Homeland Security Watch

News and analysis of critical issues in homeland security

July 23, 2013

Essence of Rat in Fed Insider Threat Program

Filed under: General Homeland Security — by Christopher Bellavita on July 23, 2013

Nick Catrantzos wrote today’s post. ¬†Nick teaches Homeland Security and Emergency Management, is former security director for a regional water utility, and is the author of Managing the Insider Threat. ¬†


In a ham-handed implementation that can only be properly described as TSA-esque, the federal scramble to plug leaks now emerges as an exhortation to seize on coworker behaviors to flag them as suspicious and to rat out peers to some unmentioned body of enforcers with the wisdom and wherewithal to do something about real, impending betrayal.

Insider Threats mclatchy THUMB

That such a scheme should self-destruct is a surprise to no one but its armchair architects. (Details at this link.) It was doomed from inception. Why?

There are sins of omission and of commission raging through any program like this if it hasn’t been thought through. Let us begin with the latter.

Sins of Commission

1. Absent better guidance, such a scheme appeals to the baser instincts of human nature, becoming an instant invitation to settle scores.

Is Mary jealous of Irma for having won the last promotion? Then rat her out for too many restroom breaks on the pretext that she must be using them to pass on notes to terrorists. Is Fred unhappy that the boss turned down his requested leave dates because Joe has seniority and asked for them first? Then rat out the both of them for collusive behaviors that must be indicative of running a terror cell.

You get the idea.

Armchair theorists do not see this fatal flaw because they have never witnessed, from a manager’s perspective, the unintended consequences of a flawed implementation of an ethics or anti-harassment program. Run impetuously by amateurs, such programs invariably generate new — and spurious — business. The remedy soon becomes worse than the disease, a fear that dates back to Hippocrates’ warnings to early physicians.

2. The unthinking reliance on mass distribution of suspicious behavior checklists ends up making every worker the equivalent of the worst TSA automaton: a blind follower of printed instruction who is disincentivized from the all-important infusion of judgment.

Why does this happen?

Because we live in a society that slavishly follows the LITE mantra, namely Leave It To The Experts. We ask employees to rat others out but don’t trust them to think. That is the province of the unmentioned experts, whose expertise is usually assumed or self-conferred.

Sins of Omission

Perhaps the greater fatal flaw arises from what such programs neglect.

1. They respect neither the work force nor the workplace. Insider threats remain statistically rare. (See Managing The Insider Threat: No Dark Corners, for a lengthier and more scholarly treatment of this topic.) The bottom line is that most people, most of the time, are not going around betraying their employers or fellow workers.

It is mindless to treat the vast majority of honest employees as ex-cons scheming to violate their conditions of parole. It is equally unfair to the workplace to turn it into a Gestapo-run factory ruled by the lash. All organizations exist for a reason. They have a job that needs doing, and most of these employers cannot turn themselves into full-time witch-hunters without degrading their overall performance.

2. These programs hinge on the assumption that workers are fit only to spot suspicious behaviors as they exist on a checklist but not qualified to evaluate their own information. (See LITE, above.) So the employee who is urged to rat out a coworker is not trusted to do anything more. This situation invariable leaves the reporting employee bereft of feedback, while some self-styled expert runs with the lead or, equally, sits on it. No one can tell what happened outside the select cadre of experts.

This situation invites abuse and tends to incentivize expert lassitude, somnolence, and all the other kinds of reaction that attach to bureaucrats who are not, shall we say, all the way committed to excellence. Result? More sitting on data than timely intervention to prevent threats from materializing.

3. Finally, such programs neglect the value of lawful disruption. Face this reality: There are never enough experts or responders to handle every situation. Taking advantage of the initiative of someone on the scene of a catastrophic betrayal is not just the best chance for damage control. It’s usually the only chance. It’s also precisely the chance these insider programs squander by telling employees, “Leave it to the experts.” When insider threat programs stop short of saying this directly, they say it tacitly. They neglect to point out the nearly infinite options that exist for lawful disruption, that is, the short circuiting of pernicious activity through legally permissible actions (p. 135 of Managing the Insider Threat and also the beginning of the chapter on lawful disruption of the insider threat, as inspired by a Canadian senator leading an anti-terrorism committee who noted the importance of lawful disruption).

In the final analysis, this rat-out-your-peers approach to countering insider threats as outlined above epitomizes a potentially useful idea likely botched in its implementation.

It proves once again that there is no smart way to be stupid.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

1 Comment »

Comment by William R. Cumming

July 24, 2013 @ 1:04 am

Theory X vis a vis Theory Y management! The stick or the carrot?

RSS feed for comments on this post.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>