A New Approach To Insider Threat Mitigation: Lessons Learned From Counterintelligence Theory

According to the International Atomic Energy Agency’s (IAEA) Information Circular (INFCIRC) 908, because “insiders possess access⋯authority and knowledge⋯[they] pose an elevated threat to nuclear security.” Insiders, witting or unwitting, working together or alone, possess the opportunity to cause significant damage to nuclear facilities through sabotage or unauthorized removal of nuclear or radiological material. In response to this global threat, INFCIRC/908 pledged nearly 30 countries to establish and implement a range of national-level measures to better mitigate insider threats at nuclear facilities. However, the lack of publicly available insider case studies involving nuclear facilities makes causal analysis and pattern recognition difficult. Some insider threat researchers and practitioners have leveraged lessons from other disciplines, including the casino and pharmaceutical industries, to address this challenge. One untapped discipline with conceptual and practical similarities for eliciting insider threat mitigation insights is counterintelligence, defined by United States Executive Order 12333 as “information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations.” Both counterintelligence and insider threat mitigation seek to protect high-value assets from malicious, intentional human actions. Each discipline must identify perpetrators from individuals with access rights that give them a privileged position compared to a traditional ‘outsider’ threat. Additionally, the consequences of failed counterintelligence and insider threat mitigation activities can both result in grave damage to national security. This paper builds on initial analysis conducted in the 2019 INMM conference paper, “Preliminary Results from a Comparative Analysis of Counterintelligence and Insider Threat Mitigation in Nuclear Facilities,” which evaluated ten counterintelligence case studies for application to insider threat based on a seven criteria rubric. This paper furthers the analysis by evaluating seven insider threat case studies within nuclear and radiological facilities to provide insight into whether trends identified in the counterintelligence case studies are empirically present within the limited set of historical insider case studies in the nuclear field. The paper outlines a comparison rubric and analytical framework, identifies trends and insights across the motivations, characteristics, actions, and investigations applicable to insider threat mitigation, and provides lessons for potentially improving insider threat programs at nuclear facilities.