INSIDER

The H2020 Euratom European project INSIDER (Improved Nuclear Site Characterization for waste minimization in decommissioning under constrained environment) was launched in June 2017 for a duration of 4 years; it currently includes 17 partners from 10 European countries. The project is focused onto radiological characterization applied to waste-driven integrated approaches, including the sampling overall strategy and design. Its objectives are to improve the management of waste with medium (MA) and high radioactivity (HA) levels coming from nuclear sites or facilities under D&D (Decommissioning and dismantling) and/or other constrained environments. The optimization criteria refer to operational decommissioning efficiency, safety and costs. The outcome of the project will increase knowledge on the amounts and characteristics of radioactive waste resulting from D&D and increase confidence on the sound definition of subsequent storage and disposal end points. INSIDER is thus mainly focused on the issues of precharacterization upstream of decommissioning operations. The methodology is based on advanced statistical processing and modelling, coupled with validated measurement techniques and methods, in situ or in laboratory, with a final objective of economic gains, and improved safety and sustainability. The technical approach of the project is on one hand to develop different sampling strategies, coupled with characterization methods whose performances are known in representative situations, and on the other hand to qualify the contribution of this approach toand validate its effectiveness in real situations on 3 concrete case studies representing typical configurations of decommissioning worksites: – Nuclear reactor: BR3 reactor vessel at Mol (SCK-CEN); – Installation of the fuel/waste cycle: effluent tanks at ISPRA (JRC); – Post-incident management: contaminated soils (CEA).


Introduction to the insider threat problem
Despite the high impact of insider attacks, findings show that many organizations have no insider threat program in place, and most programs that do exist have serious deficiencies (INSA 2013). Mandates for U.S. Government organizations and their contractors to build such programs attest to their importance (Office of the Press Secretary 2011), but determining how insider threat countermeasures reduce organizational risk is difficult to ascertain (U.S. GAO 2015).
Negative unintended consequences of controls have the potential to exacerbate rather than mitigate the problem (Moore et al. 2015a, b). Furthermore, the tendency of organizations to view insider threats as a technology problem, and the stovepiped nature of their processes, has made it difficult for them to deal effectively with the socio-technical nature of the problem (INSA 2013).
The purpose of this Special Issue is to demonstrate the potential for modeling and simulation science to not only help understand the nature of the insider threat problem better, but also to help test the efficacy of mitigation controls in a safe and convenient virtual environment.

Definitions
Insider threat definitions include everything from malicious to unintentional and from non-violent to violent actions by trusted insiders. Shaw et al. (2009) broadly define ''insider threat'' as Any activity by military, government, or private company employees whose actions or inactions, by intent or negligence, result (or could result) in the loss of critical information or valued assets.
The above definition does not include former employees and does not give different definitions that distinguish malicious insiders from unintentional insiders. There are two types of insider threats addressed in this Special Issue: malicious insider threats and unintentional, accidental, or inadvertent threats.
First, malicious insider threats that target information or information systems are defined by (Cappelli et al. 2012) as follows: A malicious insider threat is a current or former employee, contractor, or business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.
Second, unintentional, accidental or inadvertent insider threats are defined by the CERT Insider Threat Team (2013) as follows: An unintentional insider threat is (1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization's network, system, or data and who, (3) through action or inaction without malicious intent, (4) causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of the organization's information or information systems.

Existing research
The insider threat problem is associated with an area of research that has been primarily initiated and funded by the U.S. government over the past two decades and has not had a strong emphasis in academia. Two of the largest U.S. government efforts specifically focused on insider threat are In addition, there exist publications on various insider crimes ranging from sabotage to theft, fraud, and espionage. For an overview of the research on insider theft, sabotage, and fraud, consult Cappelli et al. (2012). For a starting point in understanding insider espionage, see Herbig (2008). Another reference to consult for an introduction to espionage research is a book ''Citizen Espionage'' edited by Sarbin et al. (1994), which presents a wide array of information on spying and includes a discussion of models of espionage which account for person-specific variables (''P'' models) and situational variables (''S'' models).
Traditional insider threat research has suffered from two problems: 1. The data are limited due to the low base rates of most of the insider threat crimes. Related to this problem is the reluctance of private companies and governments to share this information with researchers. 2. Once researchers get their hands on the data, they do not typically collect data from matched control subjects from the ''assumed good'' population or other potential comparison groups. Thus, the validity of conclusions about the offending insider are limited in nature.
Introduction to the special issue on insider threat modeling… 263 These problems can be addressed through modeling and simulation approaches. For problem #1-lack of data due to low base rates-modeling and simulation approaches can be used to generate synthetic data to consider when testing hypotheses. For problem #2-lack of comparison groups-modeling and simulation approaches can build in control and/or other comparison groups.
Modeling and simulation have been successfully used to address a number of security issues, particularly as they play out in organizational settings e.g., (Cohen 1999;Gupta et al. 2006;Liu et al. 2003). Further, there has been some attention to modeling insider threat e.g., (Duran et al. 2009;Kandias et al. 2010;Martinez-Moyano et al. 2008;Moore et al. 2015a, b). These efforts show the value of this approach, and that there are a number of modeling technologies that can support reasoning about security risks in organizational settings.

