Insider Threats 9781501705946

Citation preview

Insider Threats

a volume in the series

Cornell Studies in Security Affairs Edited by Robert J. Art, Robert Jervis, and Stephen M. Walt A list of titles in this series is available at www.cornellpress.cornell.edu.

Insider Threats E d i t e d b y Mat t hew B u nn an d S c ot t D. Saga n

American Academy of Arts and Sciences Cambridge, Massachusetts

Cornell University Press Ithaca and London

Chapter 5, “Preventing Insider Theft: Lessons from the Casino and Pharmaceutical Industries” by Matthew Bunn and Kathryn M. Glynn, was previously published in Journal of Nuclear Materials Management 41, no. 3 (2013): 4–16. Used with permission. © Institute of Nuclear Materials Management. Copyright © 2016 by American Academy of Arts and Sciences All rights reserved. Except for brief quotations in a review, this book, or parts thereof, must not be reproduced in any form without permission in writing from the publisher. For information, address Cornell University Press, Sage House, 512 East State Street, Ithaca, New York 14850. First published 2016 by Cornell University Press First printing, 2016, Cornell Paperbacks Printed in the United States of America Library of Congress Cataloging-in-Publication Data Names: Bunn, Matthew, editor. | Sagan, Scott Douglas, editor. Title: Insider threats / edited by Matthew Bunn and Scott D. Sagan. Description: Ithaca ; London : Cornell University Press, 2016. | Includes bibliographical references and index. Identifiers: LCCN 2016020235 | ISBN 9781501705168 (cloth : alk. paper) | ISBN 9781501705175 (pbk. : alk. paper) Subjects: LCSH: Terrorism—Prevention—United States. | Nuclear terrorism—Prevention. Classification: LCC HV6432 .I555 2017 | DDC 658.4/73—dc 3 LC record available at https://lccn.loc.gov/2016020235 Cornell University Press strives to use environmentally responsible suppliers and materials to the fullest extent possible in the publishing of its books. Such materials include vegetable-based, low-VOC inks and acid-free papers that are recycled, totally chlorine-free, or partly composed of nonwood fibers. For further information, visit our website at www.cornellpress.cornell.edu. Cloth printing

10 9 8 7 6 5 4 3 2 1

Paperback printing 10 9 8 7 6 5 4 3 2 1

Contents

List of Contributors

vii

Acknowledgments

ix

Introduction: Inside the Insider Threat

1

MATTHEW BUNN AND SCOTT D . SAGAN

1.

Insiders and Outsiders: A Survey of Terrorist Threats to Nuclear Facilities

10

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD D Æ HLI

2.

The Fort Hood Terrorist Attack: An Organizational Postmortem of Army and FBI Deficiencies

42

AMY B . ZEGART

3.

Lessons from the Anthrax Letters

74

JESSICA STERN AND RONALD SCHOUTEN

4.

Green-on-Blue Violence: A First Look at Lessons from the Insider Threat in Afghanistan

103

AUSTIN LONG

5.

Preventing Insider Theft: Lessons from the Casino and Pharmaceutical Industries

121

MATTHEW BUNN AND KATHRYN M . GLYNN

6.

A Worst Practices Guide to Insider Threats

145

MATTHEW BUNN AND SCOTT D . SAGAN

Index

175

v

Contributors

Matthew Bunn is professor of practice and coprincipal investigator of the Project on Managing the Atom at the Belfer Center for Science and International Affairs, Harvard University. Andreas Hoelstad Dæhli is an Oslo-based independent researcher. Kathryn M. Glynn is a consultant at IBM Global Business Services. Thomas Hegghammer is the director of terrorism research at the Norwegian Defence Research Establishment (FFI). Austin Long is an assistant professor at the School of International and Public Affairs and a member of the Arnold A. Saltzman Institute of War and Peace Studies at Columbia University. Scott D. Sagan is the Caroline S. G. Munro Professor of Political Science and a senior fellow at the Center for International Security and Cooperation, Freeman Spogli Institute for International Studies at Stanford University. Ronald Schouten is the director of the Law & Psychiatry Service of Massachusetts General Hospital and associate professor of psychiatry at Harvard Medical School. Jessica Stern is a fellow at the FXB Center for Health and Human Rights at the Harvard School of Public Health and a lecturer in government at Harvard University. Amy B. Zegart is the codirector of the Center for International Security and Cooperation; a senior fellow, by courtesy, at the Freeman Spogli Institute for International Studies; Davies Family Senior Fellow at the Hoover Institution; and professor, by courtesy, of political science at Stanford University.

vii

Acknowledgments

This book would not have been possible without the assistance of many people and organizations. It has its origins in two workshops sponsored by the Global Nuclear Future project of the American Academy of Arts and Sciences, the first at Stanford University in 2011 and the second at the American Academy in Cambridge, Massachusetts, in 2014. We also thank the World Institute for Nuclear Security (WINS), which invited us to present our ideas at workshops in Vienna and Johannesburg. We are grateful to all those who participated in these workshops for contributing greatly to our thinking on the problem of insider threats. We have also given seminars on our work at the Los Alamos National Laboratory and the Sandia National Laboratory, and thank the participants in these meetings for sharing insights about the complex challenges we face when dealing with insider threats. An earlier version of the concluding chapter, our “Worst Practices Guide to Insider Threats,” was published in 2013 as an occasional paper by the American Academy of Arts and Sciences. Our home institutions, the Managing the Atom (MTA) project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs (BCSIA) and the Center for International Security and Cooperation (CISAC) at Stanford University’s Freeman Spogli Institute for International Studies (FSI), both generously supported our efforts to research the insider problem. We thank our research assistants—Nickolas Roth at Harvard and Anna Coll, Maral Mirshahi, and Reid Pauly at Stanford—for their superb work in helping us with this project. We are especially grateful to Francesca Giovannini, the program director for Global Security and International Affairs at the American Academy of Arts and Sciences. The Academy’s work in this area has been generously supported by the Carnegie Corporation of New York,

ix

ACKNOWLEDGMENTS

the John D. and Catherine T. MacArthur Foundation, the Hewlett Foundation, the Flora Family Foundation, and the Alfred P. Sloan Foundation. Finally, we owe a great debt to the authors of the individual chapters in this volume, who put in enormous efforts to provide their insights about and analyses of this particularly vexing set of dangers.

x

Introduction Inside the Insider Threat Matthew Bunn and Scott D. Sagan

Insider threats may be rare within most professional and competent organizations, and especially rare inside organizations that are responsible for protecting the national security of a country and its critical infrastructure. But not all national security organizations are as highly professional and competent as they claim to be, and devastating insider threats have sometimes occurred even within the best of the organizations that have sought to minimize the dangers. Rare does not mean nonexistent. In this book, readers will encounter many rare but devastating cases of insider threats from around the globe: disloyal personal security guards murdering a prime minister in India; individual soldiers deliberately opening fire on their own military comrades or allied forces in the United States and Afghanistan; employees engaging in sabotage attacks on nuclear reactors in South Africa and Belgium; and a microbiologist working inside a sensitive U.S. biodefense facility and sending deadly anthrax spores through the mail in order to kill reporters and elected officials and terrorize the public. Nuclear materials, because of their dangerous radioactivity and their potential to be used in weapons, are usually considered to be the crown jewels of physical protection. However, insiders pose a serious threat to these materials as well: virtually all the cases of nuclear theft in which the circumstances are known were perpetrated either by insiders or with the help of insiders; also, given that many unsolved cases of nuclear theft involve bulk material stolen without anyone else in the organization being aware that the material was missing, there is every reason to believe that these thefts were also perpetrated by insiders who understood weaknesses in security systems and could cover their tracks afterward. Insiders have also perpetrated a large number of thefts from heavily guarded nonnuclear facilities.1 A 2014

1. Bruce Hoffman, Christina Meyer, Benjamin Schwarz, and Jennifer Duncan, Insider Crime: The Threat to Nuclear Facilities and Programs (Santa Monica, CA: RAND, 1990).

1

MATTHEW BUNN AND SCOTT D. SAGAN

Sandia National Laboratory report on cases of large-scale, multi-milliondollar perfect heists around the world found that over half of them involved an insider—often a coerced employee but sometimes a planted and recruited criminal.2 It would be reassuring if the intelligence agencies and the armed services of the United States were immune to insider threats, but that is clearly not the case. Indeed, virtually all of the major U.S. intelligence agencies and branches of the military have also experienced an extremely damaging insider incident. Even a partial list is stunning: • Central Intelligence Agency officer Aldrich Ames sold secrets to the Soviet Union and Russia for almost ten years, compromising more than a hundred covert operations in exchange for $2.5 million before he was caught in 1994. • FBI counterintelligence officer Robert Hanssen passed on classified information to the Soviet Union and Russia for twenty-two years, from 1979 to 2001. • In 2012 and 2013, National Security Agency contractor Edward Snowden— who had earlier worked for both the CIA and the Defense Intelligence Agency—leaked to the media thousands of classified U.S., British, and Australian documents about global surveillance practices and military operations. • From 1968 to 1984, U.S. Navy chief warrant officer John Anthony Walker led a four-person insider spy ring that passed on classified information and codebooks permitting the Soviets to read encrypted U.S. military messages. • In 1979, U.S. Air Force second lieutenant Christopher M. Cooke gave the Soviet Union the secret launch codes and flag words for the Strategic Air Command’s nuclear ICBM force. • In early 2010, U.S. Army private Chelsea Manning (then known as Bradley Manning) leaked some 250,000 classified diplomatic cables and 500,000 U.S. Army reports and documents from the Iraq and Afghanistan wars to the WikiLeaks organization, which then posted most of them on the Internet.3

2. Jarret M. Lafleur, Liston K. Purvis, Alex W. Roesler, and Paul Westland, The Perfect Heist: Recipes from around the World, SAND 2014-1790 (Albuquerque, NM: Sandia National Laboratories, 2014). 3. For an account of the Aldrich Ames case, see Tim Weiner and David Johnston, Betrayal: The Story of Aldrich Ames, an American Spy (New York: Random House, 1995). On the case of Robert Hanssen, see David Wise, Spy: The Inside Story of How the FBI’s Robert Hanssen Betrayed America (New York: Random House, 2003); U.S. Department of Justice, Office of the Inspector General, A Review of the FBI’s Performance in Deterring, Detecting, and Investigating the Espionage Activities of Robert Philip Hanssen (Washington, DC: U.S. Government Printing Office, 2003). For reporting on the Edward Snowden leak, see Gellman et al., “Edward Snowden Comes Forward as Source of NSA Leaks,” Washington Post, June 9, 2013. On the John Anthony Walker case, see John Prados, “The Navy’s Biggest Betrayal,” Naval History Magazine 24, no. 3 (2010), https://news.usni.org/2014/09/02/john-walker-spy-ring-u-s-navys-biggestbetrayal. For an account of the Christopher M. Cooke case, see Eric Schlosser, Command and Control: Nuclear Weapons, the Damascus Incident, and the Illusion of Safety (New York: Penguin, 2013), 444. On the Bradley Manning leak, see Charlie Savage, “Soldier Admits Providing Files

2

INTRODUCTION

The U.S. military services, intelligence agencies, secret service details, and nuclear security guard forces are supposed to be the best of the best; they are designed to be highly effective national security organizations. So it is significant that even they have suffered serious insider incidents. If the most elite organizations in the nation have had many serious problems in recognizing and dealing with insider threats, doesn’t this suggest that other organizations will have even more serious difficulties? Why are insiders so difficult to protect against? Part of the answer is that there are deep organizational and cognitive biases that lead managers to downplay the threats insiders pose to their organizations, facilities, and operations.4 But another part of the answer is that those managing security operations often have limited information about incidents that have happened in other countries or in other industries, and the lessons that might be learned from them. In addition, leaders sometimes ignore the likelihood that insiders may know not only an organization’s secrets but also its security systems and procedures—and how those security measures might be defeated. Finally, insiders are usually known entities; they are familiar and trusted. Few employees imagine that their colleagues, whom they have known and worked with for years, might pose a danger. In high-security organizations, these colleagues have typically also been through a formal process of review and been officially approved as trustworthy, removing them further from suspicion. The case studies in this book demonstrate that these factors can generate remarkable complacency about insider threats even in otherwise highly competent organizations. Overconfidence in the ability to identify and deal with potential insider threats makes leaders blind to what afterward seem to have been obvious warning signs of impending danger. Red flags are often waving in the wind, but no one sees them.

Varieties of Insider Threats We define an insider as a person with authorized access to items that an organization wishes to protect—information, people, and dangerous or valuable materials, facilities, and equipment. Insiders are often employees, but they can also be contractors or certain types of visitors. Insiders can be

to WikiLeaks,” New York Times, February 28, 2013; and Charlie Savage and Emmarie Huetteman, “Manning Sentenced to 35 Years for a Pivotal Leak of U.S. Files,” New York Times, August 21, 2013. 4. For an account of the biases that lead organizations to underestimate the risks they face, see Max H. Bazerman and Michael D. Watkins, Predictable Surprises: The Disasters You Should Have Seen Coming and How to Prevent Them (Cambridge, MA: Harvard Business School Publishing, 2004).

3

MATTHEW BUNN AND SCOTT D. SAGAN

individuals at any level of an organization—from the janitor cleaning up at night to the manager of the entire organization. Guards, in particular, can help cope with both external and insider threats, but they can also pose insider threats themselves. Indeed, the security chief of one of Russia’s largest plutonium and highly enriched uranium (HEU) processing facilities described guards as “the most dangerous internal adversaries.”5 Insiders can pose many different types of threats. Some simply provide information to individuals outside the organization—ranging from a spy agency’s secrets to a company’s intellectual property to information on key weaknesses in an organization’s security that others could exploit. Some might steal from the organization, sabotage a facility, or help outsiders do one of these things. A key distinction is between insiders who are passive (for example, those who let an outside group know about a security vulnerability but take no other part in their plot), those who are active (for example, insiders who open a key security door or disable an alarm), and those who are violent (for example, guards willing to shoot other employees as part of the plot). People can follow many pathways to becoming insider threats to an organization. Prescreening processes such as background investigations might detect some risky individuals moving on some of these pathways, but other individuals may not be detected. Self-motivated insiders at some point decide for their own reasons to become insiders—perhaps becoming a spy or a thief. Recruited insiders are already inside an organization but are then convinced by others to take part in a plot. Infiltrated insiders are associated with some adversary of the organization and join an organization with the purpose of carrying out malicious activity against it. Inadvertent or nonmalicious insiders pose a threat by making mistakes without really intending to do so (such as an employee who leaves a password lying around). Finally, coerced insiders remain loyal in intent but knowingly assist in theft or sabotage to prevent hostile acts against themselves or their loved ones. Motives for insiders in each of these categories vary widely. Common motivations for the first three types of insiders include money problems, anger and disgruntlement, desire to show off their own cleverness, and ideological affiliation with a terrorist group or another state. Inadvertent insiders may not have any motivation at all and, indeed, may not be aware that their actions are creating a danger to the organization for which they work. Coerced insiders would never be identified as a problem in any screening process if they are professional and highly motivated to protect their organization’s secrets or assets, but they can be even more motivated

5. Igor Goloskokov, "Refomirovanie Voisk MVD po Okhrane Yadernikh Obektov Rossii" [Reforming MVD troops to guard Russian nuclear facilities], Yaderny Kontrol 9, no. 4 (2003), http://www.pircenter.org/data/publications/yk4-2003.pdf, 39–50.

4

INTRODUCTION

to protect their loved ones. When family members are kidnapped and threatened with death, coerced insiders may become dangerous threats.

The Importance of the Insider Threat Today, in a world of nuclear weapons, deadly pathogens, potentially devastating cyber intrusions, and high-capability terrorist groups bent on mass destruction, the stakes in dealing with insiders have never been higher. In the United States, these dangers have been recognized at the highest levels. After the stunning leaks by Edward Snowden on National Security Agency operations and the massive transfer of diplomatic cables and military reports by Chelsea Manning to WikiLeaks, President Barack Obama issued a directive intended to ensure that all U.S. executive branch agencies put in place the “minimum elements necessary” for an effective program to protect against insider threats.6 Nevertheless, there is a great deal more to be done to reduce the risks that insiders in various organizations pose to society. With the possibility that terrorists could make or steal deadly pathogens, or try to use cyber attacks to shut down critical infrastructure, or steal nuclear material and make a crude nuclear bomb, or cause a Fukushima-scale accident by sabotaging a nuclear facility, the potential threats posed by insiders in modern society are especially dire.7 Not all insider threats can be traced to terrorists or foreign governments. Indeed, disgruntled insiders at nuclear facilities have perpetrated many of the known acts of nuclear sabotage. In August 2014, for example, the Unit 4 reactor at Doel in Belgium shut down when the lubricant for its turbine drained away, causing substantial damage to the turbine and putting the

6. Barack Obama, “Presidential Memorandum: National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs,” November 21, 2012, http:// www.whitehouse.gov/the-press-office/2012/11/21/presidential-memorandum-nationalinsider-threat-policy-and-minimum-stand. Interestingly, after these leaks and the first Fort Hood shooter case, the insider threats that the memo highlights are “potential espionage, violent acts against the Government or the Nation, and unauthorized disclosure of classified information.” Theft of nuclear materials does not appear to be one of the priorities. 7. For assessments of the nuclear terrorism threat, see Matthew Bunn et al., The U.S.Russia Joint Threat Assessment of Nuclear Terrorism (Cambridge, MA: Belfer Center for Science and International Affairs, Harvard Kennedy School, and Institute for U.S. and Canadian Studies, 2011), http://belfercenter.ksg.harvard.edu/publication/21087; William H. Tobey and Pavel Zolotarev, “The Nuclear Terrorism Threat" (paper presented at the meeting of the 2014 Nuclear Security Summit "Sherpas," Pattaya, Thailand, January 13, 2014), http:// belfercenter.ksg.harvard.edu/files/nuclearterrorismthreatthailand2014.pdf; and Matthew Bunn, Martin B. Malin, Nickolas Roth, and William H. Tobey, Advancing Nuclear Security: Evaluating Progress and Setting New Goals (Cambridge, MA: Project on Managing the Atom, Belfer Center for Science and International Affairs, Harvard University, 2014), http:// belfercenter.ksg.harvard.edu/files/advancingnuclearsecurity.pdf, i–vi, 49–60.

5

MATTHEW BUNN AND SCOTT D. SAGAN

reactor out of commission. Internal investigations concluded that an insider had intentionally drained the lubricant to sabotage the facility.8 The potential consequences of such insider actions are staggering. The deliberate spreading of a highly infectious and deadly disease by an insider with knowledge of how to maximize casualties could produce effects that dwarf those caused by the 2001 anthrax attacks in the United States. A crude terrorist nuclear explosive—potentially made from a chunk of stolen nuclear material the size of a grapefruit—could turn the heart of a major city into a smoldering radioactive ruin, killing tens or hundreds of thousands of people. Economic and political effects would reverberate throughout the world, causing an economic crisis that would create, as Kofi Annan remarked, a “second death toll in the developing world.”9 A successful nuclear reactor sabotage incident could potentially produce consequences on the scale of the 2011 accident at Fukushima Daiichi, forcing huge numbers of people to flee and causing many tens of billions of dollars of damage through social and economic disruption. The probabilities of these events may not be high, but the potential consequences are grave enough to justify urgent action to reduce the risks. And insiders appear to be an important— but not always recognized—source of these risks.

Why This Book? Protecting against insiders is a difficult job, for at least two reasons. First, the complacency that leads an organization to downplay the insider threat and fail to take appropriate action against it is difficult to combat. Second, in part because of the secrecy that often surrounds security measures, there is insufficient sharing of information and learning from the experience of other similar organizations.10 Real case studies, in all their specificity, can help address both of these barriers to coping with the insider threat. By highlighting the reality of the danger, they can be powerful motivators to focus organizational leaders

8. See, for example, Geert de Clercq, “Belgian Doel 4 Nuclear Reactor Closed till YearEnd,” Reuters, August 14, 2014. 9. Kofi Annan, "A Global Strategy for Fighting Terrorism: Keynote Address to the Closing Plenary" (paper presented at the International Summit on Democracy, Terrorism and Security, Madrid, 2005), http://english.safe-democracy.org/keynotes/a-global-strategy-forfighting-terrorism.html. 10. There are exceptions, of course. Cybersecurity, in particular, has seen much more genuine data and more data-driven analysis of appropriate practices in coping with insider threats than most other security fields have seen. See, for example, George Silowash et al., Common Sense Guide to Mitigating Insider Threats, 4th ed., CMU/SEI-2012-TR-012 (Pittsburgh: CERT Program, Software Engineering Institute, Carnegie-Mellon University, 2012), http:// resources.sei.cmu.edu/asset_files/TechnicalReport/2012_005_001_34033.pdf.

6

INTRODUCTION

and staff on addressing insider threats. And the lessons learned from both the failures and the successes of others can help organizations strengthen their own insider threat protections. We are specialists on nuclear weapons proliferation and nuclear materials security. Fortunately for the world, but unfortunately for research, there are very few well-documented insider cases in the nuclear sector—that is, cases where not only is it known that an insider stole a nuclear weapon or material or sabotaged a nuclear facility but also that the specifics of how this happened have been released. In this arena, secrecy can be the enemy of learning. Hence, it is especially important to learn lessons not only from the narrow world of nuclear security but from other sectors as well. This book is an exercise to promote “vicarious learning,” in that we want organizational leaders and managers to learn from one another's mistakes and successes in dealing with insider threats. The principles we outline in this book are applicable, we believe, to preventing and mitigating insider threats across a wide range of contexts.

The Plan of the Book In the following pages, an extraordinary group of authors helps to get inside the insider threat problem. First, Thomas Hegghammer and Andreas Hoelstad Dæhli ask to what extent terrorists have actually tried to accomplish their objectives by using insiders in nuclear facilities—either by convincing existing insiders to work with them or infiltrating their own members into the facility. To what extent have they considered such tactics? To answer these questions, the authors pull together an unprecedented data set on nuclear incidents around the world, drawing on multiple sources of information, and dive deeply into a wide range of terrorist writings and website discussions. There have been many insider incidents at nuclear facilities, but these authors find only a small number that have been convincingly linked to terrorists—and relatively little discussion of this tactic in the vast jihadi literature. Nevertheless, Hegghammer and Dæhli acknowledge that our information about incidents in Russia and Pakistan is not very extensive, preventing us from making confident assessments about insider threats in those two crucial countries in the coming years. They also present information about incidents in Belgium in 2014 and 2016 that suggest that Islamic State (IS) terrorists and sympathizers have targeted nuclear facilities. Given the potential consequences of successful nuclear theft or sabotage committed or aided by insiders anywhere, Hegghammer and Dæhli offer recommendations for making the insider pathway less attractive to international terrorists. Next, two chapters explore troubling cases in which the U.S. Army and a U.S. biodefense laboratory failed to recognize and respond to glaring

7

MATTHEW BUNN AND SCOTT D. SAGAN

warnings of trouble to come. Amy B. Zegart offers an organizational diagnosis of the case of Major Nidal Malik Hasan, who killed thirteen of his fellow soldiers and injured many more in the 2009 Fort Hood shootings. Zegart explores in detail the web of poorly designed organizational procedures, misplaced incentives, and miscommunication between organizations that allowed the Army to fail to notice and respond to multiple signs that Hasan might pose a threat—and the FBI to drop the ball on its investigation—until it was too late. Jessica Stern and Ronald Schouten then dissect the equally remarkable case of Bruce Ivins, the Army scientist widely believed to have perpetrated the anthrax attacks that followed the 9/11 terrorist attacks in New York City and Washington, DC. As the authors show, Ivins had long suffered from severe mental illness and had been identified by some of his therapists as a serious danger—but none of that information ever percolated up to those in authority, and his coworkers did not report multiple warning signs (including Ivins expressing concern about his own increasing paranoia), dismissing them as the actions and musings of a harmless eccentric. These two chapters raise a troubling question: If organizations fail to detect insiders when the warnings are so flagrant, what hope is there that organizations will notice and respond to the more subtle signs that might come from a sophisticated and determined insider? The Zegart and Stern/Schouten chapters are followed by two chapters that offer case studies to identify possible steps that might reduce the insider threat. First, Austin Long describes the puzzling story of the sudden surge of “green on blue” attacks—Afghan soldiers and policemen attacking U.S. and European troops—in Afghanistan in 2012, and the almost equally rapid decline in these attacks in 2012–2013. He explores different theories of the causes of both the increase and the decline, finding at least suggestive evidence that a substantial portion of the surge was the result of a Taliban decision to emphasize insider attacks after seeing how effective these were in undermining coalition cohesion, and also that steps to address the threat, ranging from enhanced screening of Afghan personnel to having a “guardian angel” remain armed and on watch whenever Afghan and U.S. troops were working together, contributed to the decline. Matthew Bunn and Kathryn M. Glynn explore approaches to insider protection in the casino and pharmaceutical industries, reasoning that firms that have a profit incentive to maximize insider protection will likely have come up with creative means for doing so. Bunn and Glynn outline a number of insiderprotection practices used in these industries that the nuclear industry might adopt—but they also find deep differences in context and objectives that weaken the analogy. In particular, for both the casino and the pharmaceutical industries, small thefts are generally not worth the cost of the security measures needed to stop them—an attitude that certainly should not be replicated with respect to plutonium, HEU, biological agents, or intelligence secrets.

8

INTRODUCTION

Finally, we offer a set of conclusions and lessons learned for coping with the insider threat, drawing on these chapters and lessons from other incidents around the world. It is now common for regulators and nongovernment organizations to present “best practices guides” on many thorny problems in order to ensure that appropriate lessons are learned. In contrast, our chapter “A Worst Practices Guide to Insider Threats” highlights common failures and explains why it is so difficult for national security organizations to learn how to protect themselves from insider threats. Our hope is that this book offers new perspectives and information that will encourage vicarious learning about both successes and failures in the past. The book’s contributing authors have gotten inside the insider threat in order to help leaders better understand the complexity of the problems that they face. We do not expect that good scholarship can identify all potential pathways by which insider threats emerge and fester. But we do hope that our case studies and comparative analyses can spark further research, encourage vigilance and prudent policy changes, and reduce future risks, even if no organization can eliminate insider threats altogether.

