The answer depends on affirmative responses to these two questions:
1. Did they occupy a position of trust?
2. Did they betray that trust?
Answer both questions with a Yes, and the next question becomes
3. What can we reasonably do to defend against such insider attacks?
First Things First – Define Terms
We begin with an operating definition of what constitutes an insider threat to any entity. An insider threat is an individual and, more broadly, the danger posed by an individual who possesses legitimate access and occupies a position of trust in or with the entity being targeted. First an adversary must occupy a position of trust. Then the adversary must betray that trust. Both are necessary for an insider threat to be present, per se. (See Managing the Insider Threat: No Dark Corners, Baton Rouge: CRC Press, 2012, pp. 4-5, for related discussion on this definition.)
Boston Marathon Bombers as Insiders
The answer to Question 1 is Yes, but only to the extent that one considers American citizenship to imply at least some sort of societal bond and shared deference for our Constitution and way of life. This is all the more reasonable to infer if an individual involved recently completed the formal process of becoming an American citizen.
The answer to Question 2 is Yes in that, given a basic obligation to respect the laws and institutions of America, the intentional infliction of mayhem targeting fellow citizens who offered no provocation or danger to attackers represents a betrayal of decency, citizenship, and humanity.
Then what should we do to counter such trust betrayal by malicious insiders? One answer may be to extend the co-pilot model to the point of engaging one’s fellow citizens more meaningfully in their own defense. Before delving more deeply into what to do, however, it is instructive to consider what not to do.
What Does Not Work
Traditional insider defenses, such as increasing controls and monitoring of all life forms, offer no answers. Not only are they unsupportable, they also are certain to alienate their intended beneficiaries. Recalling that No Dark Corners recognizes the limits of corporate sentinels to defend the organization against all hostile insiders, one soon realizes that there are never enough of these sentinels to go around, and their expertise tends to make them insular. The overburdened sentinel soon resents endless demands for action and the people making such demands. Consequently, an us-vs.-them relationship typically develops between sentinel and intended beneficiary of sentinel expertise. This dilemma for organizations applies equally to the public at large. Even in extreme cases as in Boston in the aftermath of the marathon bombings, when police from the local, state, and federal levels swarmed over Boston and Watertown like protective locusts, there were not enough of them to find the bomber at large by themselves. Why not? There are never enough sentinels to cover all the ground, all the exposures, all the contingencies. It took watchful residents to alert authorities to where the bomber was hiding.
Nor is it practical to screen and closely monitor the entire crowd at public events such as the Boston Marathon, although such an approach elsewhere normally adds value in keeping hostile insiders from harming their employers. Besides, any attempt to defend public events against insider attacks by resorting to draconian screening would necessarily transform a celebration into a logistical nightmare and a traffic torment. It would be like strip-searching theater patrons before allowing them to go to the movies. Love of the cinema and box-office receipts would surely decline.
What to Do
One answer comes straight from what No Dark Corners labels the co-pilot model. A co-pilot does not exercise the same responsibilities and authority as the pilot of a given aircraft. Whenever there is a need for decision, it is the pilot who makes the call. However, if some accident or misadventure incapacitates the pilot, the co-pilot is expected to take the controls of the plane and fly it safely, averting disaster in the process. What a vast and otherwise unmanageable ocean of insiders and potential insider threats require are not necessarily more experts or sentinels to watch over everyone else and to scold anyone who approaches society’s cockpit. This, by the way, is the knee-jerk reaction that police and other responders display when dealing with situations like the Boston Marathon bombings. Exercise command and tell all the civilians to hunker down and stay out of the way, so that the experts can handle the situation.
Except there are never enough experts. They may be good, but they are neither ubiquitous nor indefatigable. They wear out and, sometimes, they just aren’t around when something in the air still needs piloting.
The Answer
Stop treating every member of the public like the weakest link. Treating them like passive invertebrates wastes a valuable resource that may also be the only resource. Instead, encourage more people to become co-pilots who take a hand in our mutual defense. Bring them into the fold. Ask for their help without talking down to them. Release pictures and details sooner rather than later, and end the condescension of one-way communications embedded in platitudes like, “See something, say something.” Why? For every thousand citizens who take the time to report what they saw, perhaps only a dozen produce something useful for police to pursue. Yet of those dozen, it would be unusual to find even one of the reporting citizens receiving the kind of timely feedback or interactive contact that would encourage continued reporting in the future. Instead, the stereotypical law enforcement reaction is to treat the useful as well as the useless citizen reports exactly the same way: like questionable ravings of the uninitiated who, even when they contribute, are outsiders who are undeserving of two-way communication. The net result is that average citizens cannot tell whether their say-something reports are acted on or ignored.
The Trouble with See Something, Say Something or Observe and Report
Once the same citizens are treated like co-pilots, however, everything changes. They start to take a hand in their own defense instead of waiting for some expert sentinel to do more than humanly possible. Then, and only then, it becomes possible to replace the passive “See something, say something” cliché with something more meaningful, like, “Step up and intervene.” This intervention need not be aggressive or life-threatening. All that needs to happen is to migrate beyond the traditionally marginal “observe and report” guidance that a litigious society dispenses to its security guards. Instead, guards and average citizens should be challenging suspicious acts and people and engaging in lawful disruption. This can and should be done safely.
A Better Way
Challenging does not need to be synonymous with violent confrontation. It can be as simple as approaching the suspicious individual and engaging him or her in conversation. Saying hello is a good place to start. It is also innocuous. Hint: Store greeters do this not only to welcome patrons but to psychologically signal that the person entering a store is no longer anonymous and has been noticed by a fellow human. This action deters theft, vandalism, and other misdeeds. So, why not apply the same technique to let suspicious people know that they are being noticed?
As for lawful disruption, this need be nothing more than introducing nonthreatening but perfectly legal obstacles to a clandestine attack. Just letting suspected terrorists realize that they have attracted attention is often enough to make them seek a different target where they will not be noticed. The act of greeting them and thus drawing public attention to their movements will tend to accelerate their departure. This technique, by the way, applies equally well to thieves and other criminals who are planning an illegal activity. Recognition and attention complicate their plans and targeting, usually convincing them to look elsewhere for a softer target.
Bottom Line
Making more co-pilots out of the public is the only way to increase the odds in favor of defenders over attackers. Embracing such co-pilots and treating them as part of the same team turns them from the weakest link into the first line of defense.
-- Nick Catrantzos
