Are Boston Bombers Insider Threats?

The answer depends on affirmative responses to these two questions:
1. Did they occupy a position of trust?
2. Did they betray that trust?

Answer both questions with a Yes, and the next question becomes
3. What can we reasonably do to defend against such insider attacks?

First Things First – Define Terms

We begin with an operating definition of what constitutes an insider threat to any entity. An insider threat is an individual and, more broadly, the danger posed by an individual who possesses legitimate access and occupies a position of trust in or with the entity being targeted. First an adversary must occupy a position of trust. Then the adversary must betray that trust. Both are necessary for an insider threat to be present, per se. (See Managing the Insider Threat: No Dark Corners, Baton Rouge: CRC Press, 2012, pp. 4-5, for related discussion on this definition.)

Boston Marathon Bombers as Insiders

The answer to Question 1 is Yes, but only to the extent that one considers American citizenship to imply at least some sort of societal bond and shared deference for our Constitution and way of life. This is all the more reasonable to infer if an individual involved recently completed the formal process of becoming an American citizen.

The answer to Question 2 is Yes in that, given a basic obligation to respect the laws and institutions of America, the intentional infliction of mayhem targeting fellow citizens who offered no provocation or danger to attackers represents a betrayal of decency, citizenship, and humanity.

Then what should we do to counter such trust betrayal by malicious insiders? One answer may be to extend the co-pilot model to the point of engaging one’s fellow citizens more meaningfully in their own defense. Before delving more deeply into what to do, however, it is instructive to consider what not to do.

What Does Not Work

Traditional insider defenses, such as increasing controls and monitoring of all life forms, offer no answers. Not only are they unsupportable, they also are certain to alienate their intended beneficiaries. Recalling that No Dark Corners recognizes the limits of corporate sentinels to defend the organization against all hostile insiders, one soon realizes that there are never enough of these sentinels to go around, and their expertise tends to make them insular. The overburdened sentinel soon resents endless demands for action and the people making such demands. Consequently, an us-vs.-them relationship typically develops between sentinel and intended beneficiary of sentinel expertise. This dilemma for organizations applies equally to the public at large. Even in extreme cases as in Boston in the aftermath of the marathon bombings, when police from the local, state, and federal levels swarmed over Boston and Watertown like protective locusts, there were not enough of them to find the bomber at large by themselves. Why not? There are never enough sentinels to cover all the ground, all the exposures, all the contingencies. It took watchful residents to alert authorities to where the bomber was hiding.

Nor is it practical to screen and closely monitor the entire crowd at public events such as the Boston Marathon, although such an approach elsewhere normally adds value in keeping hostile insiders from harming their employers. Besides, any attempt to defend public events against insider attacks by resorting to draconian screening would necessarily transform a celebration into a logistical nightmare and a traffic torment. It would be like strip-searching theater patrons before allowing them to go to the movies. Love of the cinema and box-office receipts would surely decline.

What to Do

One answer comes straight from what No Dark Corners labels the co-pilot model. A co-pilot does not exercise the same responsibilities and authority as the pilot of a given aircraft. Whenever there is a need for decision, it is the pilot who makes the call. However, if some accident or misadventure incapacitates the pilot, the co-pilot is expected to take the controls of the plane and fly it safely, averting disaster in the process. What a vast and otherwise unmanageable ocean of insiders and potential insider threats require are not necessarily more experts or sentinels to watch over everyone else and to scold anyone who approaches society’s cockpit. This, by the way, is the knee-jerk reaction that police and other responders display when dealing with situations like the Boston Marathon bombings. Exercise command and tell all the civilians to hunker down and stay out of the way, so that the experts can handle the situation.

Except there are never enough experts. They may be good, but they are neither ubiquitous nor indefatigable. They wear out and, sometimes, they just aren’t around when something in the air still needs piloting.

The Answer

Stop treating every member of the public like the weakest link. Treating them like passive invertebrates wastes a valuable resource that may also be the only resource. Instead, encourage more people to become co-pilots who take a hand in our mutual defense. Bring them into the fold. Ask for their help without talking down to them. Release pictures and details sooner rather than later, and end the condescension of one-way communications embedded in platitudes like, “See something, say something.” Why? For every thousand citizens who take the time to report what they saw, perhaps only a dozen produce something useful for police to pursue. Yet of those dozen, it would be unusual to find even one of the reporting citizens receiving the kind of timely feedback or interactive contact that would encourage continued reporting in the future. Instead, the stereotypical law enforcement reaction is to treat the useful as well as the useless citizen reports exactly the same way: like questionable ravings of the uninitiated who, even when they contribute, are outsiders who are undeserving of two-way communication. The net result is that average citizens cannot tell whether their say-something reports are acted on or ignored.