9

chapter 1

Insiders and Outsiders A Survey of Terrorist Threats to Nuclear Facilities Thomas Hegghammer and Andreas Hoelstad Dæhli

Employees are the Achilles’ heel of nuclear installations. Skilled insiders can cause more damage and steal radioactive material more easily than outsiders can.1 All known cases of nuclear theft appear to have involved insiders, as did several cases of sabotage.2 The prospect of a terrorist insider has therefore long worried governments and should continue to do so. But effective countermeasures require a nuanced and empirically based understanding of the threat. This chapter seeks to inform insider-threat assessments by taking stock of what terrorists have said and done in the past with regard to nuclear insider plots. As we shall see, terrorists have so far displayed somewhat less interest in nuclear insider operations than many have expected. When militants have tried to attack nuclear facilities, they have mostly preferred other methods such as assault. The reason appears to be that prospective attackers are deterred by the sheer difficulty of recruiting insiders. This does not mean that the insider-threat problem is not a serious one; several groups have contemplated nuclear terrorism and would probably not hesitate to use insiders if

We are grateful to Matthew Bunn and Scott D. Sagan for their careful reading of several versions of our manuscript. Anne Stenersen, Halvor Kippe, and Jacob Shapiro also provided valuable comments. We also received useful feedback from other participants in the May 2014 workshop at the American Academy of Arts and Sciences and in a June 2014 seminar at the Norwegian Defence Research Establishment. The replication file for the WMD incident data and the jihadi plot data presented in this chapter will be made available on www.hegghammer.com.

1. D. F. Knuth, “Sabotage Potential for an Insider in Operating Nuclear Power Plants,” Transactions of the American Nuclear Society 28 (1978); Gerald L. Pollack, “Severe Accidents and Terrorist Threats at Nuclear Reactors,” in Nuclear Terrorism: Defining the Threat, ed. Paul Leventhal and Yonah Alexander (London: Brassey’s, 1986), 66–77; Anthony L. Honnellio and Stan Rydell, “Sabotage Vulnerability of Nuclear Power Plants,” International Journal of Nuclear Governance, Economy and Ecology 1, no. 3 (2007): 312–321. 2. Matthew Bunn and Scott D. Sagan, A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes (Cambridge, MA: American Academy of Arts and Sciences, 2014), 1.

10

1. INSIDERS AND OUTSIDERS

they could. Our data suggest that some terrorist insider scenarios are more likely than others and that governments can use this insight to better guard against the threat. We notably find that far-right militants have expressed more interest in exploiting nuclear insiders than have jihadi groups. We also argue that infiltration is more likely to occur in the form of an existing insider reaching out to a terrorist group, and it is less likely that terrorist groups will try to plant operatives or “cold call” insiders. This suggests that sting operations designed to undermine terrorists’ trust in insiders who contact them might help further reduce the malevolent insider threat. The chapter makes two main contributions to the nuclear insider literature. The first is to provide what we believe is the hitherto most comprehensive empirical overview of terrorist efforts to attack nuclear installations using insiders. Scholars have attempted to do this in the past, but the key problem has been a lack of data.3 In recent years, however, a number of new sources and data sets have become available, prompting us to revisit the historical record for evidence on infiltration efforts. In addition to using new data, the study breaks new ground by looking systematically at both declared intentions and actual attempts, and by presenting both large-n data and in-depth case study evidence.

3. There are no comprehensive data sets for nuclear insider crimes and few known nuclear insider cases involving terrorists. To compensate, some analysts have tried extrapolating from analogous industry data; see J. M. Heineke, Insider Threat to Secure Facilities: Data Analysis (Livermore, CA: Lawrence Livermore Laboratory, 1979); Robert N. Reinstedt and Judith Westbury, Major Crimes as Analogs to Potential Threats to Nuclear Facilities and Programs (Santa Monica, CA: RAND, 1980); Sarah H. Mullen, J. J. Davidson, and H. B. Jones, Jr., Potential Threat to Licensed Nuclear Activities from Insiders (Insider Study) (Washington, DC: Nuclear Regulatory Commission, 1980); R. S. Schechter, Insider Threat to Secure Facilities—A Synopsis of Nine Interviews (Livermore, CA: Lawrence Livermore Laboratory, 1980); Sarah Mullen, Generic Adversary Characteristics and the Potential Threat to Licensed Nuclear Activities from Insiders (Washington, DC: Nuclear Regulatory Commission, 1981); and Bruce Hoffman et al., Insider Crime: The Threat to Nuclear Facilities and Programs (Santa Monica, CA: RAND, 1990). Others have tried extrapolating from general trends in terrorism; see Gail Bass et al., Motivations and Possible Actions of Potential Criminal Adversaries of U.S. Nuclear Programs (Santa Monica, CA: RAND, 1980); Gail Bass and Brian Michael Jenkins, A Review of Recent Trends in International Terrorism and Nuclear Incidents Abroad (Santa Monica, CA: RAND, 1983); Bruce Hoffman, Terrorism in the United States and the Potential Threat to Nuclear Facilities (Santa Monica, CA: RAND, 1986); Daniel Hirsch, “The Truck Bomb and Insider Threats to Nuclear Facilities,” in Preventing Nuclear Terrorism: The Report and Papers of the International Task Force on Prevention of Nuclear Terrorism (Lexington, MA: Lexington Books, 1987), 207–222. Yet others have based assessments on hypothetical scenarios; see Charles D. Ferguson and William C. Potter, The Four Faces of Nuclear Terrorism (Monterey, CA: Monterey Institute for International Studies, 2004), 58–59 and 272–273; Mohammad Saleem Zafar, Vulnerability of Research Reactors to Attack (Washington, DC: Henry L. Stimson Center, 2008), 26–28; and Honnellio and Rydell, “Sabotage Vulnerability.” All these alternative specification strategies have yielded only vague assessments. Meanwhile, the literature on terrorists and chemical, biological, radiological, and nuclear (CBRN) weapons has focused on terrorists’ general interest in deploying such weapons. Little attention has been paid to specific operational modes such as infiltration, and none of the existing CBRN terrorism data sets code for tactics. Therefore, much of the nuclear insider literature so far simply assumes the existence of malevolent infiltrators and asks instead how to protect against insiders in general.

11

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

Our second contribution is a new typology of insider operations that can be used to organize historical evidence and think about future threats. We argue that insider operations may take one of four ideal-type forms. The first we call insertion, a process whereby a group plants an existing member in a facility. Second is recruitment, whereby a group reaches out to an existing employee. Third is outreach, whereby an employee reaches out to a group. Fourth is autonomous action, whereby the employee develops terrorist motivations on his or her own and acts independently of outside groups.4 The first two scenario types appear to be quite rare, and most serious terrorist insider cases seem to involve “outreach” or “autonomous action.” This chapter has important limitations. For one, it is a study of the past, not the future. We do not evaluate the possible impact of emerging tactics such as cyber-based infiltration. History can be a useful analytical starting point, but it does not tell us all we need to know about future threats. Second, our data are bound to contain inaccuracies. Clandestine groups are generally hard to observe, and here we are left dealing mostly with intentions, plans, and attempts because successful insider attacks are so rare. This is the murkiest of murky territories: Terrorists often conceal their intentions, governments sometimes play down security breaches, and both journalists and law enforcement agencies involved in an arrest may exaggerate plots. Moreover, our incident data from non-Western countries such as Russia and Pakistan are much less comprehensive and granular than for Western countries, leaving a potentially significant reporting bias in our data. We have not attempted a comprehensive review of terrorist insider cases at other types of sensitive facilities, which could provide additional analogies on which to draw. Finally, our review of declared intentions is focused on jihadi and far-right groups, which means that we may have overlooked relevant texts and statements by other group types. We ask three questions: First, what have terrorists said about nuclear insider operations in their publications and internal communications? Second, how often have they attempted nuclear insider operations? Third, what are the most prominent nuclear insider cases, and what can we learn from them? We addressed the first question by trawling secondary literature on terrorist ideologies and searching repositories of extremist literature. For the second question, we built a new data set of serious radiological and nuclear incidents involving terrorists, coding for attack mode. We addressed the final question by selecting four of the most prominent cases and digging deep into the available literature on each. These three research questions also structure our chapter: We look first at terrorists’ sayings, then at their doings, and finally at the specifics of four cases.

4. All of these scenarios may conceivably involve more than one person on the inside, although historical experience suggests they are more likely to involve a single individual.

12

1. INSIDERS AND OUTSIDERS

Terrorist Views on Nuclear Targets and Infiltration Let us start with terrorist literature. We focus on jihadi and far-right groups because these are the two ideological families with the longest and best documented history of interest in chemical, biological, radiological, and nuclear (CBRN) weapons use. jiha di gro ups No group has been under more intense scrutiny for its possible CBRN ambitions than al-Qaida and its affiliates, and for good reason. The 9/11 attacks demonstrated al-Qaida’s willingness to maximize casualties in the West, an intention repeated in word and deed on multiple occasions thereafter. There is ample textual evidence of jihadi interest in CBRN in general, and there is hard evidence of jihadi actual use of chemical weapons5 and of active pursuit of radiological and nuclear (RN) weapons.6 There is no question that at least some jihadi groups are ideologically open to the use of RN weapons. Al-Qaida’s former leader Osama bin Laden spoke repeatedly of nuclear weapons in positive terms as a capability that Muslims have a duty to acquire.7 An al-Qaida-linked cleric, Nasir al-Fahd, issued a fatwa in 2003 sanctioning the use of weapons of mass destruction (aslihat aldimar al-shamil) against Western civilians.8 A leading strategic thinker, Abu Mus‘ab al-Suri, has written extensively on the strategic utility of such weapons and has argued that “hitting the US with WMD . . . is vital.”9 In 2009 the

5. Anne Stenersen, Al-Qaida’s Quest for Weapons of Mass Destruction: The History behind the Hype (Saarbrücken: VDM Verlag, 2008); Gary Ackerman and Jeremy Tamsett, Jihadists and Weapons of Mass Destruction (Boca Raton, FL: CRC Press, 2009). 6. Graham Allison, Nuclear Terrorism: The Ultimate Preventable Catastrophe (New York: Holt, 2005); Rolf Mowatt-Larsen, Al Qaeda Weapons of Mass Destruction Threat: Hype or Reality? (Cambridge, MA: Belfer Center for Science and International Affairs, 2010). 7. Bin Laden made three key statements on nuclear weapons in his career. In June 1998 he issued a statement praising the Pakistani nuclear tests and urging Muslims “to support the jihad of the Pakistani people” and to “not be lax in possessing nuclear, chemical, and biological weapons”; see Foreign Broadcast Information Service, “Compilation of Usama Bin Ladin Statements, 1994–January 2004,” 2004, https://fas.org/irp/world/para/ubl-fbis.pdf, 71. In December 1998 he told al-Jazeera in an interview that “we do not regard [the claim that we are attempting to possess nuclear, chemical, or biological weapons] as a charge, but rather as a right” (ibid., 163). Then, in an interview with Time published in January 1999, he said, “Acquiring weapons for the defense of Muslims is a religious duty. If I have indeed acquired [chemical and nuclear] weapons, then I thank God for enabling me to do so. And if I seek to acquire these weapons, I am carrying out a duty. It would be a sin for Muslims not to try to possess the weapons that would prevent the infidels from inflicting harm on Muslims” (ibid., 85). 8. Nasir al-Fahd, “Hukm istikhdam aslihat al-dimar al-shamil didd al-kuffar [Ruling on the Use of Weapons of Mass Destruction against the Infidels],” 2003, http://tawhed.ws/r?i=2gi7siuw. 9. Stenersen, Al-Qaida’s Quest, 33–34; Reuven Paz, “Global Jihad and WMD: Between Martyrdom and Mass Destruction,” Current Trends in Islamist Ideology 2 (2005): 74–86.

13

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

leader of al-Qaida’s affiliate in Yemen, Nasir al-Wuhayshi, claimed (falsely) that his group possessed nuclear weapons and planned to use them against the United States.10 Technical documentation on RN weapons has been found in al-Qaida’s possession, and on at least one occasion (the José Padilla case) a RN plot was actively contemplated but was scrapped on feasibility grounds.11 Meanwhile, on jihadi Internet forums, anonymous users have regularly fantasized about RN weapons, and they have circulated at least one major technical manual (and several smaller ones) on nuclear weapons.12 Islamic State (IS), the most powerful jihadi group in 2016, has not spoken much about CBRN weapons since rising to prominence in mid-2014. Its leader, Abu Bakr al-Baghdadi, and spokesman, Abu Muhammad al-Adnani, have not raised the topic in their speeches after the caliphate was declared in late June 2014. However, one article in the group’s English-language magazine, Dabiq, briefly mentions a specific hypothetical scenario in which IS acquires a nuclear weapon and smuggles it into the United States for detonation.13 Moreover, as a former al-Qaida affiliate that continues to hold Osama bin Laden in great esteem, IS can be assumed to share al-Qaida’s general views of CBRN weapons as legitimate. As discussed later in this chapter, monitoring of a nuclear insider in Belgium in 2015 by IS operatives may be an indicator of nuclear intent. Last but not least, IS and its previous incarnations have a history of chemical weapons use in Iraq since the mid-2000s and possibly in Syria since 2014.14 We should not exaggerate the relative attention paid to RN weapons in jihadi writings. CBRN-related texts make up a small proportion of jihadi texts on tactics, and among these CBRN-related texts, documents focusing on RN weapons are in a minority.15 Bin Laden himself never actually singled out the Bomb as the unconventional weapon of choice; all of his three statements speak of nuclear weapons alongside chemical (and in two instances biological) weapons. Even Nasir al-Fahd’s infamous fatwa is not about nuclear weapons specifically, but rather CBRN in general (in fact, the word nuclear appears only twice in al-Fahd’s text). In short, jihadi groups have explored multiple ways to kill large numbers of people, and RN weapons are only one of them. Still, al-Qaida has said and written more on RN weapons than have most other terrorist groups.

10. Abdul Hameed Bakier, “Leader of Yemen’s Mujahideen Claims Al-Qaeda Has a Nuclear Weapon,” Jamestown Terrorism Focus 6, no. 4 (2009). 11. Stenersen, Al-Qaida’s Quest, 37–38 and 45. According to U.S. authorities, Padilla approached Abu Zubayda with a plan to carry out a radiological attack in the United States, but Abu Zubayda dismissed the plan as unrealistic and recommended a conventional attack instead. 12. Stenersen, Al-Qaida’s Quest, 64ff. 13. Dabiq 9, 77, https://azelin.files.wordpress.com/2015/05/the-islamic-state-e2809cdc481biqmagazine-9e280b3.pdf. 14. Bill Roggio, “Al Qaeda’s Chlorine Attacks: The Dirty War in Anbar,” The Long War Journal, March 17, 2007; Dany Shoham, “Does ISIS Pose a WMD Threat?,” BESA Center Perspectives Paper 322, December 13, 2015. 15. Stenersen, Al-Qaida’s Quest, 57 and 66.

14

1. INSIDERS AND OUTSIDERS

It is therefore interesting that our review of jihadi texts revealed relatively few statements specifically mentioning nuclear facilities. The declarations of Osama bin Laden and Ayman al-Zawahiri lack any suggestions to attack nuclear facilities, as do the Abbottabad documents released so far. Minbar al-Tawhid wa’l-Jihad, the main online archive of jihadi ideological literature, appears to contain no texts explicitly suggesting such attacks. To our knowledge, the only mention by a senior al-Qaida leader of the idea of attacking a nuclear facility occurs in Khalid Sheikh Mohammed’s interview with alJazeera in 2002, in which he said that he contemplated using one of the planes in the 9/11 operation to strike a nuclear reactor.16 However, other groups in the wider jihadi movement have mentioned nuclear installations more frequently, not least the Chechen rebels, who made numerous public threats to attack Russian nuclear facilities in the 1990s and early 2000s.17 On jihadi Internet forums, where anonymous jihadis gather for informal discussions, there has also been talk of targeting facilities. However, even here explicit threats are relatively rare. Our search in the Dark Web Forum Portal (DWFP), which covers a variety of forums, some dating back to 2002, uncovered eight posts that revealed a certain interest in attacking nuclear facilities in the West (see the text box for a summary).

Sample jihadi forum messages expressing interest in attacking nuclear facilities 1. “Al-Qaida issues statement on the strike against electricity in America” (Montada, August 18, 2003). Post relaying the statement by the “Abu Hafs al-Masri Brigades” (falsely) claiming responsibility for the electricity outage in the U.S. Northeast and Canada. The statement lists fifteen “benefits” of the attack, the eighth of which was “the closing of nine nuclear reactors, which has never happened before and constitutes a powerful economic blow.” 2. “Can you present al-Qaida with a plan to hit the Americans and the Brits in their own homes?” (Shamikh, December 1, 2007). Short, somewhat cryptic message that reads: “Can you present alQaida with a plan to hit the America and Britain in their own

16. According to U.S. authorities, Mohammed later told interrogators that he also considered nuclear facilities for subsequent attacks in the United States (ibid., 39), but this statement is unreliable as it was likely made under duress. 17. Gavin Cameron, Nuclear Terrorism: Reactors and Radiological Attacks after September 11, November 2, 2001, www.gazettenucleaire.org/~resosol/InfoNuc/documents-importants/ IAEA%20Nuclear%20Terrorism%20After%20September%2011.pdf, 9; Matthew G. Bunn et al., The U.S.-Russia Joint Threat Assessment of Nuclear Terrorism (Cambridge, MA: Belfer Center for Science and International Affairs, 2011).

15

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

homes? - - > nuclear reactors, claimed to be tougher than hitting the towers.” 3. “How does a nuclear reactor work?” (Shamikh, April 12, 2009). Message containing a page-long technical text ostensibly cut and pasted from a nonpolitical source. 4. “Special Strategic Study: We Will Shake the Pillars of the Cross” (Muslm, July 7, 2009). Brief essay by anonymous author that includes the following statement: If, for example, we substituted the 11 September plan with a plan to target American nuclear plants, which was cancelled by al-Qaida’s planners for fear of its great destructive consequences which could reach catastrophic proportions! If we did that, America would be completely forgotten. 5. “The night of the 100,000 dead” (AlFaloja, October 7, 2009). Thread speculating about forthcoming attacks by al-Qaida. One of the anonymous replies includes the following statement: The U.S. military base and its military hospital in Germany will be among the targets. I think [al-Qaida] will strike nuclear reactors producing electricity, God willing, and will cut power to the Germans [. . .], and I think the number of dead Germans and Americans will exceed five thousand. 6. “Sharif Mobley and Nuclear!” (Moslm, March 14, 2010). Message relaying a mainstream news article about the Sharif Mobley case. 7. “Attacking America’s strategic assets” (Ummah, May 23, 2011). Thread about the feasibility and legitimacy of attacking major targets in the United States. One of the replies contains a passage ostensibly cut and pasted from a U.S. environmentalist website. It includes the following passage: There are over 100 operating nuclear power plants in America and 16 non-operational power plants, and a large number of nuclear fuel and weapons facilities. . . . These plants are each vulnerable to air strikes, truck bombs, boat bombs, and of course, the wellequipped and well-armed single madman or small group of terrorists. All anyone needs to do is toss a grenade into a Spent Fuel Pool and hundreds of thousands or even MILLIONS could die. 8. “No, youth of jihad” (Muslm, May 23, 2012). Long essay by anonymous author reflecting on the background and rationale for 9/11. In the middle of the essay, the author rhetorically asks why al-Qaida did not attack “nuclear plants and reactors which are widespread in the East and West of the country,” and argues it was because these targets, unlike New York, had no symbolic connection with Jews. 16

1. INSIDERS AND OUTSIDERS

Of course, DWFP does not contain all the jihadi forum messages ever posted, and our search terms may not have captured all relevant messages.18 However, we doubt we missed large numbers of relevant messages, so we believe that DWFP contains at most a few hundred posts with nuclear-related attack suggestions—out of a total of 16.4 million in the 2002–2014 period.19 If there is little talk of attacking nuclear facilities, there is even less on using insiders to penetrate them. We were not able to identify any forum posts explicitly proposing insider tactics against a nuclear facility. We found only two vaguely relevant items: a forum post relaying a news article about Sharif Mobley, and a text by Safar al-Hawali warning of the insider threat to U.S. facilities from Christian fundamentalists and right-wing extremists. We were also not able to identify any jihadi manuals or treatises on insider tactics, which is interesting given that such texts do exist for guerrilla warfare, assassination, poisoning, and other tactical topics. There are some jihadi texts on recruitment—for example, how to recruit members and which attributes to look for in recruits—but the advice they offer is vague and not tailored to insider scenarios.20 The closest thing to a discussion of nuclear insider use we were able to find in the jihadi literature was a document titled “Rough Presentation for Radiation (Dirty Bomb) Project,” probably written by the British Indian alQaida associate Dhiren Barot (it was found on his computer after his arrest on terrorism charges in 2004).21 The document discusses ways to build a radiological device and briefly discusses the insider option: There are a few large and powerful radioactive devices that are kept in places such as hospitals (X-ray machines) and food prep places. [Redacted] However, for the time being we do not have the contacts that would allow us to purchase such items (previously we had one but he has since been arrested). FYI, security is tight in these places.22

18. Some message types suggest a certain interest in nuclear facilities without explicitly threatening to attack them. Examples are messages that merely convey media reports of nuclear spills in the West or media reports of Western fears of a nuclear attack. 19. This is the number for the English and Arabic forums only; we did not search the German, Russian, and Turkish forums on DWFP. The number of messages is somewhat inflated by the inclusion of a few large forums where only a relatively small proportion of participants can be considered al-Qaida sympathizers (such as the Hawaa women’s forum, which has 3.6 million messages). However, the number of messages on the more radical forums is still around 10 million. 20. Thomas Hegghammer, “The Recruiter’s Dilemma: Signalling and Rebel Recruitment Tactics,” Journal of Peace Research 50, no. 1 (2013): 6. 21. For more on Barot, see David Carlisle, “Dhiren Barot: Was He an Al Qaeda Mastermind or Merely a Hapless Plotter?” Studies in Conflict & Terrorism 30, no. 12 (2007): 1057–1071. 22. Dhiren Barot, “Rough Presentation for Radiation (Dirty Bomb) Project,” http:// nefafoundation.org/file/Barot/GasLimos.pdf. Incidentally, Barot probably overestimated

17

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

This passage shows that Barot considered using insiders to obtain radioactive material. It is nevertheless interesting to note that he speaks not of nuclear scientists or technicians at nuclear plants, but of hospital and factory employees. Moreover, he appears to have had an opportunistic approach to the insider option. If Barot was bent on the insider option, he would presumably have reflected here on how to find a new insider to replace the old one. Instead, he simply notes that none is available and moves to another option (extracting americium from 10,000 smoke detectors). We found more jihadi writings on infiltration of other sensitive targets, such as enemy military organizations. Taliban leaders in particular have called repeatedly for insider attacks on Western forces in Afghanistan, socalled “green-on-blue attacks.” We also found a number of texts praising Nidal Malik Hasan, the perpetrator of the Fort Hood shooting in 2008. The Yemeni American jihadi ideologue Anwar al-Awlaqi notably extolled Hasan and urged others to follow in his footsteps. Meanwhile, the Englishlanguage jihadi magazine Inspire hailed him as a hero, and many jihadi forum messages celebrated the operation.23 The jihadi strategic concept of “individual jihad” arguably also constitutes an implicit call for insider plots. “Individual jihad” is the idea that prospective militants in the West should act on their own (or in small groups) where they live rather than travel to join established groups in the Muslim world. Its most famous proponent is the jihadi strategic thinker Abu Mus‘ab al-Suri,24 but other figures such as Ayman al-Zawahiri, Adam Gadahn, and Anwar al-Awlaqi have also advocated it in their statements.25 Since September 2014, Islamic State’s spokesman Abu Muhammad al-Adnani has repeatedly called on sympathizers in the West to attack locally.26 The call presumably extends to Muslims employed in sensitive organizations, even though it is not targeted specifically at such individuals.

the security level at hospitals and the like. The redacted segment makes up approximately one and three quarters of a line. 23. Steven Stalinsky, “Maj. Nidal Hasan, Fort Hood Shooter and Lone-Wolf Jihadi, Celebrated and Lionized by Terror Groups and Leaders—Al-Qaeda, AQAP, Taliban, IMU, and More—as Well as Top Online Jihadi Forums, Media Outlets,” MEMRI Inquiry & Analysis Series 873 (2012). 24. Brynjar Lia, Architect of Global Jihad: The Life of Al-Qaeda Strategist Abu Mus‘ab Al-Suri (London: Hurst, 2007). 25. Thomas Hegghammer, “Should I Stay or Should I Go? Explaining Variation in Western Jihadists’ Choice between Domestic and Foreign Fighting,” American Political Science Review 107, no. 1 (2013): 7. 26. Thomas Hegghammer and Petter Nesser, “Assessing the Islamic State’s Commitment to Attacking the West,” Perspectives on Terrorism 9, no. 4 (2015): 14–30.

18

1. INSIDERS AND OUTSIDERS

fa r-ri gh t m ili ta n ts From Bologna in 1980 via Oklahoma City in 1995 to Oslo in 2011, farright militants have repeatedly demonstrated their willingness to cause mass casualties. Moreover, parts of the far right have long fantasized in writing about acquiring CBRN weapons, and they have been linked to several cases of attempted CB use.27 In fact, in the United States between 2001 and 2013, individuals with far-right connections were responsible for thirteen CBR incidents while the corresponding number for jihadis was zero.28 The far right has also produced two of the most graphic and unscrupulous declarations of nuclear intent in any extremist textual canon, William Pierce’s The Turner Diaries and Anders Behring Breivik’s 2083—A European Declaration of Independence (hereafter “Breivik’s manifesto”).29 In The Turner Diaries, whose author was a lifelong neo-Nazi activist, we follow a rightwing militia engaged in a revolutionary struggle against the U.S. government, a struggle that the militia eventually wins after sabotaging a nuclear plant, detonating a nuclear bomb at the Pentagon, and provoking nuclear war with Russia. Although a fictional account with a highly unrealistic plot, it is indicative of a worldview devoid of ethical reservations about nuclear warfare. It has also been very popular in far-right circles, and the shortlived 1980s terrorist group the Order sought to emulate the militia in the book. Breivik’s 1,500-page manifesto was published online on July 22, 2011, the same day he bombed a government building and carried out a shooting spree on a Labour party youth camp near Oslo, killing 77 people. The text is a hodgepodge of political analysis, tactical recommendations, and autobiography. It includes a hundred-page section on CBRN weapons, whose use Breivik wholeheartedly endorses. He argues that small nuclear devices are “ideal for annihilating concentrations of category A and B traitors” (968) and provide “perfect conditions for fostering radical change” (964). He strongly recommends nuclear reactor sabotage to inflict “Chernobyl-style damage” to the enemy. He is a notch more restrained than Pierce because he does not, “under any circumstances, accept deployment

27. “When asked if he would consider the use of poison to contaminate the water supply of a major U.S. city, a member of the Phineas Priesthood said, 'When one is at war, one has to consider such things, unfortunately.'" See Mark Juergensmeyer, Terror in the Mind of God: The Global Rise of Religious Violence (Berkeley: University of California Press, 2003), 158. 28. Peter Bergen et al., Jihadist Terrorism: A Threat Assessment (Washington, DC: Bipartisan Policy Center, 2013), 16. 29. Andrew MacDonald (pseudonym for William Luther Pierce), The Turner Diaries, 1978, www.jrbooksonline.com/pdf_books/turnerdiaries.pdf; Anders Behring Breivik, “2083—A European Declaration of Independence,” 2011, https://www.fas.org/programs/tap/_docs/ 2083_-_A_European_Declaration_of_Independence.pdf.

