GEDAI Chair created to tackle insider threats

OCTOBER 19th, 2023

The allusion in the name reflects the founders’ ambitions. By initiating the GEDAI (pronounced “JEDI”), the Institutional Chair on the Detection, Analysis and Automated Management of Internal Breaches and Anomalies, Polytechnique Montréal intends to attack the problem of insider threats, which, when it comes to cybersecurity, are at least as serious as external ones.

The creation of the GEDAI Chair stems from the Insider Threat Alliance project, which is benefiting from $5.4 million in funding over five years from the Natural Sciences and Engineering Research Council of Canada (NSERC) and MITACS.

Professor Frédéric Cuppens of the Department of Computer and Software Engineering will lead the project, which brings together an array of collaborators including researchers from HEC Montréal and Université de Montréal through the Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2), which Dr. Cuppens heads. The research group will also be supported by industry partners, including National Bank of Canada, Desjardins, Qohash, Mondata and Cybereco.

Daunting threats

Insider threats, also called internal threats, represent the most significant security vulnerability within organizations and businesses, well ahead of external threats, which have been the focus of researchers’ attention in recent years.

Employees, consultants and all manner of third parties who have access to a given computer network constitute potential entry points for a cyberattack or intrusion, whether through malicious intent, negligence or simply being caught off-guard. And such entry points are being increasingly exploited by criminals.

According to IBM, the incidence of internal threat events more than tripled from 2016 to 2020, and there’s no sign of that momentum slowing. Moreover, the Ponemon Institute reports that more than half of organizations have experienced at least one insider threat incident during the past year. Increasing reliance on teleworking suggests that the phenomenon is not going away any time soon.

The research group led by Polytechnique intends to stop those gaps by developing a real-world management solution to help organizations and businesses deal with this growing menace. Their challenge will be to strike the right balance between economic, social and ethical considerations, as well as more technical and legal ones. They intend to address it by taking a multidisciplinary approach that takes account of real-world constraints.

“There are technical challenges and human issues that prevent today’s monitoring tools from being effectively implemented,” Professor Cuppens notes. “We hope that by getting a better picture of users’ realities, we’ll be able to develop a realistic access-management and supervision approach—one that organizations will adopt because it doesn’t add to their members’ workloads.”

The project will be supported by teams led by Professor Nora Boulahia Cuppens and Professor Amal Zouaq of the Department of Computer and Software Engineering at Polytechnique; Professor Alina Dulipovici of the Department of Information Technology at HEC Montréal; and Professor Benoît Dupont of the Faculty of Arts and Sciences – School of Criminology at Université de Montréal.

The researchers will begin by collecting field data so as to identify processes that pose risks for organizations. Since this step requires access to data sources that are sensitive for organizations as well as their employees, the gathering of that information will adhere to regulatory and ethical standards. In parallel, the team will develop an integrated insider threat management solution that will consider socio-technical, economic, ethical and regulatory considerations. The solution will use artificial intelligence, in part, to learn and model knowledge, and to apply automated reasoning.

 

Initially published in Polytechnique Montréal’s ‘Carrefour de l’actualité