Purpose of this special issue
Given the problems associated with insider threat research, a question was posed whether modeling and simulation approaches could be used to help understand and mitigate insider threats. More specifically, how can modeling and simulation be utilized to generate useful synthetic insider threat data and to analyze underlying assumptions of traditional research in this area? Further, how can modeling and simulation be utilized alone and/or combined with other approaches, to help understand and mitigate insider threats?
These ideas were explored in an invitational meeting called ''The Insider Threat Modeling and Simulation Research Meeting'' sponsored by the Software Engineering Institute. This Special Issue of the Computational and Mathematical Organization Theory journal arose out of this meeting to show how the different approaches to modeling and simulation help understand the insider threat problem. The meeting objective was to understand and explain three things: 1. the role of modeling and simulation to better understand insider threat related problems and mitigation 2. how different modeling and simulation methods can be used individually and in combination 3. the role modeling and simulation methods can play toward building a scientific discipline of insider threat.
While research challenges and questions were emphasized over detailed implementation of solutions, the workshop participants made some intriguing progress on insider threat models using five methods: agent-based modeling (ABM), Bayesian belief networks (BBN), game theory (GT), system dynamics (SD), and network analysis (NA).
As we describe in the next section, these methods do not and were not meant to cover the entire space of modeling and simulation approaches that could be applied to insider threats; that would be far too ambitious for our small working meeting of 20 participants. Nevertheless, these approaches do target important aspects of the insider threat problem, and each has had significant applications to the problems in the literature.
The 1 day meeting, which took place on 7/31/2014 and 8/1/2014 at the Software Engineering Institute in Pittsburgh, PA, involved participants from across academia, industry, and government, including representatives from Argonne National Laboratory, Carnegie Mellon University, Human Resources Research Organization (HumRRO), MIT Lincoln Laboratory, New York University, Old Dominion University, Sandia National Laboratory, the Software Engineering Institute, and the FBI.
To the best of our knowledge, this is the first meeting with the goal of understanding how a range of modeling and simulation methods can be utilized to further our understanding of complex insider threat problems. The focus of the papers in this Special Issue are methods that involve the execution of an explicit, abstract model of an organization in contrast to the emulation of a computer system or pilot testing within an organization.
It can take a lot of time, be very expensive, disruptive, and even dangerous to pilot test controls operationally. The behaviors of malicious actors and good employees can be extremely difficult to distinguish in practice, increasing the probability that innocent employees will be implicated in malicious activities. Strong evidence of potential countermeasure effectiveness is needed before operational pilot testing commences. Using a modeling and simulation environment to rigorously test hypotheses allows confirmation, extension, and refutation of existing theory or the formulation of new theories altogether.
The experiments conducted in the virtual environment can provide a body of evidence that supports strong hypotheses that can justify subsequent pilot testing efforts. The results of our workshop confirmed the utility of these modeling and simulation methods, especially in combination, to address the complexity of the insider threat problem.

Modeling and simulation methods and their combination
A unique contribution of this Special Issue is to elaborate and exemplify the combination of modeling and simulation methods toward addressing aspects of the insider threat problem. The Computational and Mathematical Organization Theory journal is particularly appropriate for this topic because of the strong organizational perspective of the threat and the links to theory that the modeling and simulation enable.
Since work applying this technology to the insider threat problem is early and primarily exploratory in nature, results are not yet definitive and models are not yet predictive. Nevertheless, we believe that the papers published in this Special Issue do, in fact, strongly demonstrate the potential for modeling and simulation science to help understand the nature of the insider threat problem and test the efficacy of mitigation controls. These methods do not supplant existing research or obviate the need for other approaches, but they are underutilized in insider threat research generally.