19

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

of nuclear weapons for surface detonation above 0,2 kilotons as it would involve too many civilian casualties” (968). However, what Breivik lacks in bloodthirstiness he makes up for in realism, for he provides a wealth of technical information and pragmatic tactical suggestions for the nuclear plots he does approve of. To be sure, Breivik’s extremism is not representative of the far right, but he does have a certain online following, notably in Eastern Europe, and he currently corresponds from prison with supporters on both sides of the Atlantic. There is anecdotal evidence of other far-right militants being open to NR terrorist tactics. For example, in the mid-1990s a U.S. group called the Aryan Republican Army produced a recruitment video in which it claimed to possess an “Aryan super-bomb” made of “yellow cake plutonium residue.”30 This was probably an empty threat, but it illustrated the tendency in some far-right circles to daydream of NR weapons. We also examined the leading far-right online forum Stormfront, a U.S.-based site popular with white nationalists and neo-Nazis around the world.31 The vast majority of the thousands of Stormfront posts containing the term nuclear weapons or nuclear facilities concern the international politics of nuclear weapons; a dominant theme is frustration over nonwhite countries (such as Iran and Israel) possessing nuclear weapons. Some messages even lament the very existence of nuclear weapons for this reason. A search in the Stormfront archive for “Breivik AND nuclear” revealed 115 threads, none of which contained explicit support for Breivik’s nuclear plans. To be sure, there was not much criticism of them either; the Stormfront community’s main objection to Breivik’s manifesto appears to be his philosemitism and comparatively soft stance on race. As far as explicit suggestions to attack nuclear facilities are concerned, we found such references only in The Turner Diaries and Breivik’s manifesto, but other examples may exist. The Turner Diaries describe the planning and successful execution of a nuclear sabotage operation in some detail. The plot involves a member of the far-right militia accessing a plant during a guided tour open to the public. The operative pretends to be a tourist, conceals explosives in an umbrella, and blows open the reactor in what is effectively a suicide operation. Breivik’s manifesto includes long and detailed instructions for nuclear reactor sabotage. In fact, reactor sabotage appears to be Breivik’s strongest tactical recommendation to the imaginary audience he hopes will continue his struggle. He writes that European governments should be

30. Nadine Gurr and Benjamin Cole, The New Face of Terrorism, 2nd ed. (London: Macmillan, 2004), 293. 31. See www.stormfront.org.

20

1. INSIDERS AND OUTSIDERS

given a deadline on January 1, 2020, after which a campaign of nuclear reactor sabotage (“Operation Regime Ender”) should start. To this end he presents, among other things, a menu of six different assault strategies, an extensive technical description of nuclear reactor designs, and a ten-page list of nuclear plants and research reactors across Europe (1053–1062). Two of Breivik’s six assault strategies against nuclear plants involve insiders. Here is the full description of the two strategies: Assault strategy 3 (1 insider+2): An assault team of two Justiciar Knights might be enough to neutralise the checkpoint guards given that one Justiciar Knight works at the checkpoint undercover. The undercover guard can easily neutralise the other checkpoint guards, deactivate security measures and open the gates. Assault strategy 4 (insider assault—similar to the Chernobyl attack): An assault team of 2 armed Justiciar Knight insiders might be enough to shut down/sabotage the Reactor Protective System (ECCS and SLCS) by f. example sabotage certain reactor emergency systems so that the system cannot initiate an automatic SCRAM procedure and: 1. sabotage the emergency diesel generators and 2: rupture a large coolant pipe in the location that is considered to place the reactor in the most danger. However, due to the airtight containment building this insider assault would need an external Justiciar Knight to blow a hole in the building or cause the structure to collapse. The outside Knight would need to be heavily armed and successfully manage to place a load of 4000–7000 kg of explosives close to the containment building in order for the leakage to reach the atmosphere. (1035)

These passages constitute the most explicit and detailed call for nuclear insider use that we have seen in any terrorist publication. At the same time, Breivik does not appear to have considered insiders a necessary prerequisite for his plan. Like Dhiren Barot, he appears to have had an opportunistic view on insiders—that is, as something to exploit when available.

other gro up types Jihadis and far-right militants are not alone in having contemplated nuclear and radiological terrorism. The list of groups linked to actual attempts— which is only a subset of all the groups that considered it—is remarkably long and includes unexpected names such as the Basque ETA, the South African ANC, and Northern Ireland’s IRA. We did not examine primary sources from all these groups, but we reviewed the secondary literature on terrorism and weapons of mass destruction (WMD) and found few references to major treatises on nuclear topics by other groups. One important exception is the work of Shoko Asahara,

21

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

the leader of the Japanese sect Aum Shinrikyo, who wrote at length about an impending Armageddon that would involve nuclear weapons. He wrote that “radioactivity and other bad circumstances—poison gas, epidemics, food shortages—will occur,” that “in addition to natural disasters, there will be the horror of nuclear weapons,” and that “the weapons used in World War III will make the atomic and hydrogen bombs look like toys.”32 Asahara’s statements were not empty words; Aum Shinrikyo took several concrete steps to acquire nuclear materials, especially in Russia, where the organization had many followers.33 These efforts appear to have included recruitment of soldiers and nuclear industry workers and unsuccessful attempts to purchase nuclear materials from insiders in Russian nuclear facilities.34 This review of declared intentions suggests that while many groups have talked about using WMD, specific suggestions to attack nuclear facilities have been relatively rare, and texts on insiders fewer still. The most detailed text on nuclear insiders (Breivik’s manifesto) seems to propose infiltration only when insiders are available: a procedure of the outreach type in our abovementioned typology.

Terrorist Attempts to Infiltrate Nuclear Installations What about actual attempts to target nuclear installations with insiders? Answering this question is not easy given the absence of a reliable global data set on insider crimes. Our solution was to examine three distinct bodies of data—U.S. nuclear insider crimes, WMD incidents, and jihadi plots— and synthesize the findings. These data still do not add up to a comprehensive data set, but they do provide a more reliable empirical foundation for analyzing this topic than what currently exists in the literature. u. s. n uclea r in si d er data The literature on nuclear insider crimes contains a small number of very detailed incident overviews from the United States. These have the benefit of presumably being quite accurate because the information

32. Juergensmeyer, Terror in the Mind of God, 110, 116, and 154. 33. U.S. Senate, Global Proliferation of Weapons of Mass Destruction: A Case Study on the Aum Shinrikyo (Washington, DC: Senate Government Affairs Permanent Subcommittee on Investigations, 1995). 34. Sara Daly, John Parachini, and William Rosenau, Aum Shinrikyo, Al Qaeda, and the Kinshasa Reactor: Implications of Three Case Studies for Combating Nuclear Terrorism (Santa Monica, CA: RAND, 2005).

22

1. INSIDERS AND OUTSIDERS

was collected in collaboration with the nuclear industry. However, they provide a very partial picture, for they cover only the period up to the early 1980s. The first such study, by Sarah H. Mullen and associates, used mostly analogous industry data but included a small sample of seven nuclear incidents.35 None involved malevolent ideological agents. In 1983 the Nuclear Regulatory Commission conducted a study that identified thirty-two possible acts of sabotage at twenty-four operating reactors and reactor construction sites from 1974 to 1982.36 However, it made no mention of suspected terrorist connections. By far the most extensive and detailed study is by Sutton, which used the Department of Energy’s violation records from 1965 to 1982 to build a database of around 4,000 insider crimes, large and small.37 Sutton’s codebook includes a motivation value called “terrorism” (B-11, B-29) but does not record any incidents with this motivation. Thus, there appears not to have been any nuclear insider terrorist plots in the United States before 1983. However, there are no data sets of comparable detail from the United States after this date.

wm d in cid ent data We therefore turned to the data sets and literature on WMD-related crimes worldwide. Because there are several such incident overviews, each with different inclusion criteria and different levels of reliability, we decided to pool and sift the data to construct a new data set of serious nuclear and radiological incidents.38 The data set covers all countries from 1960 to 2013 and contains a total of 119 incidents. It codes for motivation (“political” or “apolitical”), attack type (“facility attack,” “radiological dispersion,” or “other”), and insider involvement (“yes” or “no”). Table 1.1 summarizes the findings, and figure 1.1 illustrates the proportion of insider attacks relative to all politically motivated NR incidents and to all terrorist attacks. In forty of the fifty-eight incidents caused by politically motivated agents, the objective was identified as the damage or destruction of vital

35. Mullen, Davidson, and Jones, Jr., Insider Study. 36. Matthew L. Wald, “Nuclear Unit Gets Sabotage Warning,” New York Times, June 8, 1983. 37. Insider Adversary Study for the Office of Safeguards and Security: US Department of Energy. Final Report (Washington, DC: International Energy Associates, 1983). 38. Details on the construction of the data set and the replication files are available in the resources section of www.hegghammer.com.

23

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

Table 1.1 Distribution of serious nuclear and radiological incidents worldwide 1960–2013 by motivation, attack type, and insider involvement Motivation Political

Attack Type 58 Facility attack Radiological dispersion Other

Unknown

Radiological dispersion Other

Yes No/unknown

3 37

Yes No/unknown

1 11

Yes No/unknown

0 6

Yes No/unknown

9 13

Yes No/unknown

4 10

Yes No/unknown

3 22

Yes

20

12 6

22 0 0

39 Facility attack Radiological dispersion Other

Total

40

22 Facility attack

Apolitical

Insider

119

14 25 0

equipment at nuclear facilities, or the capture of said facilities. Ten plots were disrupted by law enforcement agencies, while an eleventh was aborted by the terrorists. In seventeen incidents, explosives were planted and detonated. Additionally, terrorists have launched twelve armed assaults—including four suicide bomb attacks—against eight military sites reportedly holding nuclear arms and against four civil nuclear power plants. The eight remaining incidents at nuclear facilities have been acts of sabotage, conducted with unknown or nonweaponry equipment, such as lye, crowbars, jackhammers, and incendiary devices. It is worth noting that several of the sabotage cases in the 1970s and 1980s by groups such as ETA were directed at facilities still under construction, not operational reactors. We should be careful not to equate such attacks with plots designed to cause radioactive releases at operational facilities.

24

1. INSIDERS AND OUTSIDERS

Of the attacks on facilities, three were perpetrated by insiders. The first involved a relatively benevolent political agenda: In 1979 two control room trainees poured caustic soda on fuel assemblies at a U.S. nuclear power plant in order to draw attention to the lax security at the site. The last two were distinctly more malevolent. In 1982 Rodney Wilkinson, a South African engineer linked to the African National Congress (ANC), successfully planted and detonated four explosive devices in a nuclear power plant (more on this case later). In 1995 Russia uncovered an alleged plot by Chechen rebels to hijack a nuclear submarine and detonate explosives near the warhead of one of the missiles. The seven plotters were reportedly led by a Chechen who had served as deputy commander on a nuclear submarine during the Soviet era.39 A possible fourth insider case was the assault on the Pelindaba nuclear facility in South Africa in 2007.40 Several informed observers suspect that this operation involved insiders, but we have not seen publicly available sources that allow us to confidently code it as an insider operation. Of the remaining eighteen politically motivated cases, twelve were nefarious uses of radiological materials, and insider involvement has been suspected in only one of these cases. In 1996 three men, one of them an employee at defense contractor Northrop Grumman, plotted to use radium to murder three Republican Party officials they held responsible for a conspiracy to hide evidence that a UFO had started a forest fire. All of the twenty-two incidents where the perpetrators’ motives remain unknown involve attempted damage to nuclear facilities. At least nine of the incidents had confirmed insider involvement, and it cannot be ruled out in the rest of the cases, for information is scarce regarding many sabotage incidents at nuclear facilities.

jiha di plo t data Our third strategy was to examine the literature on jihadi plots in the West after 1990, because this is where we have the most fine-grained data. By merging existing incident overviews we generated a list of 195 plots for

39. Strictly speaking, this was a case of a former insider, but we have chosen to include it because the insider knowledge was essential for the operation. Incidentally, the case shows that former insiders can also be a threat. 40. Matthew Bunn, Securing the Bomb 2008 (Cambridge, MA: Belfer Center for Science and International Affairs, 2008).

25

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

the 1990–2013 period.41 Of these, 63 were executed, 128 were disrupted by authorities, and 4 were abandoned by the planners. Nuclear facilities were mentioned as a target in only six plots, and as the only target in just three of these. The first was an alleged plot by the Moroccan Salafia Jihadia group to attack the AREVA nuclear fuel reprocessing plant in La Hague, France. Although details remain scarce, media reports said the plot involved a suicide element, possibly against trucks transporting powdered plutonium. The second occurred in Australia in 2000 and involved plans to attack the reactor at the Lucas Heights nuclear research facility. The third was a 2005 plot to attack the same Lucas Heights reactor with explosives and rocket launchers. In the remaining three nuclear plots, the Lucas Heights facility in Australia (again) and two unnamed reactors in the Netherlands and Canada (the Toronto 18 case) were mentioned in the investigation alongside several other possible targets. All of the plans involved kinetic assault, and none appear to have had an insider component. The process of identifying jihadi plots in the West revealed two investigations that involved former nuclear facility employees, but these cannot be considered plots because no concrete steps toward an attack had been taken. These were the cases of Sharif Mobley and Adlène Hicheur, which will be discussed in more detail below. To sum up, our three lines of inquiry yielded only one confirmed serious terrorist insider case at a nuclear facility, the Wilkinson case in South Africa in 1982. We also found one minor radiological terrorism case involving an insider, the radium assassination plot against three Republican senators in 1996. Somewhat worryingly, we also identified nine serious cases of sabotage involving insiders with unknown motivations. This is in addition to ten sabotage and sabotage threat cases where we know neither what the motivation was nor whether insiders were involved. It is possible that some of these nineteen cases involved terrorist groups or individuals with extremist sympathies. However, even allowing a large margin of error, we can safely say that nuclear insider plots make up a very small proportion of worldwide terrorist activity. The Global Terrorism Database includes more than 113,000 incidents from 1970 through 2012, and it underreports for failed and foiled attacks (see figure 1.1).42 Interestingly, the incident data echo a key finding in our review of declared intentions: Even when terrorists have a nuclear target in mind, they seem to prefer assault over infiltration. In the serious WMD incident data, only three of forty politically motivated attacks on nuclear plants involved

41. Details on the construction of the data set and the replication files are available in the resources section of www.hegghammer.com. 42. See Global Terrorism Database, National Consortium for the Study of Terrorism and Responses to Terrorism (START) (College Park, MD: START, University of Maryland, 2016).

26

1. INSIDERS AND OUTSIDERS

120,000 113,000

100,000

80,000

60

54

50 60,000 40 30

40,000

20 10

20,000

4 0

0

Outsiders

Insiders

58 All terrorist Serious political attacks nuclear/radiological (START attacks 1970–2012)

Figure 1.1. Confirmed insider operations as proportion of serious political nuclear/radiological attacks and of all terrorist attacks

insiders, and in the jihadi plot data, none of the six conspiracies against nuclear targets had an insider component. Nuclear insider plots thus appear to be a minority within a minority.

Prominent Nuclear Insider Cases Involving Terrorists Let us now look at five important historical cases and a possible sixth case in somewhat more depth. The first case is selected for its gravity, three for their al-Qaida links, and the last ones for their IS links. The first four cases also each represent a different ideal type of role played by the insider.

27

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

wi lki n son : “t h e cla ssi c i n si d er” First is the case of Rodney Wilkinson, who successfully detonated four bombs in 1982 at Koeberg Nuclear Power Station in South Africa on behalf of the ANC. This remains the only known successful nuclear insider terrorist attack in the historical record. Wilkinson was a white South African who had deserted from the military after wrecking an armored truck while absent without official leave during the invasion of Angola in 1976. He went on to join a hippie commune and was involved in the South African antinuclear campaign before his monetary situation pushed him into reluctantly taking a job at the Koeberg plant in 1978.43 With a background in building science, Wilkinson obtained a position that gave him access to the most sensitive sectors of the plant. Towards the end of his eighteen-month employment, Heather Gray, his girlfriend, encouraged him to steal a set of the building plans. Their intention was to provide the ANC with information useful for launching an attack on the installation.44 There is nothing to suggest that either of them had any direct connection to the ANC prior to this. In the summer of 1980, Wilkinson and Gray moved to Zimbabwe, where they came in contact with Jeremy Brickhill, who had served in the military wing of the Zimbabwe African People’s Union. Brickhill then forwarded the building plans to Mac Maharaj, a senior ANC leader. Wilkinson met with Maharaj, who vetted him thoroughly in a series of personal meetings.45 The ANC approached Wilkinson with particular caution for two reasons: First, it was itself a target for infiltration by the Pretoria regime. Second, the government was well aware of the Koeberg plant being a target for the ANC. In late 1979, Dr. Renfrew Leslie Christie had been caught—by a government infiltrator—mailing details about the plant to ANC offices outside of South Africa. Christie was charged with nuclear espionage and sentenced to seven years in prison in June 1980.46 Once Wilkinson and Gray had passed the background check, Maharaj brought the construction plans to Joe Slovo, commander of the special operations unit of the ANC’s armed wing, asking him to “see what you can do with it [sic].”47 Simultaneously, other elements within the ANC had the

43. David Beresford, The Truth Is a Strange Fruit: A Personal Journey through the Apartheid War (Auckland Park: Jacana Media, 2010), 102ff. 44. Ibid., 103. 45. Tom O’Malley, “February 21st 2003 Interview with Aboobakr, Rashid Ismail,” 2003, www.nelsonmandela.org/omalley/cis/omalley/OMalleyWeb/03lv00017/04lv00344/05lv0 1435/06lv01443.htm. 46. South Africa History Online, “Renfrew Leslie Christie,” 2013, www.sahistory.org.za/ people/renfrew-leslie-christie. 47. O’Malley, “February 21st 2003 Interview.”

28

1. INSIDERS AND OUTSIDERS

construction plans authenticated by Soviet and Western scientists.48 Slovo discussed Wilkinson with fellow militant Aboobakr Ismail (“Rashid”), based in Swaziland. The two decided that the best course of action would be to have Wilkinson attempt an insider attack. Rashid sent a messenger to Zimbabwe, asking if Wilkinson was willing to do it.49 Wilkinson agreed, returned to South Africa, and regained employment at the Koeberg construction site, where he proceeded to map the plant’s emergency pipes and valves.50 For the second time, he gained access to sensitive parts of the plant without being vetted.51 Once a month, Wilkinson would travel to Swaziland, ostensibly for leisure, but in reality to meet with Rashid to discuss tactics. According to Rashid, they had a “very close working relationship. . . . I would say to him, now try to do this, do that, do that, etc., and I would guide him through the process.”52 They decided to target the two reactor heads, a concentration of electric cables underneath the main control room, and the containment building—seeking to maximize damage and minimize the risk of radioactive fallout from the nuclear fuel depots.53 Rashid instructed Wilkinson to locate a secret ANC weapon cache in the South African desert Karoo. After digging up four limpet mines with incendiary charges, he and Gray hid them in wine box decanters in his car before storing them in holes in their yard. Wilkinson then smuggled them one by one into the Koeberg site: first through the perimeter security fence in a hidden compartment in his car, next in a desk drawer in his office, and finally through the security gates of the main building in his overalls.54 Prior to placing the explosives, Wilkinson tested the plant security by smuggling a vodka bottle—about the size of his explosive devices—into the plant. He then proceeded to drink the vodka while scouting around the main control room. Eventually, he was discovered by the guards and detained. Despite a clear breach of security, and the fact that alcohol was strictly prohibited on the site, he got away with a warning.55 Increased focus on plant security after an accidental cable fire prevented Wilkinson from planting the explosives in time for the original attack date, December 16, 1982.56 He completed the task on the following day and set

48. Beresford, The Truth Is a Strange Fruit, 103. 49. O’Malley, “February 21st 2003 Interview.” 50. Beresford, The Truth Is a Strange Fruit, 103. 51. Ibid., 105ff. 52. O’Malley, “February 21st 2003 Interview.” 53. Beresford, The Truth Is a Strange Fruit, 103ff. 54. Ibid., 104. 55. Ibid., 106. 56. A national holiday in the apartheid era, December 16 marked the anniversary of the 1838 Boer victory in the Battle of Blood River. It also marked the anniversary of the 1961 founding of ANC’s armed wing.

29

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

the fuses to a twenty-four-hour delay, on a day that no workers would be at the site. He then escaped to Mozambique via Swaziland before the ANC— fearing Pretorian retaliation—placed him and Gray under "deep cover" in the United Kingdom.57 In 1999 the South African Amnesty Committee of the Truth and Reconciliation Commission granted amnesty to Wilkinson and Gray, acknowledging that the “attack was part of the overall strategy of attacking apartheid and its installations and consequently, the previous government.”58 Despite not going off in one simultaneous blast as planned, the four explosions caused damage worth $47.3 million and delayed the construction of the plant by eighteen months. However, there were no casualties or radiation leaks.59 The Wilkinson case illustrates what may happen at a nuclear site with unusually lax security. The screening and monitoring systems at Koeberg were clearly substandard. A person with Wilkinson’s background should arguably not have been allowed to work at Koeberg in the first place, and the drinking episode should have led to his immediate suspension. His contacts with ANC may have been hard to spot, but his frequent foreign travel should have raised red flags in the intelligence services. It is hard to imagine a plot such as Wilkinson’s succeeding at a U.S. or European site today, simply because modern nuclear security systems are much more elaborate. Koeberg was not operational at the time of the attack, and Wilkinson and his ANC henchmen appear not to have been seeking to cause radiation leaks or maximum casualties. This means that the only known successful nuclear insider attack was limited in scope and aimed at a target incapable of causing serious radiation releases. mo bley: “the ra d i ca li zed fo rmer i n s i d e r ” The second case is that of Sharif Mobley, who was responsible for the closest thing to an al-Qaida infiltration of a U.S. nuclear facility. Although this may sound serious, the case is very unclear, and we do not know whether Mobley ever intended to conduct nuclear sabotage. The publicly available information suggests that Mobley radicalized after taking employment at the nuclear sites and that he did not link up with militants until after he had left his nuclear job—and the country.

57. Beresford, The Truth Is a Strange Fruit, 107. 58. Truth and Reconciliation Commission Amnesty Committee, “AM 3831/96 Decision,” 1999, www.justice.gov.za/trc/decisions%5C1999/ac990205.htm. 59. Helen Bamford, “Koeberg: SA’s Ill-Starred Nuclear Power Plant,” Independent Online, March 11, 2006, http://www.iol.co.za/news/politics/koeberg-sas-ill-starred-nuclear-powerplant-269096; Beresford, The Truth Is a Strange Fruit, 105.

30

1. INSIDERS AND OUTSIDERS

Mobley was raised in New Jersey by Somali parents. Shortly after leaving high school in 2002, he took a maintenance job at a nuclear plant in Pennsylvania. There is no evidence of his being radicalized at the time. Over the next six years, he worked a total of eighty-eight weeks at six operational nuclear power plants in the Northeast.60 He held maintenance roles all along and had no access to computer systems or technical information. He does not appear to have had access to the areas of the plants where a sabotage could lead to a major disaster. At some point after 2002—it is not clear when—Mobley radicalized. Some of the evidence points to the 2003 Iraq war as a trigger. He was openly critical of the U.S. invasion of Iraq, and by 2004 he had allegedly cut all ties to those of his high school friends who had joined the military. At one point he berated them as “Muslim killers.”61 Around this time, his religious observance reportedly also became stricter.62 Later—it is not clear when—Mobley allegedly referred to non-Muslims as “infidels,” and he once told labor union colleagues that “we are brothers in the Union, but when the holy war comes, look out.”63 In 2007 Mobley began attending a congregation made up mostly of immigrants from the Middle East, as opposed to the African American congregations he had been raised in.64 Around this time, he decided to move to Yemen to study Arabic and Islam, and he wrote to Anwar al-Awlaqi for advice on schools.65 In the summer of 2008, he left for Yemen with his family. In Yemen, Mobley is believed to have studied at the Dar al-Hadith Dammaj Institute, a Salafist school in Saada.66 U.S. officials claim that his language class attendance was infrequent and that he spent his days “doing things like facilitating the movement of extremists to Yemen on behalf of

60. According to the Nuclear Regulatory Commission, Mobley worked seventy-six weeks at the two Salem/Hope Creek plants in Pennsylvania, four weeks at the Peach Bottom plant in Pennsylvania, four weeks at the Limerick plant in Pennsylvania, two weeks at the Three Mile Island plant in Pennsylvania, and two weeks at the Calvert Cliffs plant in Maryland; see “Audit of NRC’s Oversight of the Access Authorization Program for Nuclear Power Plants,” 2010, www.nrc.gov/reading-rm/doc-collections/insp-gen/2010/oig-10-a21-redacted.pdf, 2. 61. Peter Finn, “The Post-9/11 Life of an American Charged with Murder,” Washington Post, September 4, 2010. 62. Finn, “The Post-9/11 Life.” 63. Scott Shane, “Worker Spoke of Jihad, Agency Says,” New York Times, October 4, 2010. 64. Finn, “The Post-9/11 Life.” 65. The content of this communication remains unknown. In the two other al-Awlaqirelated incidents included in this chapter, his e-mail correspondences with Nidal Hasan and Rajib Karim were recorded by U.S. intelligence and since disclosed. However, these exchanges took place in 2008 and 2009, while Mobley e-mailed al-Awlaqi in 2007. 66. Haley Sweetland Edwards, “Alleged ‘American Jihadist’ Made Way to Yemen,” AOL News, March 12, 2010.

