SaTC: CORE: Small: Thwarting the Malicious Insider Evolution Process: The Theory of Strained Betrayal

SaTC：核心：小：阻止恶意内部进化过程：紧张背叛理论

• 批准号: 1912874
• 负责人: Sanjay Goel
• 金额: $ 29.77万
• 依托单位: SUNY at Albany
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1912874&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Thwarting; Malicious

Data thefts by malicious insiders are a major threat to national security, as demonstrated by several recent high-profile data breaches attributed to government employees. Often, these breaches occur because loyal employees accumulate strain or become disgruntled due to a variety of psychological stressors such as social injustice, personal injustice, harassment, and overwork. Employees who reach a critical level of strain and who are unable to change their situation may develop negative feelings that can eventually lead to malicious behavior such as data theft. The Theory of Strained Betrayal, proposed by the project team, formalizes a model of this process of a loyal employee transforming into a malicious one that captures the dynamics of job strain manifestation and its culmination in malicious insider activity. This project's goal is to further develop both the theory and potential interventions to reduce employee strain, with the goal of both better understanding and ultimately reducing insider threat behavior. This project investigates insider threat activity in the context of situational factors that cause job strain in the employee who may then resort to malicious activity to reduce that strain, as described by the Theory of Strained Betrayal. In particular, the theory details the Insider Threat Kill Chain, which articulates two defining stages of the process: (1) the trigger point, when an employee is unable to find legitimate avenues for strain reduction and begins to seek opportunities for malicious activity such as data theft or sabotage; and (2) the tipping point, when the employee finds such an opportunity and conducts a malicious activity. Further, the theory posits that strain in individuals is moderated by dispositional factors and influenced by the individual's locus of control, culminating in malicious intentions and behaviors. To refine the theory, the research team will conduct a series of experimental studies designed to induce strain and measure people's willingness to exfiltrate insider data as a function of the amount of strain induced and any methods they have to release the strain, along with the dispositional factors described above. The team will also develop emotion-focused and problem-focused interventions aimed at disrupting the manifestation of malicious behavior originating from strain.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

恶意内部人员窃取数据是对国家安全的重大威胁，最近几起由政府雇员造成的备受瞩目的数据泄露事件就证明了这一点。通常，这些违规行为的发生是因为忠诚的员工因社会不公正、个人不公正、骚扰和过度工作等各种心理压力而积累压力或变得不满。压力达到临界水平且无法改变现状的员工可能会产生负面情绪，最终导致数据盗窃等恶意行为。项目团队提出的“紧张背叛理论”正式提出了一个忠诚员工转变为恶意员工这一过程的模型，该模型捕捉到了工作紧张表现的动态及其在恶意内部活动中的顶峰。该项目的目标是进一步发展理论和潜在的干预措施，以减轻员工的压力，以更好地理解并最终减少内部威胁行为。该项目在导致员工工作压力的情境因素的背景下调查内部威胁活动，然后员工可能会采取恶意活动来减轻压力，正如紧张背叛理论所描述的那样。该理论特别详细介绍了内部威胁杀伤链，它阐明了该过程的两个定义阶段：（1）触发点，即员工无法找到减少压力的合法途径，并开始寻找进行数据盗窃或破坏等恶意活动的机会； (2) 临界点，即员工发现此类机会并进行恶意活动时。此外，该理论认为，个人的压力会受到性格因素的调节，并受到个人控制点的影响，最终导致恶意的意图和行为。为了完善这一理论，研究小组将进行一系列实验研究，旨在诱发压力，并根据诱发的压力量、释放压力的方法以及上述性格因素来衡量人们泄露内部数据的意愿。该团队还将开发以情感为中心和以问题为中心的干预措施，旨在破坏源自压力的恶意行为的表现。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。