behaviour of insiders, vendors and contractors, cybersecurity policies, e-identity theft, and malicious users. Methods for detecting and protecting internal threats encompass user behaviour analysis, consumer behaviour analysis, risk assessment and profiling, analysis of information flow within the organisation, and definition of sensitive information. Some useful methods for protecting sensitive data through a holistic approach that covers data both inside and outside the organization are also presented. Consumer activity monitoring systems and Data Leak Prevention (DLP) data leakage monitoring systems are finally discussed in the context of practical handling of internal threats.


Critical infrastructure Security measures Internal threats Sensitive information Holistic approach Activity monitoring Data leak prevention 



The research is partially supported by the KoMEIN Project (Conceptual Modeling and Simulation of Internet of Things Ecosystems) funded by the Bulgarian National Science Foundation, Competition for Financial Support of Fundamental Research (2016) under the thematic priority: Mathematical Sciences and Informatics, contract № DN02/1/13.12.2016. Additional gratitude is also given to the National Scientific Program “Information and Communication Technologies for a Single Digital Market in Science, Education and Security (ICTinSES) 2018–2020”, financed by the Ministry of Education and Science, Republic of Bulgaria.


  1. 1.
    Zaballos, A., Jeun, I.: Best Practices for Critical Information Infrastructure Protection (CIIP). Inter-American Development Bank (IDB) and Korea Internet & Security Agency (KISA) (2016)Google Scholar
  2. 2.
    EU Directive 2008/114/EC: Identification and designation of European critical infrastructures (2008)Google Scholar
  3. 3.
    ISO (International Organization for Standardization): Information Technology—Security Techniques—Information Security Management Guidelines Based on ISO/IEC 27002 for Process Control Systems Specific to the Energy Utility Industry. ISO/IEC TR 27019:2013 (2013)Google Scholar
  4. 4.
    ITU (International Telecommunication Union): Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts. ITU Study Group Q.22/1, Geneva (2008)Google Scholar
  5. 5.
    Schmitt, M.N.: Tallinn Manual on the International Law Applicable to Cyber Warfare. Prepared for the NATO Cooperative Cyber Defense Center of Excellence. Cambridge University Press, Cambridge (2013)Google Scholar
  6. 6.
    USA Patriot Act. Public Law 107-56 (2001) [Online]. Available at: Accessed: Dec 2019
  7. 7.
    Ellinas, G., Panayiotou, C., Kyriakides, E., Polycarpou, M.: Critical infrastructure systems: basic principles of monitoring, control, and security. In: Kyriakides, E., Polycarpou, M. (eds.) Intelligent Monitoring, Control, and Security of Critical Infrastructure Systems. Studies in Computational Intelligence, vol. 565, pp. 1–30. Springer, Berlin (2015)Google Scholar
  8. 8.
    Rinaldi, S.: Modeling and simulating critical infrastructures and their interdependencies. In: Proceedings of the 37th International Conference on System Sciences 2004, pp. 1–8 (2004)Google Scholar
  9. 9.
    Rhodes-Ousley, M.: Information Security: The Complete Reference, 2nd edn. McGraw-Hill, New York (2013)Google Scholar
  10. 10.
    DeviceLock Web Page. Available at: Accessed: Dec 2019
  11. 11.
    Cososys Endpoint Protector. Available at: Accessed: Dec 2019
  12. 12.
    Hintzbergen, J., Hintzbergen, K., Smulders, A., Baars, H.: Foundations of Information Security Based on ISO27001 and ISO27002, 3rd edn. Van Haren Publishing (2010)Google Scholar
  13. 13.
    ISO 27001. Official Web Page. Available at: Accessed: Dec 2019
  14. 14.
    IT Governance Institute: COBIT Security Baseline: An Information Survival Kit, 2nd edn. IT Governance Institute (2007)Google Scholar
  15. 15.
    NIST Special Publications (800 Series). Available at: Accessed: Dec 2019
  16. 16.
    Gramm-Leach-Bliley Act (GLBA) resources. Available at: Accessed: Dec 2019
  17. 17.
    Anand, S.: Sarbanes-Oxley Guide for Finance and Information Technology Professionals. Wiley, Hoboken (2006)Google Scholar
  18. 18.
    Sarbanes-Oxley Act (SOX) Resources. Available at: Accessed: Dec 2019
  19. 19.
    Herold, R., Beaver, K.: The Practical Guide to HIPAA Privacy and Security Compliance, 2nd edn. Auerbach (2011)Google Scholar
  20. 20.
    PCI Security Standards. Available at: Accessed: Dec 2019
  21. 21.
    EU General Data Protection Regulation Official Page. Available at: Accessed: Dec 2019
  22. 22.
    ObserveIT Web Page. Available at: Accessed: Dec 2019
  23. 23.
    Dimitrov, W., Siarova, S., Petkova, L.: Types of dark data and hidden cybersecurity risks. Project Conceptual and Simulation Modeling of Ecosystems for the Internet of Things (CoMein) (2018).
  24. 24.
    Dimitrov, W.: Analysis of the need for cyber security components in the study of advanced technologies. In: INTED2020 Proceedings, 114th Annual International Technology, Education and Development Conference, INTED, 3–5 Mar 2020. ISBN: 978-84-09-17939-8. Available at: Accessed Mar 2020
  25. 25.
    Gaydarski, I., Minchev, Z.: Conceptual modelling of information security system and its validation through DLP systems. In: 9th International Conference on Business Information Security (BISEC-2017), 18th Oct 2017, pp. 36–40, Belgrade, Serbia (2017)Google Scholar
  26. 26.
    Gaydarski, I., Kutinchev, P.: Holistic approach to data protection—identifying the weak points in the organization. In: International Conference “Big Data, Knowledge and Control Systems Engineering” BdKCSE’2017, 7–8 Dec 2017, pp. 125–135, Sofia, Bulgaria (2017)Google Scholar
  27. 27.
    Gaidarski, I.: Challenges to Data Protection in Corporate Environment, 30 Mar–5 Apr 2018, Sofia–Borovets (2018). Available at: Accessed: Dec 2019
  28. 28.
    CYREX 2018 Web Page. Available at: Accessed: Dec 2019
  29. 29.
    Dimitrov, W.: Operational Cybersecurity, p. 122. Avangard Prima, Sofia (2019). ISBN 978-619-219-209-3Google Scholar
  30. 30.
    Polemi, N.: Port cybersecurity: securing critical information infrastructures and supply chains. Elsevier, Amsterdam (2017) ISBN: 9780128118184 Google Scholar

Copyright information

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2021

Authors and Affiliations

  1. 1.Institute of Information and Communication TechnologiesSofiaBulgaria

Personalised recommendations