31

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

AQAP.”67 Yemen’s defense ministry described him as “an al-Qaeda member involved in several terrorist attacks” since his arrival.68 In January 2009, Mobley was shot and arrested by Yemen’s secret police. In March, he killed a guard in a failed attempt to escape from the police hospital, and he has remained in Yemeni custody since then.69 Some have questioned the depth of his involvement with al-Qaida in the Arabian Peninsula (AQAP). Mobley was initially charged by Yemeni authorities with having links to al-Qaida, but these were dropped because of lack of evidence.70 An internal Stratfor memo, citing a trusted “high-ranking USG [United States government] source . . . close to the folks who debriefed Mobley,” claims he was “not a part of AQAP. Security simply picked up on suspicions and his shady affiliations.”71 There has obviously been much speculation on what Mobley knew about U.S. nuclear power plants and what he did with the knowledge. So far, however, there is little publicly available evidence to suggest he used any of his knowledge—whatever it was—for terrorist purposes. However, much of the information about the case is not in the public domain, so it is too early to conclude. In any case, it is interesting—and concerning—that Mobley radicalized at his nuclear job apparently without coworkers reporting his statements or authorities noticing changes in his views. We know that in 2009, Anwar al-Awlaqi began actively recruiting Islamists in the West via encrypted e-mail for operations in the West. Had Mobley contacted alAwlaqi a little later, Mobley might have been the target of an insider “outreach” type of recruitment attempt by al-Awlaqi. um m ah ta m ee r- e- nau : “th e i n si d er co ns u lta nt s ” A third interesting case is that of al-Qaida’s 2001 meetings with two Pakistani nuclear scientists. This is a case of nuclear insiders advising a terrorist group on nuclear matters without using their insider status to attack their workplace. Over two to three days in August 2001, six men met in a Kabul compound. Two were the founding directors of the charitable nongovernmental organization (NGO) Ummah Tameer-e-Nau (UTN), Sultan Bashir-ud-Din Mahmood and Chaudiri Abdul Majeed. The other four were al-Qaida

67. Finn, “The Post-9/11 Life.” 68. David O’Reilly et al., “Shock and Disbelief Follow Terrorism Arrest,” Philadelphia Enquirer, March 13, 2010. 69. Cori Crider, “Re: FOIA/Privacy Act Request on Behalf of Sharif Mobley Expedited Processing Requested” (Reprieve), 8–12, http://s3.documentcloud.org/documents/235052/ reprieve_foia_mobley_072210.pdf. 70. “Sharif Mobley Court Hearing Adjourned,” Yemen Post, November 21, 2010. 71. Wikileaks, “Insight—Yemen: Sharif Mobley” (Global Intelligence Files, 2013), http:// wikileaks.org/gifiles/docs/11/1150799_insight-yemen-sharif-mobley-.html.

32

1. INSIDERS AND OUTSIDERS

officials—including Osama bin Laden and Ayman al-Zawahiri. The agenda was the terrorist organization’s acquisition of weapons of mass destruction in general, and of nuclear arms in particular.72 Mahmood was a veteran of Pakistan’s nuclear program and had held several key positions at the Pakistan Atomic Energy Commission (PAEC), including director for nuclear power. He left PAEC in 1999 after condemning the Pakistani government’s willingness to sign the Comprehensive Test Ban Treaty and after advocating the sharing of Pakistani nuclear technology with other Islamic states.73 Mahmood was also a strong supporter of the Afghan Taliban. An author of several pseudoscientific writings, he was considered eccentric and unpredictable.74 Majeed, another PAEC veteran and nuclear fuels expert, had enjoyed a long career at the Pakistan Institute of Nuclear Science and Technology in Rawalpindi before his retirement in 2000.75 According to former CIA director George Tenet, initial intelligence reports on the August meeting were “frustratingly vague.”76 The connection between UTN and al-Qaida was not investigated until after the fall of the Taliban regime, when documents discovered at UTN’s Kabul offices raised serious alerts. Mahmood and Majeed first denied any contact with bin Laden but changed their stories when confronted with hard evidence. Mahmood and Majeed described bin Laden as “intensely interested” in unconventional weapons. They claimed they had not indulged him, but according to Pakistani officials, they did provide al-Qaida with information relevant to the production of nuclear weapons. During the meeting, bin Laden had hinted that he had access to nuclear material acquired from the Islamic Movement of Uzbekistan, but Mahmood and Majeed allegedly explained to him that it was more suitable for a radiological dispersion device (RDD) than a nuclear weapon.77 Although both U.S. and Pakistani intelligence rejected the idea that Mahmood possessed the skills to actually produce a nuclear device, or smuggle one out of Pakistan, he would have had adequate experience from Pakistan’s secret weapons program to provide general consultation and introduce secret weapons to important black market actors.78 Considering their positions

72. David Albright and Holly Higgins, “A Bomb for the Ummah,” Bulletin of the Atomic Scientists 59, no. 2 (2003): 54. 73. U.S. Department of the Treasury, “Terrorist Financing Fact Sheet,” December 20, 2001, www.treasury.gov/press-center/press-releases/Pages/po886.aspx. 74. Dennis Overbye and James Glanz, “Pakistani Atomic Expert, Arrested Last Week, Had Strong Pro-Taliban Views,” New York Times, November 2, 2001. 75. Albright and Higgins, “A Bomb for the Ummah,” 51. 76. David E. Sanger, “Obama’s Worst Pakistan Nightmare—What to Do about Pakistan’s Nuclear Arsenal,” New York Times, January 8, 2009. 77. Albright and Higgins, “A Bomb for the Ummah,” 54. 78. Overbye and Glanz, “Pakistani Atomic Expert.”

33

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

in the country’s nuclear scientific environment, Mahmood and Majeed could also have procured important documents or even recruited scientists familiar with the details needed for nuclear arms manufacturing.79 hich eur: “th e i n si d er plo tti n g o n the s i d e ” The fourth case is that of Adlène Hicheur, a French Algerian particle physicist employed at the European Center for Nuclear Research (CERN) in Geneva who was convicted in 2012 of conspiring with al-Qaida in the Islamic Maghreb (AQIM) to carry out terrorist attacks in France. He represents an “insider plotting on the side” because the plots in question were unrelated to his nuclear expertise or workplace. In 2009, following threats to the French president issued by AQIM, French intelligence uncovered an e-mail exchange between Hicheur and Algeria-based AQIM militant Mustapha Debchi. Hicheur suggested “possible objectives in Europe and particularly in France,” and he named the Cran-Gevrier military base as a target fit for “punishing the state because of its military activities in Muslim countries.” When Debchi asked if Hicheur was willing to work in an active terrorist unit in France, he replied in the affirmative but said that “if your proposal relates to a precise strategy—such as working in the heart of the main enemy’s house and emptying its blood of strength—then I should revise the plan that I’ve prepared.”80 It is not entirely clear what he meant by this statement, but we do not consider it a reference to insider work. He was arrested in 2009 and later found guilty of “participation in a criminal organization whose goal was to plan terrorist acts.”81 However, no evidence suggests that Hicheur’s terrorist ambitions had a nuclear dimension. At the time of his communication with Debchi, Hicheur was employed at CERN, a high-energy physics facility. He was involved in the Large Hadron Collider Beauty experiment, using state-of-the-art nuclear-related technology.82 This is less concerning than it sounds because there is no highly radioactive material at CERN and no way to conduct nuclear terrorism in any meaningful sense of the word. Moreover, Hicheur was on sick leave from CERN at the time of his online engagement with AQIM. In the period leading up to his arrest, he had been suffering from a herniated disk, forcing him to stay home from work. He

79. Albright and Higgins, “A Bomb for the Ummah,” 55. 80. “French ‘Big Bang’ Scientist on Trial for Alleged Terror Plot,” Al Arabiya Online, March 27, 2012. 81. Barbara Casassus, “Terrorism Trial for Physicist Ends,” ScienceInsider, May 4, 2012. 82. Charles Rault, “The French Approach to Counterterrorism,” CTC Sentinel 3, no. 1 (2010): 23.

34

1. INSIDERS AND OUTSIDERS

spent time on Islamist websites, where he participated in discussions and expressed radical views that eventually got him in touch with Debchi.83 b o u gha lab: a ra d i ca li zed fo rmer i n s i d e r wi th the i sla mi c state Sharif Mobley is not the only individual who radicalized on the job at a nuclear site. Another interesting case is that of the Belgian-Moroccan Ilyass Boughalab, who worked for three years as a technician at Vinçotte, a Belgian inspection and certification organization. His work included safety inspections at the Doel nuclear power station in Belgium, which gave him access to the secure areas, including the nuclear reactor.84 He had passed a security screening for access to the “vital areas” of the plant, where there was equipment whose sabotage could cause a meltdown, and was deemed an “efficient employee” whose work had been “flawless.”85 In 2011 or 2012 Boughalab appears to have become more religious, and he came into contact with the Islamist group Sharia4Belgium, one of several so-called gateway groups in Europe in the late 2000s and 2010.86 Boughalab appears to have been close to Elias Taketloune, who was also employed as a technician at Vinçotte but did not work on the Doel power station. Taketloune was a leading figure in Sharia4Belgium and appears to have recruited Boughalab to the group.87 In 2012, Boughalab quit his job and left for Syria with Taketloune.88 He eventually joined the Islamic State in Iraq and the Levant, and was killed in March 2014.89 In February 2015, forty-five members of Sharia4Belgium—including Boughalab and Taketloune—were found guilty of terrorism charges related to foreign fighter activities.90 As with Mobley,

83. "French CERN Scientist Goes on Trial for ‘al-Qaeda Plot,’” BBC News Online, March 29, 2012. 84. Sarah Johansson, “Sharia4Belgium—One of the Accused Worked on the Doel Nuclear Site for Three Years,” The Brussels Times, October 4, 2014. 85. Chameleon Associates, “Serious Sabotage,” October 16, 2014, available at http:// chameleonassociates.com/homeland-security/security-screening/. 86. Lorenzo Vidino, “Sharia4: From Confrontational Activism to Militancy,” Perspectives on Terrorism 9, no. 2 (2014): 2–16. 87. Øyvind Strømmen, ”A Trial in Antwerp” (Hate Speech International), accessed November 28, 2015, available at https://www.hate-speech.org/a-trial-in-antwerp/. 88. Kristof Pieters, ”Hoe kan zo iemand in Doel werken?,” Het Laatste Nieuws, October 21, 2014. 89. Oscar Schneider, ”Belgian Jihadist, Former Worker at Doel Nuclear Plant, Dies in Syria,” The Brussels Times, October 16, 2014. 90. Boughalab was sentenced in absentia to five years in prison for his foreign fighter activities. Taketloune, who had returned to Belgium in 2013, was sentenced to five years. The prosecution described him as “manipulative” and a “leading character of Sharia4Belgium,” responsible for the radicalization of not only Boughalab but other young Belgians as well. “Overzicht. Deze straffen kregen de beklaagden in het terrorismeproces,” Het Nieuwsblad, February 11, 2015.

35

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

there are no known indications of Boughalab intending to make use of his nuclear site access for terrorist purposes. In August 2014, there was a major reactor sabotage at Doel-4, when an insider at the plant opened a locked security valve and allowed all the lubricant for the turbine to drain out, destroying the turbine. The cost of replacing the turbine and purchasing replacement power while the reactor was down came to over $150 million, making it one of the largest economic sabotages of all time. As the sabotage occurred in the nonnuclear area of the plant, it does not appear to have been intended to cause a radioactive release. As of early 2016, it was still unclear who did it or why. Possible motives range from terrorism to a disgruntled employee wanting to send a message to management. It seems very unlikely that Boughalab had anything to do with it, since it occurred almost two years after his departure to Syria. Nevertheless, it is hardly reassuring that Boughalab radicalized while having access to secure areas of the plant and that his friend Taketloune worked at the same inspection and certification organization while being active in Sharia4Belgium—apparently without authorities noticing. b e lgiu m 2015: a j i h a d i attempt to c o erce a nu cl ea r i n si d er? Another jihadism-related investigation in 2015 suggests a nuclear interest on the part of the Islamic State, which may have been involved in a plot to coerce a nuclear insider. Two weeks after the Paris attacks in November of that year, Belgian authorities arrested a man named Mohamed Bakkali under suspicion of involvement in the attacks. In his apartment, they discovered ten hours of video surveillance footage of a high-ranking official in Belgium’s main nuclear research center, who had access to secure areas of the facility, including a substantial stock of highly enriched uranium. The footage could indicate that Bakkali and his associates were preparing to abduct the official or members of his family to coerce him to take some action related to the facility, such as subverting security systems.91 Ibrahim and Khalid el-Bakraoui, who blew themselves up in the Brussels attacks of March 2016, allegedly picked up the footage and brought it to the apartment linked to Bakkali.92 Their initial target may have been one of Belgium’s two nuclear power plants.93 In addition, in April 2016, it became known that the only surviving perpetrator of the Paris attacks, Salah

91. Milan Schreuer and Alissa J. Rubin, “Video Found in Belgium of Nuclear Official May Point to Bigger Plot,” New York Times, February 18, 2016. 92. Alissa J. Rubin and Milan Schreuer, “Belgium Fears Nuclear Plants are Vulnerable,” New York Times, March 25, 2016. 93. Karl Vick, “ISIS Attackers May Have Targeted Nuclear Power Station,” Time, March 25, 2016.

36

1. INSIDERS AND OUTSIDERS

Abdeslam, had gathered information on the Jülich Research Centre. The center, located near the Belgian border in northern Germany, stores nuclear materials. Belgian police also found photographs of the center’s CEO in Abdeslam’s apartment.94 t h e im po rta nce o f ava i la bi li ty Generalizing about nuclear infiltration tactics based on these few cases is difficult. However, it is worth reflecting briefly on which of the four ideal types of infiltration procedure (insertion, recruiting, outreach, or autonomous action) we are seeing here: In the first and most serious case, it is Wilkinson who reaches out to the ANC: type 3 (outreach). In the second case, Mobley radicalizes on his own and then seeks out Islamists in Yemen. We do not know whether he ever intended to do anything at a U.S. nuclear site, but in any case his behavior is closer to type 3. In the third case, we do not know exactly how the meeting came about, but the two scientists had close prior links with the Taliban, so they were vetted and available to alQaida. In the fourth case, Hicheur radicalizes online and is contacted by AQIM after displaying his radicalism on jihadi forums: type 4 (autonomous action) with an element of type 2 (recruiting). In the fifth case, it is not entirely clear to what degree Boughalab self-radicalized or was recruited by Taketloune, his colleague at Vinçotte; in any case, as with Mobley, there is no evidence that Boughalab took any actions against the nuclear plant while still an insider, or used his knowledge of the plant for terrorist purposes later. It is interesting that none of these cases involve insertion or pure recruiting and that most involve insiders who make themselves available in some way, either directly or by proxy. Only the 2015 monitoring in Belgium may have reflected an intentional jihadi attempt to coerce a nuclear insider. As a quick straw-in-the-wind test of the idea that the main issue is insiders presenting themselves to jihadi groups, let us consider three of the most serious jihadi infiltration cases against other hard targets in the West: Ali Mohamed’s infiltration of U.S. intelligence in the late 1980s and early 1990s, the Fort Hood shooting in 2008, and the British Airways/Rajib Karim case in 2009. Ali Mohamed arguably represents infiltration of type 1 (insertion) because he was affiliated with the Egyptian Islamic Jihad (EIJ) early on and worked deliberately to become a double agent. However, the initial decision to infiltrate appears to have been his alone. The Fort Hood case, we now know, was of type 4 (autonomous action), for although Nidal Malik Hasan was in touch with Anwar al-Awlaqi by e-mail, they never discussed

94. Lizzie Dearden, “Paris Attacks ISIS Suspect Salah Abdeslam Had Nuclear Files Stashed in His Flat,” The Independent, April 14, 2016.

37

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

operations. In the British Airways case, it was Rajib Karim who first reached out to al-Awlaqi by e-mail: type 3 (outreach). Although Karim initially wanted advice on how to move to Yemen, he was easily persuaded to partake in an insider plot. This anecdotal evidence suggests that serious infiltration plots often rely on insiders who happen to be available to the terrorist group in some way or other. This echoes with the few terrorist texts that explicitly discuss nuclear insider use. Recall that both Dhiren Barot and Anders Breivik suggested using insiders when such were available, wasting no ink on how to “create” an insider where none exists. To be sure, a handful of cases and two texts are hardly enough for conclusions, but they make for an interesting proposition worth exploring further. This historical review uncovered less evidence of terrorist insider plots against nuclear facilities than we and others expected. Nuclear infiltration seems to have been a minor theme in both the jihadi and far-right literature, although the latter contains somewhat more texts on the topic (for reasons unknown). There have also been relatively few confirmed plots and attempts, at least in the West. As already noted, we do not purport to have uncovered the universe of relevant texts and plots, and we are particularly unsure about the incident data from Russia and Pakistan. However, even when allowing for severe underreporting, the numbers are quite low. We should not be surprised by the small absolute number of texts and plots because we already know that many terrorists have ideological qualms about using CBRN weapons.95 Besides, nuclear facilities are relatively scarce, and most are located in countries with little terrorist activity. Instead, the puzzle here is that groups who clearly want to perpetrate nuclear terrorism have paid much less attention to the insider option than to other tactics, such as kinetic assault. This frequency distribution is unlikely to be a pure accident of reporting. We see no plausible reason why groups who write about a range of nuclear attack modes—and an even wider range of nonnuclear-related tactics—would be systematically concealing their general thoughts on infiltration. In plots and attempts, there may be some underreporting of insider elements, but government secrecy cannot plausibly account for the very skewed distribution we are seeing (with only three of forty attacks on nuclear facilities involving insiders). This situation is interesting because some of the literature suggests that insiders are such a force multiplier that infiltration should be the natural

95. Jeffrey M. Bale and Gary A. Ackerman, “Profiling the WMD Terrorist Threat,” in WMD Terrorism: Science and Policy Choices, ed. Stephen M. Maurer (Cambridge, MA: MIT Press, 2009), 18ff.

38

1. INSIDERS AND OUTSIDERS

tactical choice of all prospective nuclear terrorists. For example, Charles D. Ferguson and William C. Potter write that “to facilitate the success of their mission [to attack a nuclear facility], the terrorists would likely try to enlist the support of at least one insider.”96 As it turns out, that has mostly not been the case. We can offer only a tentative explanation, which is that for most terrorists seeking to attack nuclear installations, insider recruitment is too costly compared with other available tactics. This proposition rests on two key assumptions. The first assumption is that terrorists who target nuclear facilities do not seek maximum casualties but maximum symbolic impact. Gavin Cameron points out that the motivation to cause mass casualties need not be correlated with the motivation to attack nuclear reactors because many forms of nuclear sabotage will not necessarily kill large numbers of people.97 This argument is consistent with the fact that certain groups not considered casualty-maximizing, such as ETA, have attacked nuclear facilities on several occasions (albeit rarely if ever operational ones). Moreover, in the few known strategic deliberations on reactor attacks (Turner Diaries and the Breivik manifesto), economic damage is cited as more significant than casualties. The main counterargument here is that an insider can also increase the symbolic impact of an attack: He or she can help cause more material damage, calibrate the sabotage to avoid casualties, and signal to the enemy that its ranks are infiltrated. Still, attackers may be content with symbolic impact over a certain threshold. This may be why so many terrorists have plotted assaults on nuclear facilities and nuclear military bases even though the likelihood of penetrating them was small. The second assumption is that nuclear insider recruitment is quite difficult. Nuclear installations are well protected, and Western intelligence services have advanced surveillance capabilities and record-keeping systems. Inserting existing operatives into a nuclear organization is therefore risky because they might be spotted by intelligence agencies. Initiating contact with a new person on the inside is equally difficult because the outreach can be picked up by surveillance or be reported by the recruitment target. It is less dangerous if the insider reaches out to the group, but this is probably a rare event, the occurrence of which groups cannot control (except indirectly by propaganda). It seems plausible, then, that most terrorists consider the insider tactic to be so difficult and risky that it is not worth trying. There is a threshold of utility that can be reached with other means, and the marginal return on the investment that insider recruitment represents is too small for them.

96. Ferguson and Potter, The Four Faces of Nuclear Terrorism, 10. 97. Cameron, Nuclear Terrorism, 6.

39

THOMAS HEGGHAMMER AND ANDREAS HOELSTAD DÆHLI

One might object that assault plans can also be foiled by surveillance, but assaults (at least with teams under a certain size) presumably involve a lower detection risk because they involve less outreach. Terrorists may prefer an assault that comes to execution (but fails to penetrate) over an insider plot foiled in its early stages. This model also helps explain why insider episodes involving “outreach” and “autonomous action” are more common than “insertion” and “recruitment.” The two latter approaches are much more likely to be nipped in the bud. It would be worthwhile for further research to explore terrorist use of insiders in other contexts, such as insiders in security services or in military organizations fighting against terrorists, to explore whether this kind of logic tends to hold in such analogous cases. The fact that terrorists have not tried nuclear infiltration very often in the past does not mean that our guard can be lowered. There are groups in the world that wish to perpetrate nuclear terrorism, and these actors are in a strategic relationship with the guardians of nuclear facilities. These agents adjust their efforts to the obstacles before them so that if anti-insider measures are lifted, they will make more infiltration attempts. Our most basic recommendation is therefore that nuclear organizations at least maintain their current level of insider protection and that countries and organizations with more stringent insider protections help raise security standards in other countries and organizations. We offer five additional recommendations. The first is to keep a close watch on disruptive new technologies such as cyberinfiltration. Protective systems that worked well in the past may be entirely inadequate in the future. The second is to train analysts and vetting personnel to avoid what we might call the “foreign terrorist bias.” In the post-9/11 era, Western governments seem to have paid more attention to the jihadi threat than to that from other militants. However, nuclear insiders may be at least as likely to come from the domestic extreme right. The third is to develop employee monitoring systems that balance privacy concerns and the growing threat of Internet radicalization. The increased availability of radical Internet propaganda has led to more people radicalizing on their own, undetected. The Mobley case, Boughalab case, and the Fort Hood shooting show that this can happen even inside sensitive organizations. The fourth is to develop strategies to undermine trust between terrorist groups and prospective insiders. As we have shown, nuclear terrorists are wary of reaching out to insiders, but not necessarily of conspiring with insiders who reach out to them. If terrorists groups can be made to believe that nuclear insiders who present themselves are likely to be government agents, then they will be more inclined to reject such offers, including those from genuine insiders. Recent studies by Thomas Hegghammer have shown that the threat of sting operations can

40

1. INSIDERS AND OUTSIDERS

have a strong inhibiting effect on terrorists’ willingness to recruit strangers.98 The final recommendation is a plea: Governments must make more nuclear incident data and investigation details available for academic research. Our analysis revealed large gaps in the publicly available data on insider crimes and significant weaknesses in the data sets on CBRN terrorism. Keeping this data secret severely limits the pool of sharp minds that can work on the problem. With challenges as serious as nuclear insiders, this is something we can ill afford.

98. Hegghammer, “The Recruiter’s Dilemma”; Thomas Hegghammer, “Can You Trust Anyone on Jihadi Internet Forums?,” in Fight, Flight, Mimic: Identity Signalling in Armed Conflicts, ed. Diego Gambetta (Oxford: Oxford University Press, forthcoming).

41

chapter 2

The Fort Hood Terrorist Attack An Organizational Postmortem of Army and FBI Deficiencies Amy B. Zegart

On November 5, 2009, a lone gunman walked into a military deployment center in Fort Hood, Texas, shouted “Allahu akbar!” (“God is great”), and opened fire with a high-powered handgun outfitted with laser targeting sights.1 Firing more than 200 rounds, he killed 13 Defense Department employees and wounded 43 others before being apprehended.2 It was the worst terrorist attack on U.S. soil since 9/11 and the worst mass murder at a military installation in U.S. history. The shooter was not a foreign jihadist but a self-radicalized Army major named Nidal Malik Hasan who was born and raised in Virginia, was known as “Michael” to his friends in high school,3 and spent his entire medical career as an Army psychiatrist.4 In retrospect, Hasan’s transformation from Army officer to fratricidal terrorist was neither sudden nor secret. Hasan was openly radical and flagrantly incompetent, defending Osama bin Laden, justifying suicide bombers, and

The author thanks Parameters for publishing an earlier portion of this chapter: Amy Zegart, “Insider Threats and Organizational Root Causes: The 2009 Fort Hood Terrorist Attack,” Parameters (Summer 2015): 35–46. 1. Billy Kenber, “Nidal Hasan Sentenced to Death for Fort Hood Shooting Rampage,” Washington Post, August 28, 2013; David Zucchino, “Suspect in Ft. Hood Rampage Sought High-Tech Gun, Salesman Says,” Los Angeles Times, Oct. 21, 2010. 2. Injury figures vary. These come from the Defense Department’s Independent Review (hereafter "West/Clark Report"): Togo West, Jr., and Vern Clark, Protecting the Force: Lessons from Fort Hood, Report of the DoD Independent Review, January 2010, 1. 3. Mitchell Silber, “Radicalization in the West Revisited: Confirming the Threat,” New York Police Department Intelligence Division PowerPoint, November 14, 2011. 4. U.S. Committee on Homeland Security and Governmental Affairs, A Ticking Time Bomb: Counterterrorism Lessons from the U.S. Government’s Failure to Prevent the Fort Hood Attack, Special Committee Report (hereafter "Senate Report"), 112th Congress, 1st session, February 3, 2011, 27. Hasan was convicted of thirteen counts of premeditated murder and thirty-two counts of attempted premeditated murder. He was sentenced to death in August 2013.