Methods considered in this special issue
The modeling and simulation methods described in this Special Issue have a rich basis and history:

Agent-based modeling (ABM)
ABM is an object-oriented approach to simulate the actions and interactions of autonomous agents within a larger ecological context. Agents can represent a variety of objects from individual actors (i.e., people) to collective communities and organizations (i.e., corporations or countries) that have endogenous and frequently heterogeneous features. Ecological context provides an environment in which exogenous stimuli (produced by the environment or other agents) can influence and drive individual agent behaviors. A common goal of ABM, regardless of the scale of the agent, is to understand the emergent behavior of the larger system of which they are a part (Gilbert 2008). While the origins of ABM trace back to the late 1940s with the Von Neumann machine and the notion of cellular automaton, the first formal models were not developed until the 1970s followed by an explosion of the field in the 1990s, made possible by software platforms built on increasingly powerful computers that supported real-time visualizations (Cioffi-Revilla 2014). ABMs show that even relatively simple interaction rules can generate a broad range of complex behaviors that correspond with real-world observation (Epstein and Axtell 1996). A variant of ABMs, agent-based dynamic-network models have been successfully used to model issues of behavior adaptation and information diffusion across multiple groups-making them particularly valuable for addressing issues related to insider threat and security (Lanham 2015;Lanham et al. 2011).

Game theory (GT)
GT has been characterized as ''the study of mathematical models of conflict and cooperation between intelligent rational decision makers'' (Myerson 1991). While early discussion of two-person games goes back at least as far as the 1700s, GT did not exist as a unique field until John von Neumann's descriptions of the foundations in his book in 1944, Theory of Games and Economic Behavior (Leonard 2010). The 1950s saw the field expand into the logical side of decision science by many scholars in the areas of economics, political science, psychology, computer science, and biology.

System dynamics (SD)
SD is a method based in continuous mathematics for modeling and analyzing the holistic and dynamic nature of problematic behavior by analyzing the underlying feedback structure of that behavior (Sterman 2000). SD was developed by Jay Forrester in the mid-1950s as a method derived from control theory to graphically portray a system of differential equations used to endogenously model soft factors, such as policy, procedural, administrative, or cultural factors along with hard, strictly technical factors. From its beginnings as a means to help corporations improve industrial processes, its use broadened in the 1970s and 1980s to areas of urban and environmental dynamics. With the development of powerful, userfriendly simulation platforms in the 1990s, its use expanded further to both public and private sector problems involving policy analysis and design.

Bayesian belief network (BBN)
BBNs are probabilistic, directed acyclic graphs where the nodes represent random variables and edges represent conditional dependencies among the random variables. Efficient algorithms exist to support the automatic application of Bayes Theorem through the network to calculate the probability that a certain event will occur or condition will exist. While the foundational work by Thomas Bayes was performed in the 1700s, it was not until Judea Pearl and Richard Neapolitan's writings in the 1980s that BBNs became a field of study (Neapolitan 1990;Pearl 1985Pearl , 1988. BBNs have been applied to modeling knowledge in computational biology, medicine, bio-monitoring, document classification, information retrieval, semantic search, image processing, data fusion, decision support systems, engineering, gaming, law, and risk analysis.

Network analysis (NA)
NA, a part of network science that draws on the mathematics of graph theory, considers distinct entities represented by nodes and the interconnection among those nodes represented by edges. While the study of networks was introduced in the 1700s for understanding complex relational data, its application in the area of sociology, called social network analysis, emerged in the 1930s to study interpersonal relationships (Moreno 1934). Social network analysis was formalized mathematically in the 1950s and became pervasive in the social sciences by the 1980s (Freeman 2004). Application of social network analysis to organizations grew at the end of the twentieth century, as did the methods on which they were based. A new discipline called dynamic network analysis has emerged as a means to model multiple types of nodes and links for the analysis of more complex properties of organizations over time (Carley 2003). Dynamic network analysis combines the specification of multi-dimensional networks-as in (Carley 2002;Contractor et al. 2011)-with ABM simulation to address temporal issues of network dynamics as in (Carley 2006).

