NOIR: A White Paper Part 3—
Prevention: The Missing Link for Managing Insider Threat in the Intelligence Community
by Dr. David L. Charney, Psychiatrist
READ: NOIR White Paper Part 3: Prevention: The Missing Link for Managing Insider Threat in the Intelligence Community (pdf)
The Problem: Insider Threat
Recent dramatic security breaches have drawn increasing attention to the insider threat problem. These breaches have captured headlines and have featured perpetrators such as classic state-sponsored insider spies like the recent Chinese moles as well as so-called whistleblowers like Chelsea Manning and Edward Snowden.
My previous white paper, NOIR, proposed an off-ramp exit solution, which does not yet exist, for those who have crossed the line. Quoting Sun Tzu: “Always leave your enemy an exit.” Extending the logic, why not off-ramp exits, meaning robust prevention mechanisms, for before they cross the line?
Analyzing Failed Links in Security Chains
Security breaches and other insider threat events are the endpoints that indicate a failure occurred somewhere along the sequence of links in security chains. These links are the protective measures intended to counter potentially disastrous breaches. Breaches are proof that the links failed.
Failed security chains in the IC should be analyzed the same way the National Transportation Safety Board (NTSB) goes about studying aircraft disasters. The NTSB seeks to understand how each link failed in chains that resulted in disasters and whether protective links that should have been built into security chains were simply missing.
Missing Links in IC Security Chains: Off-Ramp Exits
This paper asserts that there are two critical missing links in IC security chains. These missing links can be described as two types of off-ramp exits: exits for before someone crosses the line and exits for after someone crosses the line. The absence of these two links in IC security chains weakens effective management of IC insider threat.
If both missing links were added to the considerable number of existing and planned detection links—which at present seem to be the only game in town— a full spectrum solution would come into existence for the comprehensive management of insider threat.
Drawing attention to the shortcomings of detection does not mean that detection has little value for managing insider threat. Far from it. Detection is vitally necessary as one of the two key components of the classic good cop-bad cop dyad, universally employed for managing criminal offenders.
Every IC employee is on notice that a full range of detection methodologies continuously operate, creating powerful deterrence to not cross the line. With exciting new technological advances on the horizon, detection will continue to strengthen our national security.
That said, acknowledging the enduring and critical importance of detection should not keep us from examining its limitations. This paper will assert that there is an overreliance on detection, not that it is unnecessary. Currently, it is mostly bad cop and very little good cop, mostly stick and very little carrot.
While this paper will highlight many of the limitations of detection, my primary intention is to counter the IC’s tendency to put nearly all of its eggs into the detection basket. Hopefully, critical thinking about detection will motivate the IC to reconsider relying so exclusively on it. The thesis of this white paper is that neglect of prevention strategies leaves too much on the table, too many opportunities to more effectively manage insider threat. Containing insider threat is too important to limit our toolset. We need more tools in the arsenal.
NOIR for USA is a 501(c)3 entity to educate the US Intelligence Community, other government components, including the Congress, the courts, responsible journalists, and the general public, about the NOIR concepts and proposals.
Dr. Charney and his colleagues at NOIR for USA would appreciate any comments, criticisms, or additional thoughts you may have about NOIR concepts and proposals.
~ ~ ~
- Read: NOIR: A White Paper Part 3 – Prevention: The Missing Link for Managing Insider Threat in the Intelligence Community (pdf) Feel free to distribute it in your organization, provided it is properly credited.
- Buy print copy of White Paper #3
- Buy a Kindle version of White Paper #3
- Download the Outline Summary handout
- About the Author: David Charney
- Request a briefing on the NOIR Concept and the Life Stages of an Insider Spy: Request a Briefing
- Click to read the: 14 Benefits of NOIR
- Click to read the: 10 Rationales for NOIR
- Click to read the: 7 Factors Driving Reconciliation
- Read what intelligence professionals say about the NOIR concept: Feedback
- We are interested in your comments, questions and feedback: Contact Us