42

2. THE FORT HOOD TERRORIST ATTACK

declaring his devotion to Sharia law over the U.S. Constitution to his peers and supervisors in conversations, classes, and PowerPoint presentations5 over a period of years—all while barely fulfilling the requirements of his job.6 Hasan also appeared on the FBI radar nearly a year before the attack, when he was discovered e-mailing Anwar al-Awlaqi, a Yemeni-based radical U.S. cleric who was also under FBI investigation and known to be one of the world’s most dangerous inspirational terrorists.7 Finally, Hasan was operating eight years after 9/11, when awareness about terrorism was high and numerous intelligence and counterterrorism reforms had already been instituted. This was no clever jihadist operating in the shadows of an unsuspecting bureaucracy. The fact that the U.S. government could not stop Hasan raises important questions about future prospects for success against violent Islamist extremists and other “insider threats” operating within the U.S. military and other agencies.8 Indeed, Major Hasan is the best-known case of an Islamist terrorist insider, but he is not the only one.9 In October 2000, Ali Mohamed, a naturalized U.S. citizen who served as a Special Forces sergeant in the 1980s, pleaded guilty for his role in al-Qaida’s 1998 bombing of U.S. embassies in Africa.10 In 2011, Jason Naser Abdo, a radicalized Muslim Army infantryman, deserted his Kentucky base and was arrested in Texas for allegedly plotting to bomb a restaurant frequented by Fort Hood soldiers. In June 2012, National Public Radio reported that the FBI was investigating more than a hundred Muslim extremists in the U.S. military community.11 As

5. For Hasan’s 2007 PowerPoint presentation on Islam and threats emanating from Muslims conflicted over U.S. military operations in Muslim countries, see www.washingtonpost. com/wp-dyn/content/gallery/2009/11/10/GA2009111000920.html. 6. Senate Report, 27–35. 7. Senate Report, 20–21. For declassified contents of Hasan–al-Awlaqi communications, see William H. Webster Commission, The Federal Bureau of Investigation, Counterterrorism Intelligence, and the Events at Fort Hood, Texas, on November 5, 2009, Final Report, redacted version released July 19, 2012, www.fbi.gov/news/pressrel/press-releases/final-report-of-the-williamh.-webster-commission, 41–55 (hereafter "Webster Report"). Al-Awlaqi was linked to a number of other terror plots, including the 2009 attempted bombing of a jetliner bound for Detroit, and was killed by a U.S. drone strike in Yemen in September 2011. 8. For the definition of insider threats, see Paul N. Stockton and Eric T. Olson, Security from Within: Independent Review of the Washington Navy Yard Shooting, November 2013, www. defense.gov/pubs/Independent-Review-of-the-WNY-Shooting-14-Nov-2013.pdf, 2. 9. For an overview of terrorism against U.S. targets since 9/11, including the danger of insider threats, see Peter Bergen and Bruce Hoffman, Assessing the Terrorist Threat: A Report of the Bipartisan Policy Center’s National Security Preparedness Group (Washington, DC: Bipartisan Policy Center, 2010); Reid Sawyer, testimony before the House Committee on Homeland Security and the Senate Committee on Homeland Security and Governmental Affairs, 112th Congress, 1st session, December 7, 2011. 10. Peter Bergen, testimony before the House Committee on International Relations, 109th Congress, 1st session, April 27, 2005; U.S. vs. Ali Mohamed, U.S. Southern District of New York, S(7) 98 Cr. 1023 (LBS), October 20, 2000, http://cryptome.org/usa-v-mohamed.htm. 11. Dina Temple-Raston, “FBI Tracking 100 Suspected Extremists in Military,” June 25, 2013, www.npr.org/2012/06/25/155710570/fbi-checking-100-suspected-extremists-in-military.

43

AMY B. ZEGART

former assistant secretary of defense for homeland defense and Americas’ security affairs Paul Stockton noted, “The threat is very serious.”12 Why did the Army and FBI fail to catch Hasan in time? Existing analysis offers incomplete and unsatisfying explanations. The academic literature examines the organizational dynamics of terrorist groups but not the organizational dynamics of government agencies charged with stopping them.13 Meanwhile, government investigations and policy debates have attributed the 2009 Fort Hood attack largely to leadership failures, poor policy guidance, and political correctness about disciplining or investigating a Muslim American inside the military.14 Policies, people, and political correctness are important parts of the story, but they are not the most important parts. Instead, I find the root causes of failure ran deeper: Fundamental aspects of bureaucratic life in the Pentagon and FBI—organizational structures, career incentives, and cultures—played an essential and overlooked role. This chapter examines the organizational weaknesses inside the Department of Defense (DOD) and the FBI that prevented both agencies from stopping Hasan even when red flags became clear. My aim is twofold: to illuminate the underlying causes of failure in this case and to contribute to a growing body of theoretical research that examines the connection between organizational pathologies and disasters. The first part of the chapter examines a growing body of work in organization theory and its insights for the Fort Hood case. The second part provides a narrative of Hasan’s radicalization and attack that draws from recently declassified primary sources. The third part turns to the Pentagon, examining key failures and their organizational causes. The fourth part examines the organizational roots of failure inside the FBI. The chapter concludes with a look at what can be learned and why organizational deficiencies in U.S. national security agencies are likely to get worse, not better. At the outset, two methodological points are in order. First, my analysis looks backward. Retrospective assessments always run the risk of hindsight

12. Interview, November 9, 2011. For a more skeptical view of the magnitude of the homegrown jihadi threat, see Risa A. Brooks, “Muslim ‘Homegrown’ Terrorism in the United States: How Serious Is the Threat?” International Security 36 (Fall 2011): 7–47. 13. Ethan Bueno de Mesquita, “Terrorist Factions,” Quarterly Journal of Political Science 3, no. 4 (2008): 399–418; Martha Crenshaw, Terrorism in Context (University Park: Penn State University Press, 1995); Neil J. Smelser, The Faces of Terrorism: Social and Psychological Dimensions (Princeton, NJ: Princeton University Press, 2007). 14. Senate Report, 31; West/Clark Report; Joint Hearing of the House and Senate Committees on Homeland Security, “Homegrown Terrorism: The Threat to Military Communities Inside the United States,” 112th Congress, 1st session, December 7, 2011. For media commentary about political correctness and Fort Hood, see, for example, Charles Krauthammer, “Medicalizing Mass Murder,” Washington Post, November 13, 2009; Heather Somerville, “Fort Hood Attack: Did Army Ignore Red Flags out of Political Correctness?” Christian Science Monitor, February 3, 2011; Frank Rich, “The Missing Link from Killeen to Kabul,” New York Times, November 14, 2009; FoxFiles, “The Enemy Within,” October 8, 2012.

44

2. THE FORT HOOD TERRORIST ATTACK

bias.15 Particularly in the intelligence realm, this exercise can be misleading, highlighting the now-obvious warning signals of impending disaster while discarding the swirling noise and uncertainty that obscured these signals beforehand. Done well, however, retrospective analyses can lend important insights, especially about the harder-to-see underlying causes of failure. Better understanding what key decision makers knew at the time and why they failed is the first step toward fixing past problems and preventing future disasters. Second, the 2009 Fort Hood attack is a single case study, but an important one in several respects. It is the deadliest example of what many believe could be a future trend. It is also a case that is empirically rich for process tracing,16 thanks to declassified investigations by the DOD, the Senate Homeland Security and Governmental Affairs Committee, and the FBI.17 Each of these reports covers different terrain.18 Together, they offer valuable data about the attack time line and the government’s response, including the contents of Hasan’s communications with Anwar al-Awlaqi, the FBI’s internal e-mails about Hasan’s case, and concerns about Hasan’s radicalization within the Army. These sources shed much light about what went wrong, but not why. This chapter seeks to fill the gap.

Organization Theory and Disasters Research examining the connection between organizational pathologies and disasters offers four key insights for understanding why the Army and FBI failed to stop the 2009 attack. The first is that surprise attacks are almost never really surprises.19 Instead, decentralized organizational structures are prone to scattering signals of impending attack rather than aggregating and highlighting them. Roberta Wohlstetter’s classic examination of the Japanese attack on Pearl Harbor found that separate intelligence units in the War, Navy,

15. Baruch Fischhoff, “Hindsight≠Foresight: The Effect of Outcome Knowledge on Judgment under Uncertainty,” Journal of Experimental Psychology: Human Perception and Performance 104 (1975): 288–299. 16. Alexander L. George and Andrew Bennett, Case Studies and Theory Development in the Social Sciences (Cambridge, MA: MIT Press, 2005). 17. Senate Report; West/Clark Report; Webster Report. 18. The West/Clark DOD review of 2010 focused on whether Pentagon policies and leadership were adequate in the Hasan case and the lessons learned for force protection more generally. The Senate’s 2011 investigation examined both the Army and FBI, but redacted nearly all details about Hasan’s relationship with Anwar al-Awlaqi. The FBI’s Webster Commission report, released more than a year later, filled these gaps, containing an exhaustive review of the relationship and communications between Hasan and al-Awlaqi that included verbatim contents of their e-mails. 19. For more on the surprise attack literature, see Richard K. Betts, “Surprise despite Warning: Why Sudden Attacks Succeed,” Political Science Quarterly 95, no. 4 (Winter 1980– 1981): 551–572.

45

AMY B. ZEGART

and State departments operated largely independently, without a central coordinating mechanism. The result was that vital clues of the attack were dispersed in different bureaucracies, where they became lost amid the “noise” of false leads, irrelevant information, and deception.20 Nearly half a century later, Amy B. Zegart and the 9/11 Commission found that decentralized intelligence structures again led to disaster. Despite the existence of the Central Intelligence Agency, in the run-up to the 9/11 terrorist attacks intelligence remained split across a dozen federal agencies, all of which held information closely and collaborated poorly.21 Here, too, several leads of the 9/11 terrorist plot existed but were marooned in different agencies, preventing analysts from “connecting the dots” in time.22 Organizational structural arrangements can be the drivers of disaster, isolating key signals rather than amplifying them and ensuring lethargic reaction that aids the attacker.23 A second insight emphasizes the hidden hazards of routines, which lead individuals in bureaucracies to continue doing things the same old ways even when they shouldn’t, and channel information in rigid formats and mechanisms that make red flags harder to detect. Charles Perrow, Scott D. Sagan, and other “normal accident” theorists have found standard operating procedures in complex, tightly coupled organizations to be key causes of chemical plant disasters, nuclear power plant accidents, and a chilling number of Cold War nuclear weapons near misses.24 More recently the Defense Department has come under heavy fire for its inability to shed its rigid, outdated promotion criteria to retain the best and brightest.25 Brad

20. Roberta Wohlstetter, Pearl Harbor: Warning and Decision (Stanford, CA: Stanford University Press, 1962). 21. Although the CIA was established in 1947 to improve coordination and prevent another Pearl Harbor, it was never able to fulfill its coordinating mission well. This was no accident. During the legislative debates of the 1940s, existing intelligence agencies in the military and the State and Justice departments successfully stripped the proposed new agency of any meaningful budgetary or personnel authority in order to maintain their own autonomy, budgets, and power. For more, see Amy B. Zegart, Flawed by Design: The Evolution of the CIA, JCS, and NSC (Stanford, CA: Stanford University Press, 1999), 163–184. 22. Amy B. Zegart, Spying Blind: The CIA, the FBI, and the Origins of 9/11 (Princeton, NJ: Princeton University Press, 2007); 9/11 Commission, The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks upon the United States (New York: Norton, 2004). 23. See also Jonathan Bendor and Thomas H. Hammond, “Choice-Theoretic Approaches to Bureaucratic Structure,” in The Oxford Handbook of American Bureaucracy, ed. Robert F. Durant (London: Oxford University Press, 2010), 638–665; Richard K. Betts, Surprise Attack: Lessons for Defense Planning (Washington, DC: Brookings, 1982). 24. Charles Perrow, Normal Accidents: Living with High Risk Technologies (Princeton, NJ: Princeton University Press, 1999); Scott D. Sagan, The Limits of Safety: Organizations, Accidents, and Nuclear Weapons (Princeton, NJ: Princeton University Press, 1993); Scott D. Sagan, “The Problem of Redundancy Problem: Why More Nuclear Security Forces May Produce Less Nuclear Security,” Risk Analysis 24, no. 4 (2004): 935–946. 25. The urgent need to reform the Army’s personnel system was highlighted in November 2015 at a Reagan National Defense Forum, when Lieutenant Joseph Riley, the nation’s

46

2. THE FORT HOOD TERRORIST ATTACK

Carson, acting undersecretary of defense for personnel and readiness, likened the military’s personnel system to "a mainframe in the age of PCs and a Polaroid in the time of digital cameras, once the cutting edge, but now superseded.”26 The third insight is that career incentives and organizational culture often backfire, rewarding the wrong behavior at the wrong times. Zegart finds that FBI promotion incentives, which prized convictions and investigations of past crimes rather than intelligence gathering to prevent possible future disasters, ensured that the manhunt for two of the 9/11 hijackers just nineteen days before their attack would be given low priority and handled by one of the least experienced agents in the New York office.27 Scott A. Snook details how in 1994, U.S. fighter planes accidentally shot down two U.S. Black Hawk helicopters carrying peacekeepers in the Iraqi no-fly zone even though nineteen people had responsibility for monitoring air traffic there. Nineteen turned out to be about eighteen too many: Because so many people shared responsibility for the task, everyone assumed that someone else would tell the fighter jets not to shoot, a phenomenon known as social shirking.28 Diane Vaughan has chronicled how the Challenger space shuttle accident stemmed in large part from a culture that “normalized deviance,” leading safety engineers to dismiss repeated warning signs of potentially catastrophic equipment malfunction long before disaster struck.29 This work is wide ranging but makes a common point: Misaligned incentives and cultures often lead organizations to fail in unexpected ways. The fourth insight from this literature is that organizations matter more than most people think: Like dark matter, organizations lurk invisibly in the background but profoundly affect the workings of the policy universe. As discussed below, evidence suggests that Hasan slipped through the cracks not so much because individuals feared the political fallout of

top-ranked ROTC cadet in 2013, informed the crowd that he was not being promoted with his cohort and would likely be forced out of the Army because he had been awarded a Rhodes Scholarship instead of assuming a more traditional Army job. Army Chief of Staff General Mark Milley was there. “You’re killing me,” he told Riley, and vowed to personally intervene. David Barno and Nora Bensahel, “First Steps towards the Force of the Future,” War on the Rocks, December 1, 2015, http://warontherocks.com/2015/12/first-steps-towardsthe-force-of-the-future. See also Barno and Bensahel, “Can the U.S. Military Halt Its Brain Drain?” Atlantic, November 5, 2015, www.theatlantic.com/politics/archive/2015/11/usmilitary-tries-halt-brain-drain/413965. 26. Remarks by Hon. Brad Carson, Association of the United States Army, June 25, 2015, www.youtube.com/watch?v=hHebo4uz4wQ at 23.59. 27. Zegart, Spying Blind, 157–160. 28. Scott A. Snook, Friendly Fire: The Accidental Shootdown of U.S. Black Hawks over Northern Iraq (Princeton, NJ: Princeton University Press, 2000). 29. Diane Vaughan, The Challenger Launch Decision: Risk Technology, Culture, and Deviance at NASA (Chicago: University of Chicago Press, 1996); Columbia Accident Investigation Board Final Report, vol. I (Washington, DC: GPO, 2003).

47

AMY B. ZEGART

disciplining a Muslim or because somebody made a mistake, but because both the Pentagon and the FBI operated in their usual ways. Robust structures, processes, and cultures that were effective in earlier periods for other tasks proved maladaptive after 9/11. As a new insider terrorist threat grew in the Pentagon, Defense Department officials unwittingly clung to visions of force protection, personnel policies, and interagency staffing arrangements designed for an earlier time, raising the likelihood that Hasan would go unnoticed. And even though the FBI assumed a new intelligence mission after 9/11, its old law enforcement orientation prevailed, leading to missteps, miscommunications, and missing the threat hiding in plain sight.

Portrait of an Insider Threat Nidal Malik Hasan was born in Virginia in 1970 to Palestinian immigrants who ran an upscale Middle Eastern restaurant and convenience store.30 Considered quiet and somewhat isolated in high school,31 Hasan graduated from Virginia Tech in 1992 with an engineering degree and,32 against the wishes of his parents, enlisted in the Army.33 He eventually attended medical school at the military’s Uniformed Services University of the Health Sciences (USUHS). After graduating in 2003, Hasan served as a resident in psychiatry at the Army’s Walter Reed Medical Center until 2007, and returned to USUHS in 2007–2009 to complete a prestigious post-residency fellowship. In May of 2009, Hasan was promoted to the rank of major and ordered to deploy to Afghanistan in the fall.34 Hasan’s radicalization from officer to jihadi terrorist probably began in 2001, triggered by the death of his parents.35 Outward signs appeared in 2003, when Hasan started his internship and residency at Walter Reed. Over the next six years, Hasan openly questioned whether he could engage in combat against other Muslims, told classmates that his religion took precedence over the U.S. Constitution he was sworn to defend as an Army officer, and completed several off-topic assignments on violent Islamist extremism for Grand Rounds and other program requirements. In these, Hasan charged that U.S. military operations were a war against Islam, defended Osama bin Laden, justified suicide bombers, and wrote three times

30. “Times Topics: Nidal Malik Hasan,” New York Times, http://topics.nytimes.com/top/ reference/timestopics/people/h/nidal_malik_hasan/index.html, updated July 21, 2011. 31. Mitchell Silber, New York Police Department Intelligence Division, “Radicalization in the West Revisited: Confirming the Threat,” PowerPoint, November 14, 2011. 32. Senate Report, 27. 33. Silber NYPD PowerPoint. 34. Senate Report, 27, 34. 35. Silber NYPD PowerPoint.

48

2. THE FORT HOOD TERRORIST ATTACK

that Muslim Americans in the military could be prone to fratricide.36 One presentation so alarmed and offended Hasan’s classmates that the instructor had to stop it. Colleagues described Hasan as having “fixed radical beliefs about fundamentalist Islam” that he shared “at every possible opportunity.”37 The Director of Walter Reed’s Psychiatric Residency Program thought Hasan was a “religious fanatic.”38 Hasan’s views were so troubling that several colleagues reported him to superiors,39 and one supervisor twice tried to convince Hasan to leave the military and explored whether he qualified for conscientious objector status.40 Hasan was also a chronic poor performer. Rated in the bottom 25 percent at Walter Reed and USUHS,41 Hasan was known to show up late or not at all for work and academic exams.42 His patient load was ten times lower than most of his peers. He proselytized inappropriately to his patients. He allowed a homicidal patient to escape from the emergency room.43 When he was supposed to be on call, he did not even answer his phone.44 According to a memo written by his supervisor, Major Scott Moran, program director of Walter Reed’s Psychiatric Residency Program, Hasan “demonstrate[d] a pattern of poor judgment and a lack of professionalism.”45 Yet despite these outward signs of radicalization and poor performance, Defense Department supervisors consistently gave Hasan good performance reviews and promoted him, claiming in officer evaluation reports (OERs) that his off-topic presentations on violent Islamist extremism gave him “unique skills” and that his “keen interest in Islamic culture and faith” could “contribute to our psychological understanding of Islamic nationalism and how it may relate to events of national security. . . .”46 As the Senate investigation of the Fort Hood attack concluded, “These evaluations bore no resemblance to the real Hasan, a barely competent psychiatrist whose radicalization toward violent Islamist extremism alarmed his colleagues and his superiors.”47 Aside from one negative mark for failing to take a

36. Senate Report, 29–31. 37. Quoted in Senate Report, 29. 38. Quoted in Senate Report, 28. 39. Senate Report, 30. 40. Ibid., 28–30. 41. Ibid., 33. 42. Ibid., 33. 43. Daniel Zwerdling, “Hasan’s Supervisor Warned Army in 2007,” National Public Radio, November 18, 2009. 44. Ibid. 45. Transcript of memo from Major Scott Moran, chief of psychiatric residence at Walter Reed Medical Center, May 17, 2007, reproduced and publicly posted on National Public Radio, www.npr.org/documents/2009/nov/hasanletter.pdf. 46. Officer Evaluation Report, Nidal Hasan, covering period from July 1, 2008–June 30, 2009 (July 1, 2009), Hasan DoD File, Stamp 20100108-330, cited in Senate Report, 33. 47. Senate Report, 33.

49

AMY B. ZEGART

physical training test, Hasan received no negative grades in any of his OERs, which were the evaluations in his permanent file and the forms used as the basis for promotion.48 The FBI first got wind of Hasan’s possible connection to terrorism in December 2008 when the Bureau’s San Diego Joint Terrorism Task Force (JTTF)—an interagency group that shared information and conducted terrorism investigations—received an intercepted e-mail between Hasan and a Yemeni-based terrorist leader named Anwar al-Awlaqi. Hasan’s query was alarming: He asked whether a Muslim U.S. soldier who committed fratricide would be considered a martyr in the eyes of Islam.49 And al-Awlaqi was no garden-variety terrorist. An American, English-speaking radical cleric, al-Awlaqi had served as the spiritual adviser to three of the 9/11 hijackers50 and had been the subject of numerous FBI counterterrorism investigations dating back a decade.51 By 2009, he was widely viewed as one of the most influential “virtual spiritual sanctioners”52 of jihadi terrorism in the world, preaching fiery sermons through YouTube videos,

48. Ibid. 49. Webster Report, 41, 75. 50. Senate Report, 20–21. 51. The House and Senate Intelligence Committees’ Joint Inquiry into 9/11 notes that the imam who was in contact with some of the 9/11 hijackers was the subject of an FBI counterterrorism inquiry in June 1999. Although the joint inquiry did not refer to alAwlaqi by name, the 9/11 Commission (and subsequent press reports) did. See House Permanent Select Committee on Intelligence and Senate Select Committee on Intelligence, Report of the U.S. Senate Select Committee on Intelligence and the U.S. House Permanent Select Committee on Intelligence, 107th Congress, 2nd session, December 2002, 178; and The 9/11 Commission Report, 221; Zegart, Spying Blind, 165. Press reports also note that al-Awlaqi was interviewed by the FBI after 9/11 for his suspected connections to the plot, but the FBI did not have enough evidence to charge him. See, for example, Scott Shane and Souad Mekhennet, “Imam’s Path from Condemning Terror to Preaching Jihad,” New York Times, May 8, 2010. Michael Weiss reports that al-Awlaqi was a suspect in two FBI investigations before 9/11, including one that ended in March 2000. Michael Weiss, “The Killing of Anwar al-Awlaki Is a Hammer-blow to al-Qaeda, and a Reminder of How British Campuses Host Extremists,” Telegraph, September 30, 2011. In 2006 al-Awlaqi was detained in Yemen at the request of the United States (Shane and Mekhennet, 2010; Susan Schmidt, “Imam from Va. Mosque Now Thought to Have Aided Al-Qaeda,” Washington Post, February 27, 2008). However, Shane’s recent book about al-Awlaqi concludes that the cleric probably did not play a role in 9/11 and was radicalized afterward: Scott Shane, Objective Troy: A Terrorist, a President, and the Rise of the Drone (New York: Tim Duggan Books, 2015). 52. A “spiritual sanctioner” is someone who provides religious justification for violent political extremism for individuals who are radicalizing. In the past, spiritual sanctioners exercised their influence in person. More recently, “virtual spiritual sanctioners” have served this same role from a distance, using the Internet. See Mitchell D. Silber and Arvin Bhatt, Radicalization in the West: The Homegrown Threat (New York: New York Police Department, 2007); Mitchell D. Silber, Director of Intelligence Analysis, New York City Police Department, Statement before the Senate Homeland Security and Governmental Affairs Committee, 111th Congress, 1st session, Nov. 19, 2009; Senate Report, 20–21.

50

2. THE FORT HOOD TERRORIST ATTACK

DVDs, Facebook, and a glossy, English-language online jihadist magazine called Inspire, which included articles such as “Make a Bomb in the Kitchen of Your Mom.”53 The Hasan e-mail to al-Awlaqi was the first of eighteen communications between the two men over the next eleven months, and it immediately “tripped the wire,” according to the FBI’s Webster Commission investigation.54 Flagging the first Hasan e-mail to al-Awlaqi was a significant intelligence achievement given the crushing volume of information coming into the San Diego JTTF at the time. There, al-Awlaqi investigation documents were reviewed by one analyst and one agent. On average, these two people read about 70 documents each workday, or more than 1,500 per month. Between Hasan’s first e-mail and the Fort Hood attack one year later, the JTTF workers reviewed more than 29,000 documents, with no effective information technology system to keep track of what they found or search efficiently for trends.55 Despite this workload, however, the communication between Hasan and al-Awlaqi was identified as important, a lead worth investigating. This signal was not lost amid the noise. It was found. However, the resulting investigation was fraught with coordination problems and missed steps. Two joint terrorism task forces, one in San Diego and another in Washington, DC, fought over what to do next. San Diego wanted a more serious investigation, but the task force in Washington, where Hasan lived, had jurisdiction. Technical system problems and misunderstandings led each JTTF to believe that the other was tracking Hasan’s subsequent communications with al-Awlaqi when in fact nobody was.56 The FBI never notified the Pentagon about Hasan, even though the Army’s chief counterintelligence unit, the 902nd Military Intelligence Group, was only twenty-five miles up the road from Walter Reed.57 Nobody interviewed Hasan, his colleagues, or his supervisors.58 Instead, the investigation consisted of a four-hour database search by a Defense Department official detailed to the task force in Washington, who concluded that Hasan’s performance evaluations showed nothing amiss and that his e-mails

53. “Anwar al-Awlaki,” New York Times, http://topics.nytimes.com/topics/reference/ timestopics/people/a/anwar_al_awlaki/index.html, updated Oct. 10, 2011; Tim Lister and Paul Cruickshank, “Anwar al-Awlaki: Al Qaeda’s Rock Star No More,” CNN Online, www. cnn.com/2011/09/30/world/meast/analysis-anwar-al-awlaki/index.html, September 30, 2011; Webster Report, 33. “Make a Bomb in the Kitchen of Your Mom” was published in the summer 2010 issue of Inspire, after the Fort Hood attack. 54. For the eighteen total communications between Hasan and al-Awlaqi, see Webster Report, 63, 68. “Tripped the Wire” is found in Webster Report, 41. 55. Webster Report, 88, 91–92. 56. Senate Report, 38–39; Webster Report, 77–78. 57. Webster Report, 73. 58. Webster Report, 55–57, 73, 81; Senate Report, 35–39.

51

AMY B. ZEGART

to a well-known foreign terrorist were probably just part of Hasan’s research. Focused narrowly on whether Hasan was actively engaged in terrorism, the investigation missed entirely the possibility that Hasan could pose a growing danger.59 Eight years after the World Trade Center and Pentagon attacks, the FBI was still stuck in a pre-9/11 culture and mind-set that emphasized looking for people who were immediate terrorist threats, not people who might become them. The FBI’s investigation ended soon after it began, and Hasan’s radicalization continued.