The Trouble with See Something, Say Something or Observe and Report

Once the same citizens are treated like co-pilots, however, everything changes. They start to take a hand in their own defense instead of waiting for some expert sentinel to do more than humanly possible. Then, and only then, it becomes possible to replace the passive “See something, say something” cliché with something more meaningful, like, “Step up and intervene.” This intervention need not be aggressive or life-threatening. All that needs to happen is to migrate beyond the traditionally marginal “observe and report” guidance that a litigious society dispenses to its security guards. Instead, guards and average citizens should be challenging suspicious acts and people and engaging in lawful disruption. This can and should be done safely.

A Better Way

Challenging does not need to be synonymous with violent confrontation. It can be as simple as approaching the suspicious individual and engaging him or her in conversation. Saying hello is a good place to start. It is also innocuous. Hint: Store greeters do this not only to welcome patrons but to psychologically signal that the person entering a store is no longer anonymous and has been noticed by a fellow human. This action deters theft, vandalism, and other misdeeds. So, why not apply the same technique to let suspicious people know that they are being noticed?

As for lawful disruption, this need be nothing more than introducing nonthreatening but perfectly legal obstacles to a clandestine attack. Just letting suspected terrorists realize that they have attracted attention is often enough to make them seek a different target where they will not be noticed. The act of greeting them and thus drawing public attention to their movements will tend to accelerate their departure. This technique, by the way, applies equally well to thieves and other criminals who are planning an illegal activity. Recognition and attention complicate their plans and targeting, usually convincing them to look elsewhere for a softer target.

Bottom Line

Making more co-pilots out of the public is the only way to increase the odds in favor of defenders over attackers. Embracing such co-pilots and treating them as part of the same team turns them from the weakest link into the first line of defense.

-- Nick Catrantzos

Sitting on Suspect Photos a Chronic Reflex

The institutional, knee-jerk tendency to control information even when this becomes counterproductive is not unique to the authorities now sitting on photographs of suspected Boston Marathon bombers. What cements bureaucrats into such hoarding all the more is a time-honored tactic of cloaking any decision under the mantle of confidentiality of ongoing investigations. While there is some truth in the chanting of this confidentiality litany, this is not the whole truth. An analogous case deserves mention here.

Remember the DC sniper frenzy a decade ago? Muhammad and Malvo went on a shooting spree ranging across Maryland, Virginia, and the District of Columbia. While the FBI and ATF were intimately involved in the case, their executives positioned themselves behind a local Maryland community police chief, Chief Moose, as the nominal head of their joint task force. What made the killers particularly difficult to find was their random selection of targets and firing only a single rifle shot for each attack. Although the pair operated out of a dark sedan, with the shooter firing from a hole in the trunk, authorities and media became fixated on looking for a white van. Evidently, a witness report in the vicinity of at least one of the shootings pointed to a suspicious white van. Soon reflexive searches for white vans started to happen after every shooting. I remember this vividly from witnessing my 15-minute daily drive on the Beltway (from home in Virginia to office in Maryland) turn into a 2.5-hour crawl one morning after a shooting.

Notwithstanding white van sightings, though, Chief Moose et al repeatedly missed the opportunity to work smoothly with the press and take better advantage of public involvement. They scheduled news conferences that communicated little of substance and then delayed the start of those conferences. They caused a major traffic jam on another occasion in order to make a very showy presence at a shooting victim's funeral. Worst of all, though, they tried to sit on photos and identifying details of the two shooters -- under precisely the same pretexts now being offered for withholding similar details about marathon bomber suspects.

What happened in reality? Two news channels, Fox and CNN, released the details anyway. Within hours of this release, a truck driver spotted the shooting suspects and reported them to authorities. As a result, police arrested the snipers before they killed another random target.

Fast forward to the present day, and the scene playing out smacks of déjà vu. In Boston, once again, institutional inertia appears to be justifying sitting on information in possible hopes of controlling evidence for the perfect prosecution and exclusive handling of initiated experts. Instead, the photos and descriptions should be circulating so widely as to make it impossible for these suspects to elude scrutiny. At the same time, rapid dissemination of such information also brings exculpatory details to light, perhaps eliminating as many suspects as the process flags for scrutiny.

Are the ones sitting on this information bad people? Certainly not. They are sufferers of a malady that afflicts modern bureaucracies, ingraining patterns and inertia that make slow learners of some bureaucrats. The New York Post's April 18 release of suspect photos may offer the public an antidote.

-- Nick Catrantzos