Combinations of methods
As we mentioned, other modeling and simulation approaches could have been chosen for our working meeting. However, when considering problems and solutions in the insider threat domain, these five approaches complement one another in a number of ways:

Individual versus context
The insider threat problem requires considering attributes of both the individual and the context in which that individual acts. ABM and SD complement each other in this respect. ABM focuses on an individual level-on interaction rules among potentially heterogeneous individuals that can create complex emergent behaviors. SD, on the other hand, focuses on system features at an aggregate level and is particularly useful at analyzing how these features can drive system behaviors. Of course, what is aggregate at one level of abstraction may be considered an individual at a higher level of abstraction, so there is interplay between the two approaches that often depends entirely on scale. Some tools even directly support the development of combined ABM and SD models, for example, Anylogic (http:// www.anylogic.com/), Ventity (http://vensim.com/ventity-beta/), and NetLogo (https://ccl.northwestern.edu/netlogo/). However, these tools are not a necessity. For instance, the Sokolowski et al. paper in this Special Issue uses a combination of SD and ABM in the presentation of the authors' model without direct tool support.

Actor rationality
GT provides a powerful method for establishing a benchmark for beginning to understand complex decision making. Of course, the logical preferences and utilitymaximized decision making of rational actors are not always representative of realworld actors with limitations of attention, memory, and information processing capability driven by emotions, reflex, and unconscious motivations. The rational actor analysis performed in GT complements (and is complimented by) the bounded rationality of actors traditionally assumed by ABM and SD modelers. SD and ABM support limiting the scope of agent decision making to information ecologically available to the agent. This limited scope promotes making decisions as real-world actors do, by considering the context in which those decisions are actually made. ABMs can also serve as a convenient means to visualize the emergent behavior of actors driven by specific GT rules of interaction. This approach is taken in the Casey et al. paper in this Special Issue.

Risk calculation and feedback
An important capability of insider threat programs is the ability to detect increasing levels of insider threat risk at individual and organizational levels. BBNs provide an important means for detecting increased risk and whether that risk comes from conditions in the organization, situational features of the individual, and/or the individual's social and online behaviors. BBNs can be used to update insider risk related variables based on the probabilities of important indicators of that risk. This is true even when the probability of an insider attack is very low (Hubbard 2009, p. 227). BBNs can clearly be used to calculate initial parameter values in each of the other modeling and simulation approaches. However, the acyclic aspect of BBNs means that the values calculated do not provide feedback to previously calculated variables. Other approaches, like SD, are based directly on such feedback mechanisms and thus provide complimentary methods that provide an update of the prior values on which a BBN is based. This multi-method approach is taken in the Sticha and Axelrad paper in this Special Issue.

Execution of multi-dimensional networks
Similar to GT, NA in its most fundamental form is not executable. However, just as with GT, NA can be used in combination with ABM to provide a means to execute and visualize network behaviors over time. This approach is taken by the Carley and Morgan paper in this Special Issue. In fact, the approach taken in this paper uses a tool, called Construct, developed by the author group to conduct multi-dimensional network analysis on an evolving multi-agent network model of an organization.
Clearly there are different modes of interoperation among the various tools that support elaboration, investigation, and mitigation of the insider threat problem. Those listed above are just a few of the interactions possible. Future work could elaborate and illustrate other potential modes.

Papers in this special issue
The four papers in this Special Issue are  Table 1 illustrates our attempt to classify the computational methods described in these papers. Although this task seemed simple, it became apparent that organizing these papers into categories was not only difficult but also possibly counterproductive and subject to debate. There were, of course, obvious categorizations. For instance, several of the papers involve well-defined characteristics of agentbased modeling. Yet, upon closer examination of the respective agents in those models, we begin to find that the macro-behaviors being described are the outcomes of generative models of decision making that transverse the other categories. Other papers emphasize the application of hybrid methodologies or the use of one method to inform the other.
Ultimately, the specific method(s) of implementation in each of these articles may not be as important as the overall understanding that there are diverse ways to approach the same problems that have vexed the non-computational research community. This realization is not a surprise to computational modelers, but it may be an epiphany to researchers who sense that the current methods of research into hard problems, like insider threat, are limited when applied to intractable issues.
Modeling and simulation is critical for understanding complex domains. Complexity in the natural cognitive and social environment is the source of the difficulty associated with mitigating the insider threat. The complexity of insider threat related behaviors, compounded with low base rates and relatively hidden processes and populations, highlights the dangerous voids in our theories and practical knowledge.
The articles in this Special Issue offer a diversity of perspectives on the hard problem of insider threat and its many features. While the tendency might be to view each of these computational methods as distinct, it is also our intention to present them as part of a larger mosaic of methodological tools. The overlap among methods, in some cases, will be obvious; in other cases the overlap will be more nuanced. The point is, however, that these tools each offer an opportunity to gain a new perspective on the multi-faceted insider threat problem.