Organizational Weaknesses in the Department of Defense Hasan’s attack on Fort Hood signaled the emergence of a new adaptation challenge for the Defense Department: rethinking what “force protection” meant. Throughout the Cold War, force protection involved providing physical protection against external security threats. This was true even in counterterrorism, where the most serious and well publicized terrorist attacks, the bombing of the Beirut Marine barracks in 1983 and the Khobar Towers attack of 1996, involved foreign terrorists parking trucks near U.S. military installations and blowing them up. For decades, force protection meant better perimeter security, higher fences, tougher checkpoints, and other measures to prevent outsiders from attacking U.S. installations around the world.60 After 9/11, adapting to new force protection realities required two dramatic shifts in thinking. The first was that Islamist terrorist enemies could be Americans, including Americans operating inside the military. The second was that protection meant taking measures to catch potential perpetrators, not just hardening targets.61 As Paul Stockton noted, “There was an insider threat that DOD had never had to prepare against in the past.”62 In short, the Defense Department started from a position of weakness. For half a century, the department’s structure, systems, policies, and culture had been oriented to think about protecting forces from the outside, not the inside. More specifically, the Defense Department had three systems offering opportunities to identify Hasan as a growing threat and take action: the disciplinary system, the performance evaluation system, and the counterterrorism investigatory system run jointly with the FBI through joint terrorism task forces. I discuss how and why each failed below.

59. 60. 61. 62.

Senate Report, 35–39. West/Clark Report, 26; interview with Paul Stockton, November 9, 2011. West/Clark Report, 26. Interview, November 9, 2011.

52

2. THE FORT HOOD TERRORIST ATTACK

disi n centi ves i n th e d i sci pli na ry sys t e m Hasan did not have to commit a terrorist act or even threaten to do so to be disciplined or discharged from the military. Stating beliefs that his loyalty to the Koran took precedence over his loyalty to the U.S. Constitution and his duties as an officer constituted sufficient grounds for discharging him. His job performance should also have led to disciplinary actions, according to both the Senate Homeland Security and Governmental Affairs Committee and Pentagon reviews.63 Yet this never happened. Although several of Hasan’s superiors were aware of his radical views and poor performance, all chose to take no formal action. Why? The Defense Department and Senate investigations point fingers in different places. The Defense Department review faulted failures of leadership: “We conclude that although the policies we reviewed were generally adequate, several officers failed to comply with those policies when taking actions regarding the alleged perpetrator.”64 The review strongly suggested that individuals be held accountable, and the Secretary of the Army ordered disciplinary action against nine officers in Hasan’s chain of command.65 This conclusion fit with the Army’s institutional culture; as one officer put it, the view in the Army is “We send you guys and you make something of them.”66 The Senate investigation, by contrast, found the key failure was the military’s unwillingness to name, detect, or defend against violent Islamist extremism: “We are concerned that . . . worries about ‘political correctness’ inhibited Hasan’s superiors and colleagues who were deeply troubled by his behavior from taking the actions against him that could have prevented the attack at Fort Hood.”67 However, a closer look suggests that individual leadership and political correctness were the proximate causes of failure, not the root causes. When many individuals fail in the same way, something more than individual

63. Senate Report, 45–47; West/Clark Report, 9. 64. West/Clark Report, 9. 65. Jim Miklaszewski, "9 Officers Face Disciplinary Action in Fort Hood Shooting,” NBC News, March 10, 2011, www.msnbc.msn.com/id/42017230/ns/us_news-security. 66. Interview, November 18, 2011. 67. Senate Report, 31. The report went on to criticize the Pentagon for responding to Fort Hood by instituting policies about undefined “extremism” generally or “workplace violence” rather than explicitly calling the threat “Islamist extremism” (Senate Report, 48). The Pentagon has forcefully defended its approach, noting that the United States is at war with terrorist groups, not Islam; that no reliable indicators of Islamist extremism leading to violence yet exist; and the Pentagon seeks an insider threat strategy that can adapt to a full range of extremists, not just Islamist extremists. Interview with Paul Stockton, November 9, 2011; testimony by Paul Stockton, Assistant Secretary of Defense for Homeland Defense and Americas’ Security Affairs, Committee on Homeland Security and Senate Committee on Homeland Security and Governmental Affairs, 112th Congress, 1st session, December 7, 2011.

53

AMY B. ZEGART

leadership lapses is at work. Its name is organizational incentives. In this case, the Army’s incentives for promoting and disciplining subordinates led nine different people in Hasan’s chain of command to make the same bad call. Incentives also suggest that political correctness went only so far: Hasan’s superiors had powerful reasons to avoid initiating disciplinary proceedings against anyone in their unit, Muslim or otherwise. Organizational incentives mattered in two respects. First, Hasan’s rank and medical specialty were both in extremely short supply. Army supervisors knew that it would be nearly impossible to deny him promotion, much less dismiss him. Because of cutbacks after the Cold War, the Army had a significant shortage of captains and majors (Hasan was a captain for several years before being promoted to major in May 2009). This shortage was pronounced in the Army’s medical corps and particularly acute for psychiatrists. In 2008 the Army had a fill rate of just 83 percent for captains in the medical corps.68 A Defense Department mental health task force underscored the seriousness of shortages of uniformed mental health professionals, calling manpower and resource shortages the “single finding that underpins all others” in its report about the urgent need to improve mental health care for service members and their families.69 Because of the mounting posttraumatic stress disorder cases among soldiers returning from multiple tours of duty in Iraq and Afghanistan in the mid-2000s, the need for psychiatrists was growing far faster than the Army could handle. Of the Army’s twenty-seven medical specialties, psychiatrists suffered some of the worst and most chronic shortages.70 At the same time that Hasan was failing to show up for work and espousing radical beliefs, the Army was fighting two wars and struggling to keep mental health professionals like him in the service. “During that time period,” said one military official, “everyone was getting promoted. It was impossible not to get promoted. If you suggested it, people would think you were stupid.”71 A former government official agreed. Incentives to promote, he said, were “huge. The line commander thinks this guy needs to go away. But the people above him at headquarters are just looking at numbers. They say, ‘Hey we’ve got a

68. Government Accountability Office, “Military Personnel: Army Needs to Focus on Cost-Effective Use of Financial Incentives and Quality Standards in Managing Force Growth,” Report to the Subcommittee on Military Personnel, House Committee on Armed Services, GAO-09-256, May 2009. 69. Department of Defense Task Force on Mental Health, An Achievable Vision: Report of the Defense Task Force on Mental Health (Falls Church, VA: Defense Health Board, 2007), www. health.mil/dhb/downloads/MHTF-Report-Final.pdf, 41. 70. Government Accountability Office, “Military Personnel: Status of Accession, Retention, and End Strength for Military Medical Officers, and Preliminary Observations Regarding Accession and Retention Challenges,” Briefing for Congressional Committees, GAO-09-469R Military Personnel, April 16, 2009. 71. Interview, November 18, 2011.

54

2. THE FORT HOOD TERRORIST ATTACK

shortage of officers in this area and you’re trying to let this one go? We’ve got a personality problem. Let’s just transfer him to another facility.’”72 Transferring Hasan is exactly what they did. As the officer who assigned Hasan to Fort Hood told a colleague there, “You’re getting our worst.”73 There were also strong disincentives for supervisors to take action against any subordinate because doing so involved high opportunity costs, draining time and resources away from other activities in a military stretched thin by two long-running wars.74 As one government official put it, “50% of every manager’s time is spent managing the 3% of the people in the office who shouldn’t be there.”75 Another former government official estimated that even if a military officer committed a crime, dismissing him would take six months to a year. Getting rid of poor performers would take even longer: “There is real resistance to honestly gauge someone’s performance,” he added, “because if you honestly gauge it badly, you’re only asking for headaches.”76 The danger posed by Hasan’s radicalization for the military was new, but the larger organizational incentives that failed to stop it were not. Hasan’s religion, to be sure, exacerbated these incentives. The military had poor guidelines and training about the threat posed by Islamist extremism. As a result, some of Hasan’s supervisors knew little about the Muslim faith and could not differentiate between legitimate religious expression and outward displays of extremism that were incompatible with the teachings of Islam and with military service.77 Religion also played a more subtle role, raising the political and legal stakes for any supervisor taking disciplinary action against one of the Army’s few Muslim officers.78 Politically, disciplining a service member for religious beliefs is always a sensitive topic, and all the more so given the context of U.S. wars against the predominantly Muslim countries of Iraq and Afghanistan. Hasan’s

72. Ibid. 73. Quoted in Senate Report, 34. 74. In 2008, Foreign Policy and the Center for a New American Security jointly surveyed more than 3,400 active duty and retired military officers. The survey found widespread concern that the military, particularly the Army, was severely strained. Sixty percent of respondents said the military in 2008 was weaker than it was five years earlier. Asked to grade the health of each service on a scale of 1 to 10, with 1 signifying no concern and 10 signifying grave concern, respondents reported an average score of 7.9 for the Army, compared to a low of 5.7 for the Air Force, and an average score of 6.6 across the four services. “The U.S. Military Index,” Foreign Policy, February 19, 2008, www.foreignpolicy.com/articles/2008/02/19/ the_us_military_index?print=yes&hidecomments=yes&page=full. 75. Interview, July 29, 2004. 76. Interview, November 18, 2011. 77. Senate Report, 31–32, 47–49; West/Clark Report, 16–18. 78. In 2008 Muslims accounted for less than half a percent of active-duty forces. Of the 4,400 cadets at West Point that year, only 24 were Muslim. Yochi J. Dreazen, “Muslim Population in the Military Raises Difficult Issues,” Wall Street Journal, November 9, 2009.

55

AMY B. ZEGART

supervisors may also have wanted to tread carefully to avoid any potential charges of religious discrimination. As one former government official said, it was likely that “there was a fear that he would initiate proceedings alleging he’d been discriminated against for variety of reasons.”79 In sum, incentives worked against disciplining or dismissing Hasan despite his public displays of violent extremist ideology and his poor job performance. Hasan was an Army major and a psychiatrist at the moment that the Army sorely needed both. The disciplinary system meant that supervisors would have to expend substantial effort to move forward, taking time away from other duties while facing a low probability of success in the end. Against this backdrop, Hasan’s religion raised potential political and legal costs of being perceived as targeting Muslims unfairly. Political correctness made taking action difficult. The broader incentives to promote and avoid disciplinary hassles made it virtually impossible. t h e perfo rm an ce eva luati o n system: ma kin g red flags i n vi si ble Supervisors not only failed to take action against Hasan; they also failed to note their concerns in Hasan’s officer evaluation reports. Consequently, when the Washington Joint Terrorism Task Force investigator learned that Hasan was communicating with a well-known foreign terrorist and reviewed Hasan’s OERs, he found no red flags. Instead, Hasan’s records showed a well-respected military officer who had received positive reviews from superiors. Some even sanitized his obsession with Islamist extremism as praiseworthy research.80 Here, too, political correctness and individual leadership failures explain some of the problem, but not as much as one might think. It is clear that red flags did not go unnoticed. One of Hasan’s instructors and one of his colleagues referred to him as a “ticking time bomb.”81 A memo from the head of Hasan’s residency program notes some serious concerns about Hasan’s performance and his religious activities.82 The question, then, isn’t why red flags were never raised, but why so many red flags never made it into Hasan’s official evaluation reports, where they would have been seen by the FBI. Much of the answer lies in better understanding OERs, how they are used, and why.83 The Army’s personnel evaluation system was well designed to

79. Interview, November 18, 2011. 80. Senate Report, 33. 81. Ibid., 8. 82. Moran 2007 memo. 83. Bureaucratic politics were also at work. One reason Hasan received a prestigious fellowship to the USUHS even though he ranked at the bottom of his class is that he was the

56

2. THE FORT HOOD TERRORIST ATTACK

improve the performance of individuals within a command, ensure efficient promotions throughout the service, and identify traditional violence-related problems such as domestic violence or gang activities. What the personnel evaluation system was not designed to do was identify counterintelligence risks or insider terrorist threats. The Army’s personnel records system combined extreme localization and high standardization. During Hasan’s tenure, each soldier or officer had two sets of records: 1. Local files kept by the service member’s supervisor—called personal files—to identify specific performance issues and track progress. These files were not forwarded to anyone in the chain of command when the service member moved onto his next post. 2. Permanent files, consisting of medical records and officer evaluation reports that were compiled annually and reviewed by promotion boards every few years. These were the records that the FBI JTTF investigator reviewed.84 The first system ensured that all but the most severe red flags stayed local, while the second ensured that most red flags never got put in writing at all. Personal Files: The Trouble with Fresh Starts. The supervisor’s personal file system was, above all, temporary and local. When a new service member arrived on a base or installation, he came alone: No OERs, files, information, or notes from other supervisors accompanied him. Instead, each supervisor started from zero, with almost no visibility into a service member’s prior performance.85 The system guaranteed that individual service members “started fresh” with each posting. In the Army, this was no small matter. As one Pentagon official explained, the majority of Army service members are young men who “have lots of aggression, which we want them to keep. They operate in high octane situations, and sometimes they use bad judgment, getting in trouble with the law.” It is important, said this official, “that one bad lapse of judgment does not ruin their entire career.”86 This policy also reflected a deeply held cultural norm about what leadership means in the Army. Good commanders motivate and mold the men

only Army candidate and the fellowship director worried that if the slot went unfilled, the Army would lose the slot in the future. Senate Report, 32. 84. Webster Report, 56, 73, 80. 85. The West/Clark Report found that even health care assessments, which include mental health assessments, may not be sent to appropriate supervisors because the policies governing the content and sharing of that information are outdated and spread across multiple regulations and memoranda. West/Clark Report, 14–15; DOD Implementation of Recommendations from the Independent Review Related to Fort Hood (August 18, 2010), 4. 86. Interview, November 9, 2011.

57

AMY B. ZEGART

and women under their command, whatever their individual faults or development needs. Local commander discretion lay at the heart of the personal file system. This personal file system had its benefits, but it also prevented the accumulation of red flags by design. Because every commander started his records of a subordinate anew, there was no way to create or obtain a dynamic picture of a service member’s performance or an integrated view of supervisor concerns. All but the most serious red flags rose and fell within each command, disappearing as soon as the service member moved onto his next posting. In earlier times and in different circumstances, the Army’s preference for a localized evaluation system that encouraged commanders to develop subordinates and deal with their problems made sense. In the post-9/11 context, however, the cost-benefit calculus of this system became more problematic. The personal file system was likely to fail in Hasan’s case because it isolated the signals of his radicalization rather than concentrating them. Evidence of Hasan’s radicalization toward violence spanned six years and three postings. Although different supervisors expressed misgivings, nowhere did these misgivings appear to come together. Each time Hasan got his “fresh start,” his radicalization toward violent extremism was allowed to continue. OERs: When Good Forms Go Bad. The Army’s second personnel records system, officer evaluation reports, suffered from a different problem: extreme standardization, which kept most red flags from being put in writing at all. Because of the volume of promotion decisions that boards addressed, OER forms at that time were short. They did not include grading ranges. Instead, raters judged an officer’s performance along sixteen dimensions by checking “yes/no” boxes. These dimensions included personal attributes such as mental capabilities, physical fitness, and emotional self-control; conceptual, interpersonal, technical, and tactical skills; and leadership. The truncated grading range meant that concerns were less likely to be raised because the bar for marking “no” on any skill area was exceptionally high. For example, an officer was rated as either “display[ing] good oral, written, and listening skills for individuals/ groups” or not. There was no middle ground. During Hasan’s service, because the military was accelerating promotions to fill manpower needs, supervisors had even stronger incentives to mark “yes” on every question, even for marginal performers. The result was that for most personnel, the officer evaluation reports were a poor reflection of reality. Hasan was not the exception; he was the rule. In addition, although OERs included a few open-ended questions, all of them asked reviewers to comment positively on a candidate’s particular value or expertise and potential for promotion. There was no box to check

58

2. THE FORT HOOD TERRORIST ATTACK

or question to answer to register concerns. This constrained format, combined with the permanence of the form and substantial supervisor discretion about what to include, meant that derogatory information often did not go into the OER.87 As one military official explained, “Are we writing these forms to get a psycho out of the military? No. That’s not what they are for. They are for getting people promoted.”88 In Hasan’s case, his Secret security clearance only made matters worse, raising the threshold for reporting derogatory information about him even higher. The Pentagon review found that once a service member obtained a security clearance, supervisors were generally averse to reporting any potential negative information about him short of criminal activity.89 When the joint terrorism task force investigator reviewed Hasan’s personnel files, little wonder he found no red flags: Officer evaluation reports were not designed to identify or collect them.90 And indeed, Hasan had recently passed a security clearance reinvestigation.91 In short, the very design of the Army’s systems to evaluate personnel made it likely that red flags about Hasan would remain invisible. Concerns that appeared at the local level lived and died in the supervisor’s filing cabinet. OERs were supposed to be the place for putting the positive face on a service member’s contribution so that he or she could earn promotion. Supervisors had tremendous discretion about what to include in that permanent file, and they operated under strong norms about withholding derogatory information precisely because the files were permanent and used for promotion purposes.92 If there were concerns about performance, they had to be severe and had to fit within the prescribed categories to be noted. Ironically, the forms used to track personnel inhibited the Army’s ability to learn about threats inside its ranks. This problem is not unique to the Army. Sociologists have found that businesses and government agencies usually develop standardized ways of communicating as they grow larger and more diversified. The problem is these standardized communication forms keep the organization from

87. West/Clark Report, 18. 88. Interview, November 18, 2011. 89. West/Clark Report, 13. 90. It is worth noting that even the separate mental health forms that were meant to get the mentally unfit out of the military were geared toward preventing violence that typically led to law enforcement intervention (such as suicide, domestic violence, and gang activities), not potential security threats like espionage or terrorism (West/Clark Report, 3). Here, too, Army forms, policies, and practices were geared toward issues that had been problems in the past (West/Clark Report, 11–16; Department of Defense Implementation of Recommendations from the Independent Review Related to Fort Hood, August 18, 2010, 3). 91. Webster Report, 55. 92. Interviews with three Defense Department officials, November 9, 2011.

59

AMY B. ZEGART

learning and adapting to new challenges.93 Routine forms and communication channels, rules, and standard operating procedures weed out ideas and stifle innovations that do not fit easily into existing formats and channels. Forms establish lists of what managers must consider, not what they should consider. Issues that cannot be routinely reported are not routinely reported. With Hasan, the Army’s personnel evaluation system worked smoothly into failure. jo in t terrori sm ta sk fo rces: th e wrong p e ople fo r the j o b? The Defense Department's third chance to intervene and potentially stop Hasan rested partly outside the department, in the FBI’s interagency joint terrorism task forces, which drew detailees from a number of federal and local agencies to help with counterterrorism information sharing and coordination. Although JTTFs began in 1980, their use greatly expanded after 2001.94 The Defense Department routinely sent members to serve on JTTFs around the country. On January 7, 2009, ten months before Hasan’s attack, the Washington JTTF received an electronic communication from the San Diego JTTF about Hasan. (Because Hasan was stationed at Walter Reed, his case fell within the jurisdiction of the Washington task force.) The electronic communication noted that Hasan had sent two e-mails to Anwar al-Awlaqi, provided basic information about al-Awlaqi, included the text of both e-mails, and noted that Hasan was believed to be a military service member stationed at Walter Reed. The electronic communication from San Diego to Washington concluded, “While email contact with Aulaqi [al-Awlaqi] does not necessarily indicate participation in terrorist-related matters, Aulaqi’s [al-Awlaqi’s] reputation, background, and anti-US sentiments are well known. . . . This type of contact would be of concern if the writer is actually the individual identified above.”95 The Hasan case was handed to the Defense Department detailee on the Washington JTTF to follow up. He did, but only in the barest sense. His entire investigation took just four hours. The DOD official verified Hasan’s position in DOD’s personnel database, checked the FBI’s investigative databases to see whether Hasan had been the subject of any previous or current investigations (he had not), and obtained Hasan’s officer evaluation reports from the Army, which praised his research and gave no hint of any concerns about his performance or radicalization. The official decided not

93. Vaughan, The Challenger Launch Decision; Barbara Levitt and James G. March, “Organizational Learning,” Annual Review of Sociology 14 (1988): 319–340. 94. On 9/11, there were 35 JTTFs in the United States. In 2012, there were 104. Webster Report, 11. 95. Webster Report, 44–45.

60

2. THE FORT HOOD TERRORIST ATTACK

to interview Hasan or any of his coworkers in part because he worried— wrongly—that interviews would jeopardize the FBI’s investigation of alAwlaqi. He believed—again, wrongly—that Hasan’s use of his real name on the communications with al-Awlaqi suggested the relationship must be part of legitimate research.96 And he focused the inquiry very narrowly, on whether Hasan was actively engaged in terrorist activities at that moment, not whether he was in the process of radicalizing and could pose an emerging threat. An FBI agent in San Diego found the investigation so “slim” that he thought Hasan might be a confidential FBI informant.97 In fact, the San Diego agent was so concerned about the shoddiness of the investigation that he did something he had only done once before in his career: insist that another office do more to follow up on a lead. Not wanting to appear too heavy-handed, the San Diego agent had a member of his JTTF e-mail the Washington JTTF suggesting that its investigation appeared to have “limited probing” and asking whether Hasan was in fact “a friend of” the FBI.98 In the next section I discuss the FBI’s use of JTTFs and the underlying weaknesses of these task forces. Here, my focus is more targeted: examining the Defense Department’s role on JTTFs and, more specifically, why this Defense Department detailee to the Washington JTTF made the poor decisions that he did. On one level, it appears that a person made serious mistakes. But a closer look reveals that these mistakes had less to do with individuals and more to do with organizations. The most important reason that this investigator did his job poorly was that he was the wrong person for the job. Like most detailees sent from the Defense Department to joint terrorism task forces, the DOD official investigating Hasan had no meaningful counterterrorism or counterintelligence expertise or experience. Rather than coming from one of the military’s counterintelligence units, analytic shops, or special forces, he came from the Defense Criminal Investigative Service (DCIS), which is part of the Inspector General’s office used to investigate cases of waste, fraud, and abuse.99 A review of DCIS press releases from 2009 to 2011 finds that the entire office handled just two cases per year with any counterterrorism connection at all during this period. By contrast, DCIS handled an average of fifty-two cases per year involving bread-and-butter waste/fraud/abuse issues such as false travel claims, kickbacks, embezzlement, theft of military supplies, and military export control violations.100

96. Senate Report, 37. 97. Ibid., 36–38. See also Webster Report, 41–62. 98. Webster Report, 59. 99. Senate Report, 36. 100. Author analysis of 2009–2011 press releases from DCIS website, www.dodig.mil/ inv/dcis.

61

AMY B. ZEGART

The Pentagon had strong incentives to send detailees from DCIS to serve on these task forces: DCIS employees were relatively plentiful, they were least mission-critical to the military, and they satisfied the FBI’s demand for personnel with federal investigative authority. DCIS, said one former government official, “sent people to JTTFs because they had the bodies at the time and the other units in the Pentagon did not. The FBI was just looking for people. They were asking, ‘Who is available to be sent?’”101 Who was available meant who could be spared. DCIS fit that bill, too. Finding people for any joint duty assignment was always a challenging task, and it was all the more so because this particular joint duty assignment was far afield from core military operations. “There was resistance by Army and Air Force to sending people out there,” said another former government official. “The attitude was, 'we are too busy. What do we get in return?’”102 Finally, precisely because this type of work fell outside the scope of core military activities, the Pentagon deferred to the FBI about who was best suited for the job. To the FBI, “best” meant “most like an FBI agent,” not someone with relevant domain expertise or analytic heft to bring a different perspective (more on that below). According to a former government official, the FBI requested DOD personnel who were sworn federal law enforcement officers, which meant they could carry guns, could wear badges, and were authorized to enforce all federal laws just like the FBI. In fact, in earlier years the Pentagon had tried sending skilled analysts and personnel from the Army and Air Force with more counterterrorism experience. But because they were active military duty personnel and not sworn federal law enforcement officers, Army and Air Force detailees were often relegated to clerical work on the task forces, sitting behind desks and filing papers. By 2006, the Army and Air Force were resisting sending anyone, so the Pentagon and FBI agreed to use DCIS to fill those manpower needs.103 In short, staffing these task forces with DCIS detailees made good bureaucratic sense for the Pentagon even though it made JTTFs less likely to succeed. Given DCIS’s mission and expertise, any detailee sent from there to a joint terrorism task force would have had a hard time catching Hasan. In large part, the DCIS detailee in question did not find a potential terrorist or counterintelligence threat because nothing in his work experience taught

101. Interview, November 14, 2011. 102. The official noted that the Navy took a different view, largely because of the way that counterterrorism and counterintelligence are handled organizationally. The Army and Air Force use active-duty personnel to investigate counterterrorism and counterintelligence cases. But the Navy uses a civilian Navy criminal investigative service (NCIS). In the Navy, NCIS personnel have full law enforcement authorities, which puts them on par with FBI special agents in terms of the activities they are allowed to perform. But active-duty Army and Air Force personnel are not sworn law enforcement officers and as a result have not been considered equal partners in the JTTFs. Interview, November 18, 2011. 103. Interview, November 18, 2011.

