By John Irvin

The popular axiom “an ounce of prevention is worth a pound of cure” – attributed to none other than Benjamin Franklin – attests to the fact that taking action beforehand to prevent a problem from arising is considerably more cost-effective than being forced to dedicate greater resources toward fixing the problem in the event it does occur. Nothing could be more obvious and logical. Nothing could be more common sense.

Why is it, then, that current counterintelligence efforts are so focused on detection of insider threats that prevention is relegated to a more minor role? Given the enormous damage to national security that even one malicious insider can cause – a Hanssen, Ames, or Snowden – would it not be reasonable that preventing an insider spy from traveling down that road in the first place would be at least as important if not more important than detecting him after he has already made his fateful decision?

In the third part of his three-part series on solving the problem of insider espionage through an understanding of the psychology of the insider spy, psychiatrist Dr. David Charney, MD, answers that question. Moreover, he offers expert opinion on just how prevention can be accomplished.

In his first white paper, True Psychology of the Insider Spy, Dr. Charney explains how his work with US Intelligence Community members and his unique access to three imprisoned spies – Earl Pitts, Robert Hanssen, and Brian Regan – offered him insight into the motivation and behavior of insider spies. In part two, NOIR: Proposing a New Policy for Improving National Security by Fixing the Problem of Insider Spies, Dr. Charney offers a method for using an understanding of insider spy psychology to create a program – a National Office for Intelligence Reconciliation (NOIR) – that offers insider spies a way out of the trap they’ve placed themselves in.

In NOIR White Paper Part Three, Prevention: The Missing Link for Managing Insider Threat in the Intelligence Community, Dr. Charney demonstrates how the psychology of insider espionage can also be used to prevent an at-risk individual from becoming an insider spy in the first place. Together, the three NOIR white papers address the challenge of “how to create a seamless suite of resources, a full spectrum solution for better managing insider threat, to include off-ramp exits for before and for after someone crosses the line.”

Part Three is divided into eight sections, identified as sections A through H. Section A is a review of the problem of insider espionage with a focus on the “missing link” in current counterintelligence (CI) practice, which is the failure to create “off-ramp exits.” Institutionalized off-ramps for currently active insider spies, as well as troubled former spies and those in a dormancy stage, offer a means of escaping the trap they’ve placed themselves in and for mitigating the damage they may have already done. Part Three also points out the lack of adequate off-ramps for those who are in the earliest stages of the path toward insider espionage and in desperate need of a means to avoid crossing over the line.

Section B further elaborates on the problems of focusing on detection to the detriment of prevention.  Dr. Charney also highlights the uncomfortable truth that even the most technologically advanced detection methods have yet to actually turn up an insider spy. He states, “Advocates for modern amped-up detection methods claim that new and advanced technologies on the horizon will be the game changers that will overcome the historical shortcomings of detection” and adds “detection ‘on steroids” is not likely to move the needle very much.”

The entire three-part series of NOIR white papers are briefly reviewed in Section C, which concludes in stating that all three come together to form a Full Spectrum Solution for Managing Insider Threat.  Section D offers a thorough discussion of two current CI concepts – External Management of Insider Threat (EMIT) vs. Internal Management of Insider Threat (IMIT). Dr. Charney posits that EMIT is detection-oriented and involves “efforts that are externally focused, surveillance-based, intrusive, invasive, and even coercive.” On the other hand, IMIT is prevention-oriented and “aims at changing the inner thoughts, attitudes, and mindsets of troubled IC employees to head off the worst developments, including crossing the line.” Both are necessary for a full spectrum solution.

Section E offers a very detailed discussion of the strengths and weaknesses of detection, while Section F offers the same in regard to prevention. Both sections review current practices and Dr. Charney also provides real-world examples to bolster key concepts. One of those examples involves the tragic case of Brian Kelly, a CIA officer with a stellar reputation who became a victim of what may be considered a “false positive” in the detection approach to CI. While later fully exonerated, he nevertheless suffered real harm, both professionally and personally.

Section G provides guidance and recommendations toward creating a comprehensive insider threat prevention program that is based on IMIT concepts. This section goes into considerable detail in offering advice on how an organization’s existing Employee Assistance Program (EAP) can take practical steps toward employing Dr. Charney’s concepts in order to create their own fully functioning prevention program. For the IC, he suggested that the EAP be part of a two-tiered program that includes prevention and mitigation resources under the Office of the Director of National Intelligence (ODNI).  t is in the ODNI that a NOIR, as described in Part Two of the white paper series, would be located and serve the entire intelligence community.

Finally, Section H offers an overall conclusion and reiterates key points. These include the fact that detection, while still necessary, is hardly sufficient in addressing the insider threat. A full spectrum solution requires attention to IMIT and must offer off-ramp exits for before and after someone crosses the line. Dr. Charney finishes with this observation:

Will the IC take up the challenge of managing its insider threat risk by going beyond mere reliance on detection? Will the IC strengthen its insider threat posture by adopting the new prevention strategies proposed in this paper? There is hope. Churchill supposedly said: “Americans can always be counted to do the right thing …after they’ve tried all the other possibilities.”

 

What do you think?