Evaluating the Effectiveness of Insider Threat Mitigation Preventive
Measures

Malicious insider threats are real and persistent in the nuclear industry and have existed since the industry’s inception. Fortunately, actual malicious insider actions appear to be rare events. The assumption is that effective insider threat mitigation programs (ITMPs) screen out applicants exhibiting behaviors predictive of future threats, deter potential malicious insiders, and facilitate detection and effective responses to known malicious actions. The low base rate for malicious insider behavior, however, could also explain why these behaviors are rare without having to invoke the ITMP as explanatory. Although there are defined methods to evaluate the effectiveness of ITMP protection measures (i.e., detecting and responding to threat acts), assessing the effectiveness of preventive measures (i.e., deterring those considering using their access, authority, and knowledge as insiders from committing malevolent acts, or determining whether all people who are potential insiders have been screened out) has been elusive. If we assume that these programs and measures reduce the risk from insider threats, methods can be developed to evaluate how effectively the preventive aspects of programs and measures are being implemented. For example, if a trustworthiness program includes background checks to identify personnel with previous criminal convictions, a random sampling of previously completed background checks, or performing independent checks, can verify whether the program is working by comparing results. Alternatively, a fake applicant with a criminal conviction could be inserted into the system to determine if the conviction is identified. Current performance evaluation of ITMPs must evolve beyond compliance to address the evolving insider threat because data from this process can be used to invest in program components that are the most effective and upgrades can be made to those that fail to meet expectations. This panel brings together experts from various backgrounds to propose methods for determining the effectiveness of ITMP preventive measures.