62

2. THE FORT HOOD TERRORIST ATTACK

him how to look for one. He believed that Hasan’s use of his real name while communicating with a well-known terrorist leader was proof that nothing nefarious was afoot. As the Senate Report noted, “The DCIS agent believed it was relevant that Hasan had not tried to hide his identity [redacted] in his communications with [al-Awlaqi] . . . which the agent believed implied that the communications were legitimate research efforts.”104 One can see why the DCIS agent drew that conclusion: In his experience, crimes involved covering up identities and activities, not revealing them. His investigative experience also led him to approach Hasan as a criminal case, not an intelligence thread. He sought information only about whether Hasan had been investigated in the past or presented an immediate threat rather than looking down the road at future possibilities or what insights Hasan might reveal about the radicalization process more generally.105 In his e-mail to San Diego closing the case, the DCIS investigator wrote that the Washington field office “does not currently assess Hasan to be involved in terrorist activities.”106 His supervisory agent shared this case fixation and approved his memo, closing the inquiry. And even when the San Diego office pressed for more action, the DCIS investigator assumed that exhortations to conduct a “deeper investigation” still meant determining whether Hasan posed a current danger, not whether Hasan could develop into a future one. On June 12, 2009, the DCIS investigator e-mailed San Diego— “From your email, I assume SD desired a deeper investigation”—but reiterated his conclusion that Hasan did not pose an immediate terrorist threat: “If you have additional information regarding Hasan’s links to terrorism or request any specific action, please share and we will re-assess.”107 In addition, the Senate investigation’s narrative leaves the impression that the DCIS investigator (along with several FBI agents and supervisors) failed to recognize the importance of Anwar al-Awlaqi and may not have really understood who he was.108 Said one former government official, “They [the DCIS detailees] didn’t have the training, experience, or skill set to do counterintelligence and anti-terrorism because their expertise was in the area of fraud investigations. They share the same basic qualifications of an FBI agent but do not have the specialized capabilities of an FBI Counterintelligence/Antiterrorism Agent.”109

104. Senate Report, 37. 105. Ibid., 36; Webster Report, 81. 106. Webster Report, 57. 107. Ibid., 59–60. 108. Senate Report, 36–38. 109. Interview with a former DOD official with detailed knowledge of, and experience working with, DCIS operations who represented DOD on JTTF governance questions, November 18, 2011.

63

AMY B. ZEGART

FBI Organizational Weaknesses As with the Defense Department, the FBI’s failures in this case occurred against the backdrop of a much larger adaptation challenge. For the Pentagon, the macro challenge was reconceptualizing force protection from external threats requiring physical barriers to internal threats requiring close human observation and action. For the FBI, the macro challenge was transforming the bureau from a reactive law enforcement agency to a proactive domestic intelligence organization. This was a much bigger task. Preventing terrorists from killing Americans was nothing like arresting bank robbers or any other aspect of the FBI's traditional crime fighting mission. Counterterrorism intelligence required moving fast, looking ahead, connecting information across cases, and sharing intelligence to develop a strategic view of trends and possibilities to prevent disaster. Law enforcement required moving meticulously and slowly to gather evidence, looking backward to solve crimes after the fact, staying focused on one case at a time, and guarding information so that it could be admitted in court. However, the FBI had a head start over DOD, having initiated a string of major counterterrorism reforms beginning in the mid-1990s.110 The 9/11 terrorist attacks lent unprecedented urgency and resources to these efforts. As FBI Director Robert Mueller put it, “Starting immediately after the planes hit . . . it became clear that our mission and our priorities had to change dramatically.”111 Fort Hood was a wake-up call for the Pentagon, but it should not have been a wake-up call for the FBI. Instead, Hasan’s attack revealed nagging transformation problems. These centered on two overarching issues: the FBI’s decentralized field office structure, which prevented effective coordination between different joint terrorism task forces; and the bureau’s case orientation, which kept it from asking the right questions or sharing information with the Defense Department. t h e perils o f d ecen tra li zati o n : wh o’ s i n c ha r g e ? The FBI’s handling of Hasan was riddled by coordination snafus. Two FBI joint terrorism task forces—one in San Diego, the other in Washington— were involved in investigating Hasan starting in late 2008. As noted above, San Diego first received Hasan’s communications with Anwar al-Awlaqi but had to pass the case to Washington because that is where Hasan

110. These reforms proved halting and unsuccessful. For details about the FBI’s pre-9/11 reform efforts and why they failed, see Zegart, Spying Blind, 127–155. 111. Robert Mueller, Hearing before the Joint House and Senate Select Intelligence Committees, “Activities of the Intelligence Community in Connection with the Attacks of September 11, 2001,” 107th Congress, 2nd session, October 17, 2002.

64

2. THE FORT HOOD TERRORIST ATTACK

worked.112 This meant that the task force with the greatest concern about Hasan was not the one charged with investigating him. When Washington came back with its cursory four-hour review, San Diego called the Washington JTTF and complained. Twice. For one field office to press another to follow up on a lead more aggressively was highly unusual; the San Diego special agent responsible for assigning the lead had done so only one other time in his career.113 Still, the Washington JTTF ignored San Diego’s concerns, the San Diego JTTF took no further action, and the inquiry ended, even as Hasan’s e-mails with al-Awlaqi continued.114 Coordination between San Diego and Washington was so poor that the two task forces did not even have a common understanding of who specifically might follow up on Hasan’s communications, or how.115 San Diego thought the Defense Department detailee to the Washington JTTF could access a particular database with Hasan’s communications and would continue conducting due diligence.116 However, the Washington JTTF detailee did not even know the database existed. He assumed that San Diego would send him any additional communications between Hasan and al-Awlaqi. Indeed, he explicitly noted that he would reassess the Hasan case if San Diego shared additional information, which it never did.117 In the end, nobody in either field office conducted subsequent database searches to determine whether there were communications between Hasan and al-Awlaqi after January 7, 2009.118 There were indeed: Sixteen more messages were intercepted and sitting in the FBI’s Data Warehouse System-Electronic Surveillance Data Management System (DWS-EDMS) database between January and the November Fort Hood attack.119 These included two replies from al-Awlaqi and fourteen additional

112. Senate Report, 35–36. 113. Webster Report, 59. 114. Senate Report, 37–38. 115. Webster Report, 75–79, 83. 116. Senate Report, 38–39. 117. Ibid., 39, 58. 118. Poor coordination also stemmed partly from technological and training weaknesses. The FBI’s information technology systems in 2009 were known to be inadequate, with too many disparate databases, too little functionality, poor training, and access that was both limited and inconsistent. DWS-EDMS served as the repository of communications intercepts but had notoriously deficient search and information management capabilities. Perhaps most important, it lacked a “Google alert”–like notification system to track intercepted communications and notify an agent or analyst. This meant that a new message between Hasan and al-Awlaqi could be linked to their earlier communications only by an individual’s memory or notes, or by actively searching the DWS-EDMS database. Moreover, the FBI did not offer a single course on how to use the system effectively and did not require that personnel know about or learn how to operate it—raising further the barriers to updating information that might have triggered a more thorough and fruitful investigation into Hasan’s radicalization. Webster Report, 64, 89. 119. Senate Report, 38; Webster Report, 46. For texts of the messages, see Webster Report, 41–43, 47–61.

65

AMY B. ZEGART

alarming e-mails from Hasan that defended Hamas’s rocket attacks against civilians, praised al-Awlaqi’s work,120 identified himself as a U.S. military officer,121 and offered his help to the cleric.122 “Please keep me in your rolodex in case you find me useful and feel free to call me collect,” Hasan wrote al-Awlaqi on March 7.123 The Washington Field Office supervisory special agent in charge of the case told the FBI’s Fort Hood review that he would have opened a preliminary investigation of Hasan had he seen the additional messages.124 In short, social shirking appeared to be a powerful factor: Everyone thought that Hasan was someone else’s responsibility. San Diego believed Washington “owned” the lead and considered Hasan peripheral to its al-Awlaqi investigation. Washington viewed Hasan as part of San Diego’s al-Awlaqi investigation and hence San Diego’s primary concern. As the FBI’s Webster investigation concluded, each field office “looked to the other as responsible and as the final decision-maker. As a result, nothing further was done.”125 These types of coordination failures were supposed to be prevented and addressed by two units at FBI headquarters: the Counterterrorism Division and the National Joint Terrorism Task Force. Yet these final fail-safes also failed. Both units played no role in the Hasan case at all. Several people at the Counterterrorism Division were copied on the initial correspondence between the San Diego and Washington JTTFs concerning Hasan, but they did not follow up or encourage additional action. Nor were they notified when the two JTTFs disagreed about next steps. Perhaps even more stunning was the absence of the headquarters-based National Joint Terrorism Task Force, which was created in 2002 explicitly to be the “hub” ensuring coordination across JTTFs, especially in cases involving other agencies like the Pentagon.126 The National Joint Terrorism Task Force was left so far in the dark that it never heard of the Hasan case or the dispute between the JTTFs before the Fort Hood attack.127 As the Senate Report concluded, the weak roles played by the Counterterrorism Division and the National Joint Terrorism Task Force produced serious consequences: “Had either or both of the Counterterrorism Division and the National JTTF been informed of the dispute, they could have made their own assessment of whether the Washington JTTF’s inquiry was sufficient, forced elevated discussion between the two

120. Webster Report, 50, 52. 121. Ibid., 52. 122. Ibid., 46–61. 123. Ibid., 54. 124. Ibid., 83. 125. Ibid., 77–78. 126. The term hub was used by the FBI to describe the NJTTF. U.S. Department of Justice Office of the Inspector General, “The Department of Justice’s Terrorism Task Forces,” Report Number I-2005-007, 21, citing FBI, Joint Terrorism Task Force to Congress, October 2003, 7. 127. Senate Report, 59.

66

2. THE FORT HOOD TERRORIST ATTACK

JTTFs to resolve the matter, shared information directly with DOD, or even have sought to impose their own solution on the JTTFs.”128 Note the word sought. Even today, it remains unclear whether the National Joint Terrorism Task Force has the authority to compel action by local JTTFs.129 As in the Defense Department breakdowns, these coordination lapses were not fundamentally about individual failures, but organizational weaknesses. Here, the key issue was the FBI's highly decentralized structure, which for decades had concentrated power in the bureau’s fifty-six field offices across the United States. Before 9/11, this decentralized system made some sense, enabling each field office to work cases and respond to the particular demands of its region. After 9/11, when the imperative became putting information together instead of keeping it apart, this system made less sense. Many of Director Mueller’s post-9/11 reforms have aimed at loosening the field office grip and strengthening headquarters. Yet the facts of the Fort Hood case reveal that these efforts were not so successful. In some ways, the 9/11 reforms reinforced the FBI's centrifugal tendencies: After 9/11, the number of joint terrorism task forces skyrocketed, from 35 to 106.130 This growth spawned even more localization: It was not unusual for local field offices to develop ad hoc, informal training for their JTTF members beyond the FBI mandatory minimum, and for different JTTFs to use analysts in different ways (a point that I discuss more fully below).131 Meanwhile, reforms at headquarters proved so difficult that after 9/11 the Counterterrorism Division burned through eight different leaders in ten years. In 2011, two years after Hasan’s Fort Hood attack, FBI counterterrorism personnel still had no clear understanding of the role of the National Joint Terrorism Task Force.132 “Go ask people on JTTFs in the field,” said one FBI official. “They’ll tell you that even they don’t know what the National Joint Terrorism Task Force is supposed to be doing.” The official joked, “I think they get the coffee.”133 in centi ves a nd cu ltu re: ch a si n g lead s , mi ssi n g threats The FBI’s organizational troubles were not just about structure. For nearly a century, the bureau’s incentives and culture were also geared toward chasing cases and winning convictions. This case orientation was

128. Ibid. 129. Interview with congressional staffer, November 10, 2011; interview with FBI official, November 9, 2011. 130. “Protecting America from Terrorist Attacks: Our Joint Terrorism Task Forces,” www. fbi.gov/about-us/investigate/terrorism/terrorism_jttfs. 131. Interview with two FBI officials, November 4 and November 9, 2011. 132. Ibid. 133. Interview, November 9, 2011.

67

AMY B. ZEGART

useful for much of the FBI’s history, but directly conflicted with the bureau’s post-9/11 intelligence mission, which called for preventing terrorist attacks by looking across cases and gathering intelligence for its own sake.134 The mandate for change after 9/11 was clear: The new FBI would have to be intelligence driven, not case driven, and it would have to rely on analysts, not just special agents, to get the job done. Despite substantial reform efforts, the FBI’s case orientation and agent primacy remained stubbornly resistant to change.135 Throughout the 2000s, intelligence was considered a tool for investigating cases, not an end goal in itself. Analysts were relegated to support staff alongside janitors and secretaries, and shut out of the senior ranks, holding only 5 percent of senior FBI positions in 2010.136 Just months before Fort Hood, an article in the FBI Agents Association newsletter issued a clarion call for turning back the clock, complaining that 9/11 reforms were hindering the FBI’s traditional criminal work. The article declared that “knock[ing] on the door” remained the heart of an investigation and urged that the case agent be restored “to his and her central role.”137 The persistence of the FBI’s old case orientation and agent primacy led both JTTFs in the Fort Hood case to pick up the right intelligence signals but draw the wrong conclusions. When Hasan began e-mailing Anwar alAwlaqi on December 17, 2008, the San Diego JTTF quickly found out about it.138 Singling out this communication among the millions intercepted each day was a major intelligence achievement and a marked improvement over the FBI’s pre-9/11 performance. But this collection success was followed by a failure to assess the context and implications of the information. The FBI proved to be its own worst enemy: According to one government official, in the 2007–2008 timeframe, several counterterrorism analysts at FBI headquarters independently requested that they be allowed to devote more time to analyze the strategic terrorist threat in Yemen, including al-Awlaqi. All of the analysts’ requests were rebuffed because their supervisors believed it would take too much time away from supporting cases.139 This left the FBI

134. Testimony of Thomas H. Kean and Lee H. Hamilton before the Senate Select Committee on Intelligence, October 23, 2007. 135. For more, see Zegart, Spying Blind; Senate Report, 61–63. 136. Senate Report, 63, citing FBI Intelligence Analysts Association, Intel Shift Needs to Happen, February 26, 2010. 137. “Central Role of the Case Agent,” FBI Agents Association Newsletter, Winter/Spring 2009. 138. Carrie Johnson, “FBI to Probe Panels That Reviewed E-mails from Alleged Fort Hood Gunman,” Washington Post, December 9, 2009. The New York Times reports that e-mails between Hasan and al-Awlaqi numbered “a dozen or so.” Scott Shane and David Johnston, “Questions, Not Alarms, Met Exchanges with Cleric,” New York Times, November 12, 2009. 139. The requests were not rejected outright, but analysts were told that they would first have to finish their existing leads before conducting the strategic analysis they felt

68

2. THE FORT HOOD TERRORIST ATTACK

with a weak analytic baseline for understanding the threat and judging how new information should be viewed. Nevertheless, al-Awlaqi was well-known to U.S. government and international terrorism officials.140 Years before Fort Hood, his sermons and other materials were considered instrumental in radicalizing terrorists in nearly a dozen plots in the United States, Canada, and the United Kingdom.141 As former CIA officer and terrorism expert Bruce Riedel put it, “E-mailing a known al-Qaeda sympathizer should have set off alarm bells . . . even if he was exchanging recipes.”142 In fact, alarm bells did go off. The JTTF process sprang into action soon after Hasan’s first e-mails were intercepted. But because of the FBI’s case orientation and agent primacy, it was the wrong kind of action. Instead of searching for intelligence about Hasan’s connection to al-Awlaqi and what that relationship might suggest about radicalization generally or Hasan’s emerging danger specifically, the JTTFs searched for evidence that Hasan was actively engaged in terrorist activities.143 The FBI was not collecting intelligence; it was hunting a suspected criminal. The bureau got the right answer but asked the wrong question. At that precise moment, Hasan was not engaged in terrorist activities. However, he was heading down a dangerous radicalization path—a path that the FBI missed because it stopped looking too soon. As soon as the Washington JTTF concluded that no active terrorist activities could be found, the investigation ended, even though Hasan’s e-mails to al-Awlaqi continued for months and demonstrated growing radicalization.144 No FBI unit ever reviewed the entire set of e-mails before the Fort Hood attack.145 Despite tripling the number of analysts since 9/11 and launching a number of initiatives to make analysts equal partners

was important. And because analysts were always getting more leads, strategic projects kept going to the bottom of the pile. Interviews, November 9 and November 30, 2011. 140. Frances Fragos Townsend, testimony before the Senate Homeland Security and Governmental Affairs Committee hearing, 111th Congress, 1st session, November 19, 2009; Juan Carlos Zarate, testimony before the Senate Homeland Security and Governmental Affairs Committee, 111th Congress, 1st session, November 19, 2009. 141. Scott Shane, “Born in U.S., A Radical Cleric Inspires Terror,” New York Times, November 19, 2009. For more details about al-Awlaqi’s role in specific plots, see also Mitchell D. Silber, Written Testimony Submitted to the Senate Homeland Security and Governmental Affairs Committee, “The Fort Hood Attack: A Preliminary Assessment,” 111th Congress, 1st session, November 19, 2009, 54; Senate Report, 20–21. 142. Quoted in Brooks Egerton, “Imam’s Emails to Fort Hood Suspect Hasan Tame Compared to Online Rhetoric,” Dallas Morning News, November 29, 2009. 143. Senate Report, 36. 144. E-mails from Hasan to al-Awlaqi intensified in the months before the Fort Hood attack and began to discuss surreptitious financial transfers and other steps that could translate Hasan’s thoughts into action. For the contents of these e-mails, see Webster Report, 47–58, 60–61. 145. Senate Report, 38–39, 64–65.

69

AMY B. ZEGART

with special agents inside the FBI, analysts were left on the sidelines of this inquiry. No analysts outside of the San Diego JTTF were ever consulted to put the pieces together or put them into context. No evidence suggests that the Washington JTTF ever queried analysts anywhere, despite the fact that analysts were routinely embedded in JTTFs, concentrated in special field intelligence groups in every field office, and working on counterterrorism issues at the FBI’s Counterterrorism Division in the same city.146 Indeed, analysts were considered so peripheral to investigations that the FBI’s e-mail system did not automatically send “leads” about cases like Hasan to them. Instead, leads went from special agents to special agents; adding an analyst to a distribution list had to be done manually.147 Chasing the case led the FBI to miss the threat. The FBI’s old case orientation and agent primacy also led directly to coordination problems with the Defense Department. JTTFs were designed to ensure that different agencies shared perspectives and information about the nation’s most dangerous threats. But as noted above, the FBI sought the wrong DOD people for the job. Rather than requesting individuals with counterterrorism and counterintelligence experience or perspectives that the bureau lacked, the FBI wanted “1811s,” sworn federal law enforcement officers who could bang on doors and go into the field just like FBI special agents. As a result, most DOD detailees to JTTFs, including the two in the Hasan case, came from the inspector general’s office and with no significant terrorism expertise. By filling JTTFs with extra hands instead of different skills and perspectives, the FBI sabotaged the effectiveness of JTTFs from the start. One former government official explained the seriousness of the failure in the following terms: “The whole point of information sharing is that no one agency has the perspective needed to determine what any particular piece of information means. Intelligence agencies—and even analysts within them—look at information differently. Your perspective changes how you view information. That’s why information sharing is so important. Ten years after 9/11 we are still having this conversation? You just gasp.”148 At the same time, the FBI’s case orientation and agent primacy made it likely that JTTFs would bring information in, not push information out. JTTFs were FBI creatures, established by the FBI to serve the FBI. For the bureau, the goal was to get more investigatory personnel, not to ensure that information was shared with other U.S. government agencies. Adding bodies to help special agents do their day jobs is how JTTFs added value. This

146. Senate Report. 147. Interview with former FBI official September 28, 2011; interview with FBI official, January 17, 2011. 148. Interview, November 14, 2011.

70

2. THE FORT HOOD TERRORIST ATTACK

orientation ensured that information sharing would be given short shrift. The FBI never instructed detailees that they should regard themselves as the first point of response to their home agencies.149 In fact, the FBI did not instruct detailees on much at all. A 2005 Justice Department Inspector General report faulted the FBI for its poor training of JTTF members,150 and 2009 training materials found little improvement.151 JTTFs were run by FBI agents whose approval was required for sending any information outside the JTTF to other agencies.152 After the Fort Hood attack, the FBI claimed that it assumed DOD detailees served as information-sharing nodes to the Defense Department. Before Fort Hood, nobody asked because it did not matter much. The Army and FBI came tantalizingly close to success. This insider attack occurred less because individuals screwed up than because both organizations were poorly adapted to prevent it. Even after 9/11 and a rising number of homegrown jihadi terrorist attacks, the Defense Department continued to view force protection as guarding against external threats, not internal ones. Faced with substantial manpower shortages, Pentagon officials responded to incentives and promoted Hasan even while his performance was subpar and his public expressions of extremism grew. Red flags emerged within Hasan’s units but were never put on paper because the performance evaluation systems were not designed to collect them. Rather than concentrating warning signals, the personal file and OER systems scattered them, giving Hasan a critical advantage. The Defense Department’s JTTF member who investigated Hasan saw nothing amiss because he was trained to ferret out waste, fraud, and abuse, not look for signs of radicalization or counterintelligence risk. Perverse organizational incentives led the Defense Department to place him on an FBI JTTF because of his expendability, not his expertise. In sum, the Pentagon’s force protection, discipline, promotion, and counterterrorism investigatory systems all missed this insider threat because they were designed for other purposes in earlier times and because deep-seated organizational incentives and cultures made it all but impossible for officials to change what they normally did. At the FBI, 9/11 triggered reforms and some improvements, but old structures, priorities, processes, and cultures endured. Because the bureau’s decentralized structure proved stubbornly resistant to change, what should

149. Senate Report, 72. 150. Department of Justice, Office of the Inspector General, The Department of Justice’s Terrorism Task Forces, No. I-2005-007 (2005). 151. Senate Report, 72, citing Federal Bureau of Investigation, Joint Terrorism Task Force: Task Force Officer Orientation: A Reference Guide for New JTTF Task Force Officers (2009). 152. Senate Report, 71.

71

AMY B. ZEGART

have been a coordinated national effort to assess the implications of Hasan’s communications with a well-known foreign terrorist boiled down to one four-hour inquiry by one Defense Department detailee at one office. Two different FBI JTTFs did not share information with each other, headquarters, or the Defense Department. In addition, nobody asked what the intelligence implications of Hasan’s communications were because the FBI’s case fixation left intelligence collection and analysis undervalued. When the Hasan case was closed, the thinking stopped, even though his e-mails continued. With field office coordination snafus, analytic failures to see broader implications of the case, and information sharing weaknesses across government agencies, the FBI’s Hasan investigation fell short in all of the old ways. Learning lessons from failure is never easy. People and organizations often remember what they should forget and forget what they should remember. The Fort Hood case suggests that learning lessons is also hindered by a levels-of-analysis problem. Policy makers often attribute failure to individual leaders or policies when the root causes lie deeper within organizations—in the structures, policies, processes, and cultures that make them tick. The growing literature on organizations and disaster offers an important corrective to the popular discourse. From NASA to nuclear weapons, surprise attacks, and counterterrorism, organization theory research finds that the organizational roots of disaster are less noticed and more important than most people realize. Much work remains to be done. Although organization theorists agree on the importance of organizations, they do not agree on much else. More theory building and empirical testing about the connection between organizations and disaster are in order. This chapter seeks to take a step forward by applying an organizational lens to the worst terrorist attack on U.S. soil since 9/11, but the field is ripe for future study. Indeed, two factors suggest that organizational failures in U.S. national security are even more likely in the future. First, policy making is becoming more complicated, with a proliferating array of crosscutting threats from rising states, declining states, failed states, rogue states, and nonstate actors armed with everything from missiles to malware. During the Cold War, nuclear annihilation focused priorities and clarified tasks. That is no longer the case. “What would Moscow think?” has given way to “We need a special coordinator for that.” In an age of increasing threat complexity, government leaders and agencies cannot just think deeply and go it alone. Today’s demands require greater collaboration within agencies, across them, and between the government and nongovernmental sectors. In short, organizations matter more. The second reason stems from the first: When organizations matter more, the tendency is to create more organizations, even though doing so makes coordination and adaptation more difficult. When the CIA was

72

2. THE FORT HOOD TERRORIST ATTACK

first established, there were just four major federal intelligence agencies. Today, there are 17, and more than 200 military and intelligence units that have been created or reorganized since 9/11.153 In 1947 George Kennan’s Policy Planning staff became the first State Department unit to think broadly about crosscutting issues and report directly to the secretary.154 Sixty years later, Policy Planning exists alongside twenty-one special envoys, representatives, and advisors, all operating outside of the regular bureaucracy.155 In national security agencies, special bureaucratic arrangements are the new normal. The geometry of these new arrangements is not promising. Agencies must adapt both to a growing array of issues and an escalating number of bureaucratic partners and rivals. The Fort Hood case suggests that even in the best of circumstances, coordinating within and among organizations is difficult and adaptation is perilous. Hasan’s terrorist attack succeeded in large part because the Pentagon did not know it needed to change and the FBI knew but could not change fast enough. These are not isolated deficiencies. The more that any organization has to assume new tasks, work across traditional divides in different ways, or deal with new players, the more likely it is that something somewhere will go awry. Paradoxically, new organizational arrangements are likely to become both more essential to U.S. national security success and more prone to catastrophic failure.

153. Dana Priest and William M. Arkin, “Top Secret America: A Hidden World, Growing Beyond Control,” Washington Post, July 19, 2010. 154. Henry A. Kissinger, “Bureaucracy and Policy Making: The Effect of Insiders and Outsiders on the Policy Process,” in Bureaucracy, Politics, and Strategy, Security Studies Paper 17, ed. Henry A. Kissinger and Bernard Brodie (Los Angeles: University of California Los Angeles, 1968). 155. U.S. Department of State, http://www.state.gov/s.

73

chapter 3

Lessons from the Anthrax Letters Jessica Stern and Ronald Schouten

Starting a week after the September 11, 2001, terrorist attacks on the World Trade Center and the Pentagon, letters containing anthrax spores were mailed to the offices of NBC News, the New York Post, and the publisher of the National Enquirer. Soon, additional contaminated letters were sent to Senate Majority Leader Tom Daschle and Senator Patrick Leahy, among others. By the end of October, four people had died of anthrax; a fifth died in November. Anthrax-contaminated letters infected at least seventeen other people.1 Along with anthrax spores, the envelopes included handwritten letters dated September 11, 2001, that said: “Death to America,” “Death to Israel,” and “Allah is Great.” One letter included the words “we have this anthrax.” Contradictory official statements, some of them unfounded, about the difficulty of producing the small and uniform particles of anthrax in the envelopes, and about possible chemical alteration of the material, gave rise to claims that the material must have come from a state-sponsored offensive bioweapons program. Fingers pointed at al-Qaida and Iraq. A statement in one letter added to the mystery: the warning to “take penacilin [sic] now” suggested that the perpetrator might have wanted to minimize deaths.2

The authors wish to thank two extraordinarily able research assistants, Sarah Schulte and Abigail Dusseldorp. They also thank David Franz, Victoria Sutton, and Derrin Culp, who provided many excellent suggestions for improvement, as well as Matthew Bunn and Scott D. Sagan and the participants in the conference that they organized. 1. An additional thirty-one persons tested positive for exposure. U.S. Department of Justice (DOJ), Amerithrax Investigative Summary (Washington, DC: U.S. DOJ, 2010), 2; "Update: Investigation of Bioterrorism-Related Anthrax," Centers for Disease Control and Prevention (CDC), Morbidity and Mortality Weekly Report (Connecticut: CDC, 2001). The victims included postal workers and others who had come into contact with the letters. See also David Stout, "House Will Shut Down until Tuesday for Anthrax Screening," New York Times, October 17, 2001; "Anthrax-Free Senate Building Reopens," BBC News, January 23, 2002. 2. Jeanne Guillemin, American Anthrax: Fear, Crime, and the Investigation of the Nation's Deadliest Bioterror Attack (New York: Times Books/Henry Holt, 2011), 56, 79.

