NOIR: A White Paper Part 3—
Prevention: The Missing Link for Managing Insider Threat in the Intelligence Community

by Dr. David L. Charney, Psychiatrist

READ: NOIR White Paper Part 3: Prevention: The Missing Link for Managing Insider Threat in the Intelligence Community (pdf)


NOIR White Paper Part 3

The Problem: Insider Threat

Recent dramatic security breaches have drawn increasing attention to the insider threat problem. These breaches have captured headlines and have featured perpetrators such as classic state-sponsored insider spies like the recent Chinese moles as well as so-called whistleblowers like Chelsea Manning and Edward Snowden.

My previous white paper, NOIR, proposed an off-ramp exit solution, which does not yet exist, for those who have crossed the line. Quoting Sun Tzu: “Always leave your enemy an exit.” Extending the logic, why not off-ramp exits, meaning robust prevention mechanisms, for before they cross the line?

Analyzing Failed Links in Security Chains

Security breaches and other insider threat events are the endpoints that indicate a failure occurred somewhere along the sequence of links in security chains. These links are the protective measures intended to counter potentially disastrous breaches. Breaches are proof that the links failed.

Failed security chains in the IC should be analyzed the same way the National Transportation Safety Board (NTSB) goes about studying aircraft disasters. The NTSB seeks to understand how each link failed in chains that resulted in disasters and whether protective links that should have been built into security chains were simply missing.

Missing Links in IC Security Chains: Off-Ramp Exits

This paper asserts that there are two critical missing links in IC security chains. These missing links can be described as two types of off-ramp exits: exits for before someone crosses the line and exits for after someone crosses the line. The absence of these two links in IC security chains weakens effective management of IC insider threat.

If both missing links were added to the considerable number of existing and planned detection links—which at present seem to be the only game in town— a full spectrum solution would come into existence for the comprehensive management of insider threat.


Drawing attention to the shortcomings of detection does not mean that detection has little value for managing insider threat. Far from it. Detection is vitally necessary as one of the two key components of the classic good cop-bad cop dyad, universally employed for managing criminal offenders.

Every IC employee is on notice that a full range of detection methodologies continuously operate, creating powerful deterrence to not cross the line. With exciting new technological advances on the horizon, detection will continue to strengthen our national security.

That said, acknowledging the enduring and critical importance of detection should not keep us from examining its limitations. This paper will assert that there is an overreliance on detection, not that it is unnecessary. Currently, it is mostly bad cop and very little good cop, mostly stick and very little carrot.

While this paper will highlight many of the limitations of detection, my primary intention is to counter the IC’s tendency to put nearly all of its eggs into the detection basket. Hopefully, critical thinking about detection will motivate the IC to reconsider relying so exclusively on it. The thesis of this white paper is that neglect of prevention strategies leaves too much on the table, too many opportunities to more effectively manage insider threat. Containing insider threat is too important to limit our toolset. We need more tools in the arsenal.

NOIR for USA is a 501(c)3 entity to educate the US Intelligence Community, other government components, including the Congress, the courts, responsible journalists, and the general public, about the NOIR concepts and proposals.

Dr. Charney and his colleagues at NOIR for USA would appreciate any comments, criticisms, or additional thoughts you may have about NOIR concepts and proposals.

~ ~ ~