74

3. LESSONS FROM THE ANTHRAX LETTERS

Analysis soon excluded all but a short list of laboratories as the source of the anthrax in the letters and the cause of illnesses in the victims. Only two of the remaining laboratories were outside North America. Years later, after the largest investigation in its history, the Department of Justice (DOJ) identified the perpetrator as an insider: microbiologist Dr. Bruce Ivins, a civilian anthrax researcher for the U.S. Army Medical Research Institute of Infectious Disease (USAMRIID).3 Ivins committed suicide in July 2008, just days before he was to be indicted. As a result, he was never tried in a court of law, and some remain skeptical that he could have been the perpetrator of the attacks or that he could have acted alone.4 While viewed at the laboratory as able and likable, if eccentric, Ivins in fact had a long and troubling history of mental illness, substance abuse, obsession with a sorority and its members, homicidal thoughts, and criminal acts (including theft, vandalism, trespass, and breaking and entering). For the purposes of this chapter, whether he was the perpetrator of the attack is not important; the key issue is whether he should have had the access he did to lethal agents. Whether or not he was guilty of the crime, knowing what is known now, few would claim that Ivins was an appropriate person to be working in a secure Department of Defense (DOD) laboratory with potential agents of mass destruction, much less to participate, as he did, in the investigation of the anthrax attacks themselves. How did Bruce Ivins come to have such access? The answer lies in a complicated mix of evolving regulations, organizational culture, red flags ignored, and happenstance. The 2001 anthrax mailings, and the factors that put Ivins in a position where he could perpetrate them, show how insider threats can arise even within a highly regulated system that includes multiple security and safety measures. The first part of this chapter discusses the investigation into the anthrax letter attacks. The second part provides a portrait of Ivins and his troubling behavior and mental state. The third part discusses the combination of regulatory changes, red flags missed by Ivins's colleagues, and the organizational and cognitive biases that contributed to the failure to identify Ivins as a potential insider until long after the letters had been sent. The fourth part assesses whether new regulations put in place after the attacks would have kept Ivins from being in a position where he could do harm. The fifth part discusses the current environment, including increases in the number of laboratories working on dangerous biological agents and how current

3. “Justice Department and FBI Announce Formal Conclusion of Investigation into 2001 Anthrax Attacks,” news release, U.S. Department of Justice, February 19, 2010, www.justice. gov/opa/pr/2010/February/10-nsd-166.html. 4. Lara Lakes Jordan, “Leahy: Anthrax Suspect Did Not Act Alone,” Associated Press, October 19, 2008.

75

JESSICA STERN AND RONALD SCHOUTEN

safety and security failures could result in a similar insider disaster in the future, with a focus on how better awareness of organizational and cognitive biases might make such events more predictable and thus more preventable. We end the chapter with our conclusions about the continuing risk of such future “surprises” and our recommendations for minimizing them.

The Investigation The public became aware of the anthrax mailings in early October 2001 after the first death, that of Robert Stevens, a photo editor at the headquarters of the National Enquirer, in Boca Raton, Florida. A multiagency team was soon formed to investigate the anthrax mailings, in what was officially listed as FBI Major Case 184, more commonly referred to as the Amerithrax case. It eventually included investigators and scientists from the FBI, the U.S. Postal Service, the National Institutes of Health, the Centers for Disease Control, the National Science Foundation, and the Department of Homeland Security, as well as individuals from other government agencies, academia, and industry.5 The anthrax used in the attacks was quickly identified as the Ames strain, which had first been isolated from a Texas cow in 1981. Under 1997 regulations that required approval of the transfer of agents such as anthrax,6 it was known that the Ames strain had been shared with only fifteen laboratories in the United States and one each in Canada, the United Kingdom, and Sweden.7 Wherever the letters had come from, investigators concluded that the anthrax spores in them had almost certainly originated with the Ames strain that was held at USAMRIID, the Department of Defense’s own laboratory and site of its anthrax vaccine program, in Frederick, Maryland. By November 9, 2001, the FBI was seeking a perpetrator who was “a loner living in the United States who has substantial laboratory and scientific skills. He has no ties to organized terrorists, but sought to use the September 11 attacks as a cover for the mailings,” according to the profile on its website.8 A number of scientists were investigated as possible perpetrators,

5. Paul Keim, Bruce Budowle, and Jacques Ravel, "Microbial Forensic Investigation of the Anthrax-Letter Attacks," in Microbial Forensics, ed. Bruce Budowle et al. (Burlington, MA: Academic Press, 2010), 15–28. 6. "Additional Requirements for Facilities Transferring or Receiving Select Agents." In 42 CFR Part 72, Department of Health and Human Services, 1997. 7. National Research Council, Review of the Scientific Approaches Used during the FBI's Investigation of the 2001 Anthrax Letters (Washington, DC: National Academies Press, 2011), 18; David Willman, The Mirage Man: Bruce Ivins, the Anthrax Attacks, and America's Rush to War (New York: Bantam, 2011), 149. 8. Guillemin, American Anthrax, 120.

76

3. LESSONS FROM THE ANTHRAX LETTERS

a list that narrowed down as the investigation progressed. Early focus was on a particular microbiologist, American bioweapons expert Steven Hatfill.9 Only after years of scrutiny would Hatfill be cleared, after the FBI’s attention turned to another insider.10 The long focus on Hatfill as the most likely perpetrator brings up an important issue in such cases—the risk of false positives. The investigation led to the birth of an entirely new field: microbial forensics.11 New laboratory techniques identified four specific mutations or “morphs” that were particular to the Ames strain found in the letters. Considerable work in laboratories across the United States traced these to one particular flask of Ames strain anthrax, RMR-1029, which was under Ivins’s control. As investigators’ suspicions increasingly turned to Ivins, he was interviewed multiple times and put under periodic surveillance. His home and office were searched, and he was questioned about inconsistencies in the anthrax samples he had submitted to the investigation. His e-mail was examined, as were records of his late-night hours in the lab around the time that the letters were sent. Together with review (after his death) of his medical records, and interviews with the therapists who had treated him, this body of evidence led the Department of Justice to conclude that it was Ivins, acting alone, who was the perpetrator.12 Shortly before he was to be indicted, and after he had just been released from an inpatient psychiatric facility, he took a medication overdose that resulted in his death on July 29, 2008. Because Ivins was never tried in court, because the field of microbial forensics was new, because there was skepticism about the FBI investigation (especially after the Hatfill diversion), and because of general suspicion of the government, there were doubts about the validity of the DOJ’s conclusion. In response, the Department of Justice funded an independent analysis of the science behind the conclusion, which was conducted by a committee of the National Research Council (NRC) of the National Academy of Sciences. The report of the NRC analysis, published in 2011,13 concluded that there were distinctive genetic similarities between the spores found in the

9. David Freed, "The Wrong Man." Atlantic, April 13, 2010. 10. In 2008 Hatfill settled a lawsuit against the United States for $5.8 million: Matt Apuzzo, "Anthrax Doctor's Suit with Justice Department Settled," Huffington Post, June 27, 2008. Hatfill also filed defamation cases against multiple news outlets: James Bandler, “New York Times Sued for Its Anthrax Series,” Wall Street Journal, July 15, 2004. 11. Keim, Budowle, and Ravel, "Microbial Forensic Investigation of the Anthrax-Letter Attacks." 12. U.S. Department of Justice (DOJ), "Justice Department and FBI Announce Formal Conclusion of Investigation into 2001 Anthrax Attacks," news release, February 19, 2010, www.justice.gov/opa/pr/2010/February/10-nsd-166.html. 13. National Research Council, Review of the Scientific Approaches Used during the FBI's Investigation.

77

JESSICA STERN AND RONALD SCHOUTEN

anthrax letters and those contained in a flask that had been in the possession of Ivins, representative samples of which he had not turned over to investigators when initially requested. The committee’s opinion was that the microbial forensics findings were consistent with the conclusion that the original source of the material was Ivins’s laboratory at USAMRIID, but were not dispositive. The report concluded that other explanations for the similarities had not been completely explored and suggested that more work needed to be done.14 Other evidence linking Ivins to the anthrax letters was reviewed by the Expert Behavioral Analysis Panel (EBAP) at the request of the chief judge of the U.S. District Court for the District of Columbia. The panel reviewed Ivins’s previously sealed medical records, as well as e-mail communications and other information contained in the Amerithrax investigative file. (One of the coauthors, Schouten, was a member of that panel.) This chapter draws in part on a redacted version of the panel’s 2011 report.15

Portrait of an Insider Bruce Ivins was a deeply troubled individual. At work, he was seen as a dedicated scientist and a harmless eccentric. But disturbing obsessions and criminal thoughts marked much of his life. He lived a double life, as suggested by the title of David Willman’s book about him, Mirage Man: “Oneon-one, he was the smiling, devout colleague who exuded sympathy. Behind people’s backs, he was prone to bizarre, secretive acts of vengeance for the most obscure of slights.”16 Ivins suffered a traumatic childhood that included an abusive mother and a mocking father, an experience that likely shaped his worldview. In college, he was turned down for a date by a member of Kappa Kappa Gamma sorority (KKG). This triggered a lifelong obsession with KKG. As a postdoctoral student at the University of North Carolina, he became obsessed with a graduate student who had been a KKG sister. She also pushed him away. To strike back, he carried out a number of acts, including stealing her irreplaceable research notebook and breaking her car window. He broke into the sorority house and stole items related to the sorority’s rituals. Years later, by coincidence, this woman moved into his

14. National Research Council, "Science Alone Does Not Establish Source of Anthrax Used in 2001 Mailings," news release, February 15, 2011, www8.nationalacademies.org/ onpinews/newsitem.aspx?RecordID=13098. 15. Gregory Saathoff et al., The Amerithrax Case: Report of the Expert Behavioral Analysis Panel (Vienna, VA: Research Strategies Network, 2011), https://researchstrategiesnetwork. files.wordpress.com/2014/06/ebap-report-redacted.pdf (hereafter "EBAP Report"). 16. Willman, Mirage Man, 23.

78

3. LESSONS FROM THE ANTHRAX LETTERS

neighborhood in suburban Maryland. He attempted to renew the acquaintance, again met with resistance, and then engaged in a variety of acts of harassment and vandalism directed at her. Throughout his life, he continued to be obsessed with the sorority, sometimes driving hundreds of miles at night to check out and break into sorority houses, although never when anyone was present.17 When he moved to Washington, DC, in 1978, Ivins began treatment with a psychiatrist, Dr. Naomi Heller. He continued that treatment until 1980: “It was to Heller that Dr. Ivins had confided his burglary [of a sorority house] and his frightening thoughts,” including plans to kill with poison the sorority sister with whom he had become obsessed in the 1970s.18 Heller was so disturbed by what Ivins told her that she later told investigators she would never have recommended him for a security clearance or for access to dangerous pathogens. Further, she said that as soon as she heard about the anthrax attacks, she thought that Ivins could possibly be the culprit.19 After a two-year stint with the Uniformed Services University of the Health Sciences, Ivins’s twenty-eight-year career at USAMRIID began in 1980. There, he became an authority on anthrax vaccines. For both positions, he was granted security clearances. Unfortunately, when he began his duties at USAMRIID, he stopped mental health treatment for two decades. In the 1980s, Ivins developed obsessive relationships with two female technicians who worked for him. As discussed below, he confided many of his concerns over his mental health to them and engaged in a variety of questionable behaviors toward them, some of which are also described below. When the second of these technicians left to attend medical school in 1999, Ivins became distraught. He experienced a recurrence of a number of physical and psychological symptoms, and he again sought mental health treatment in January 2000. Dr. Heller had retired, and she referred him to a colleague.20 Like Heller, this second doctor later told investigators that he would never have recommended Ivins for a security clearance or access to pathogens.21 After several sessions, for insurance and convenience reasons this psychiatrist referred Ivins to another psychiatrist. Ivins obtained treatment from this third doctor, and from other therapists in the same practice, until 2008. The first therapist who worked with Ivins in this third doctor’s group was so alarmed by his apparent potential for violence that she sought advice about her responsibility to warn potential victims, tried to contact

17. EBAP Report, 49–61. 18. Willman, Mirage Man, 30. “He had thought through various plans to kill [her], including with poison.” 19. EBAP Report, 56. 20. Ibid., 79. 21. Ibid., 71.

79

JESSICA STERN AND RONALD SCHOUTEN

the police, and quit her job when the doctor supervising her largely dismissed her concerns. Remarkably, that doctor never bothered to read her notes on Ivins (or the notes of the previous doctors who had treated him), later telling FBI agents that it was his practice not to read notes if they were “too long.” When investigators asked him to read the notes in 2009, he said that had he read them at the time, it would have changed his view of Ivins’s potential for violence.22 None of this was known at USAMRIID. And at the same time that he was frightening his therapists, Ivins was making a range of positive contributions to his community.23 He played keyboards at Catholic church services, served as a lay pastor, juggled at children’s birthday parties, and wrote amusing poems and songs to perform for colleagues. When his coworkers noticed his excessive drinking or strange behavior, they simply chalked these behaviors up to “Bruce being Bruce.”24 Nevertheless, there were a series of episodes that, had they been reported, might have led to actions that would have prevented the mailings and their consequences. First, although no one at the lab knew what Ivins had told his therapists, he did not keep his mental distress to himself. He discussed his emotional difficulties with colleagues, especially the two female technicians. E-mail messages and FBI interviews revealed that these discussions increased in the months leading up to the anthrax attacks. The following are some examples: • In a June 2000 e-mail, Ivins said that the antidepressant prescribed for him was not working. “What is REALLY scary is the paranoia. . . . Ominously, a lot of the feelings of isolation—and desolation—that I went through before college are returning.”25 Neither technician appears to have informed anyone at USAMRIID about his deteriorating mental health, although they communicated frequently with each other about him and his actions. • In a July 2000 e-mail to the second technician, he acknowledged that he was hiding empty liquor bottles from his wife and worried about his paranoia. He said he did not want to see “Paranoid Man Works With Deadly Anthrax” as a headline in the National Enquirer.26 • In early 2001, Ivins wrote to one of his technician confidantes about his emotional difficulties, telling her that “I wish I could control the thoughts in my mind. It’s hard enough sometimes controlling my disorder. When I’m being eaten alive inside, I always try to put on a good front at work and at

22. Ibid., 72–75. 23. Ibid., 33ff. 24. Ibid., 71. 25. Amy Goldstein, Anne Hull, and Julie Tate, “Acquaintances and Counselor Recall the Scientist’s Dark Side,” Washington Post, August 7, 2008. 26. EPAP Report, 72. As noted earlier, the National Enquirer was ultimately among the targets of the anthrax letters.

80

3. LESSONS FROM THE ANTHRAX LETTERS

home, so I don’t spread the pestilence. . . . I get incredibly paranoid, delusional thoughts at this, and there’s nothing I can do until they go away, either by themselves or with drugs.”27 • In March of 2001, Ivins again wrote to one of the technicians: “I’m down to a point where there are some things that are eating away that I feel I can’t tell ANYONE. You are probably the easiest for me to talk to, but it is difficult for me to ask that you not tell anyone else what I say. That is a lot to ask for, and you may feel that you need to share it with others. (Obviously if someone says that he or she is about to commit a crime, you should share it with the right people.) Confidentiality is too much to ask of you, so perhaps I should just take the Celexa [antidepressant medication] and let whatever happens take its course.”28 • In the fall of 2001, shortly after news of the first anthrax death and the letter to Senator Daschle, one colleague described him as “a manic basket case.” Later that fall, he sent a poem to colleagues about being two different people, with one not knowing what the other was doing.29 No one appears to have expressed concerns about his mental state to Ivins’ supervisors. • In July 2008, a witness at USAMRIID contacted the FBI, reporting that “Dr. Ivins was acting in a threatening manner . . . implying that he would take revenge against coworkers who were ‘diming’ him out. The witness said she was concerned that Dr. Ivins was talking to himself as if ‘to a ghost,’ and would ‘go postal.’ She reported that she had felt threatened by Dr. Ivins, and asked her supervisor at USAMRIID for advice.” The supervisor’s response was to tell her to “hide in the hot suites,” as Ivins’s access to the biocontainment labs had been suspended because of a violation of laboratory procedures and he was expected to retire soon.30

Second, Ivins, with his history of becoming obsessed with women and being sensitive to rejection, frequently violated the usual boundaries of workplace relationships, especially in his interactions with the two technicians. For example, when one of them was preparing to leave the lab to further her studies, he persuaded both technicians to visit a pornographic bookstore as a birthday surprise for the departing woman. He first blindfolded her, then brought her to shelves containing sex toys, while the other technician filmed the episode. The departing technician said on that tape that she believed that Ivins had a “criminal mind.”31 Perhaps joking, she may have been revealing what she genuinely thought of her boss. After she left, Ivins made two separate round-trips to her parents’ home, each totaling more than six hundred miles. The first trip was to find the house. On his second trip, he

27. Ibid., 73. 28. Ibid., 77. 29. Willman, Mirage Man, 103; EBAP Report, 84. 30. EBAP Report, 96. Two days later, as described later in this chapter, Ivins unleashed a homicidal rant at a group therapy session, causing him to be involuntarily committed as a danger to others. 31. EBAP Report, 67.

81

JESSICA STERN AND RONALD SCHOUTEN

left a bottle of her favorite liqueur on the porch.32 She appears not to have discussed the incidents or her concerns with her former superiors. The technicians did discuss his behavior between themselves, as Ivins learned when he hacked into their e-mail, using a stolen password, to monitor what they were saying about him.33 The resulting sense of betrayal led him to plan to murder one of them with poison, a plan he did not complete, but reported to his therapist.34 When they discovered that he had been reading their e-mail, Ivins told them that USAMRIID had an e-mail surveillance program that detected any messages containing negative comments about a supervisor, and automatically forwarded them to that supervisor. Third, in the periods immediately prior to the letter attacks in September and October, Ivins spent a great deal of time in the biocontainment labs (the “hot suite”) at night and on weekends. The hours he spent there were quite unusual for lab personnel, and particularly for him.35 His time in the hot suite was logged, but it appears that no one checked the records until much later.36 Apart from these red flags, the evidence for disqualifying Ivins from access to biological select agents and toxins (BSAT)—those microorganisms and poisons of biological origin that the federal government has listed as especially dangerous—clearly existed and was available, had his medical records been reviewed. His three psychiatrists and other therapists, both prior to and after the 2001 attacks, documented multiple activities and characteristics that should have disqualified him from his position, including substance abuse, criminal activity, homicidal ideation, and plans that involved the acquisition of poisons, bomb components, and guns.37 The reasons that the records were not reviewed, and the information was not discovered, reflect gaps in security and safety procedures, as well as organizational and cognitive biases we discuss below. Ivins’s motivations for the anthrax attacks will never be known for certain, but were likely complex. He may not have intended to kill anyone with the anthrax letters, rather hoping to create enough of a scare to boost national attention to, and funding for, work to defend against possible anthrax attacks, to which he had devoted his career. Public concern about anthrax was declining, and his program was threatened by cutbacks. The safety of the anthrax vaccine he had helped develop had been questioned, with some in Congress calling for DOD to stop using it. (The senators who

32. Ibid., 84. 33. Ibid., 67; Willman, Mirage Man, 278. 34. Willman, Mirage Man, 65. That therapist described him as “creepy, scary, spooky.” 35. "Remarks Prepared for Delivery by U.S Attorney Jeffrey Taylor at Amerithrax Investigation Press Conference," speech, Department of Justice, August 6, 2008. 36. Willman, Mirage Man, 32. 37. EBAP Report, 174; Willman, Mirage Man, 353.

82

3. LESSONS FROM THE ANTHRAX LETTERS

received anthrax letters were among those who had questioned the vaccine’s safety.) He would have benefited in a variety of ways from renewed public attention to anthrax, and it would have given a boost to his professional status as his career drew to a close. He may, in fact, have believed he was doing the nation a service by reviving attention to a dangerous threat.38 After the investigation began, Ivins apparently sought to deflect attention away from himself. When he was asked to provide samples from the flask of Ames anthrax in his possession in February 2002, he deliberately disregarded instructions for how to prepare the samples from RMR-1029, resulting in their rejection.39 When he was asked to resubmit his samples, he mislabeled and “deliberately altered” them, likely taking them from sources other than RMR-1029 or from a single colony.40 Later advances in biological forensics offered a motive for Ivins to mishandle the samples: He may have been deflecting attention from the flask of anthrax he had used to prepare the mailed spores by minimizing the risk that distinct mutations associated with the anthrax letters would be included in the sample he submitted.41 After the FBI demanded that Ivins surrender the entire flask, it became clear not only that the flask contained these mutations but also that Ivins’s repeated failure to provide appropriate samples from it may have been intended to stymie the investigation.42 As the investigation continued, Ivins attempted to divert suspicion onto others. He repeated a rumor that Iraq had tried to obtain a sample of the Ames strain from the British government. He said he was afraid that the letters might be a test run for a more lethal attack, perhaps involving smallpox.43 Although early on, he protested that no one at USAMRIID could make anthrax spores of the quality found in the letters, during later formal interviews with the FBI he attempted to cast suspicion on seven former and current colleagues (including his two favored technicians), claiming that they had the capacity to have committed the attacks.44 In 2005 investigators were zeroing in on USAMRIID, and obtained a warrant to search Ivins’s computer (finding, among other things, that records of his e-mail in the crucial months leading up to the attacks were missing). Ivins became increasingly distraught and told USAMRIID officials that he was uncomfortable being in the hot suite. After USAMRIID sought and received a letter from his therapist recommending that he be temporarily restricted

38. EBAP Report, 122–125. 39. Ibid., 35–36. 40. Ibid., 35–36, 37. 41. Federal subpoena: Preparing and Shipping TSA Alants for B. Anthracis Ames, 2002; EBAP Report, 35. 42. EBAP Report, 38–39. 43. Ibid., 35; FBI Amerithrax case #279A-WF-222936-BEI, January 23, 2002. 44. Willman, Mirage Man, 388, note 8; EBAP Report, 33.

83

JESSICA STERN AND RONALD SCHOUTEN

from the hot suite, he was barred from access to dangerous pathogens—but only until July, when he was again granted access. As it became clear that investigators were focusing on Ivins, his distress increased, as evidenced by his heavy drinking and overuse of prescription medications. (We do not mean to imply that his emotional reaction to being investigated, in and of itself, suggests guilt.) By November 2007, investigators obtained a warrant and searched his home, finding three handguns, a Taser, two stun guns, and homemade targets.45 Late in the winter of 2007– 2008, his drinking and use of medications had become severe enough that it provoked repeated falling, leaving visible bruises and on one occasion leading him to spill a live vaccine strain of anthrax on himself in the lab— an event he blamed on colleagues. That spill finally got him barred from the lab and the anthrax it contained.46 Finally, as indictment neared, he exploded. At a group therapy session in July 2008, Ivins bragged that he was procuring another gun (the FBI had confiscated the weapons discovered in the initial search of his home) and threatened to kill others and then be killed by police, saying he would go out in a “blaze of glory.” His therapists had him involuntarily committed to a psychiatric hospital as a danger to himself and others—quite possibly preventing a mass shooting. He committed suicide days after his release from the hospital.

Why Red Flags Were Missed: Inadequate Screening and Organizational and Cognitive Biases So why was Bruce Ivins ever granted the clearances he needed to handle dangerous pathogens such as anthrax? Why was no action taken to remove his access to these pathogens until it was far too late? A complete organizational analysis has not yet been done, but we believe that at least two factors share large parts of the blame: inadequate rules for granting and maintaining clearances at the time—which meant that a great deal of critical information never made it to Ivins’s employers—and cognitive and organizational biases that led people in the organization to dismiss the possibility that Ivins might pose an insider threat. ina deq uate sc reen i n g a n d mo n i to ri ng o f e m p l oy e e s Dr. Ivins received his first Army security clearance, granting him access to classified material at the Secret level, on September 25, 1978. He underwent another review and received an additional clearance on December 29,

45. EBAP Report, 85–87. 46. Ibid., 91.

84

3. LESSONS FROM THE ANTHRAX LETTERS

1980, again at the Secret level; this was associated with his joining USAMRIID.47 Throughout his tenure at USAMRIID, he underwent periodic reinvestigations and obtained additional clearances. The Army security clearance process that applied in 1978 and 1980 was governed by AR 604-5 (“Personnel Security Clearance: Department of the Army Personnel Security Program Regulation”). The regulation specified that no one should be granted an interim clearance to start work if his or her medical record or other sources indicated that he or she suffered from “any mental or nervous disorder, or emotional instability,” unless a competent medical authority certified that the problem had been overcome or would not impair judgment. Hence, Ivins would likely have been denied a clearance had investigators managed to get full information about him. The regulation called for a review of medical records if available.48 However, there is no indication that anyone reviewed his medical records before granting the 1978 and the 1980 clearances. This appears to have been the result of the wording of the self-report form, rather than deception by Ivins or failure on the part of reviewers. Prior to 1981, Department of Defense Form 398 (DOD 398), "Statement of Personal History," contained no questions about mental health history. And when a question about mental health was added that year, it asked if the applicant had been treated as an inpatient, which, at that point, Ivins had not. What about the background investigation associated with getting a clearance? The level of scrutiny AR 604-5 would have applied to Ivins when he was hired into his USUHS and USAMRIID positions would have depended upon how the positions were classified—which public documents do not reveal. Civilian employees hired into “noncritical sensitive” positions that required a Secret-level clearance were subject only to a National Agency Check and Inquiry (NACI). This consisted of a criminal records and fingerprint check, and written inquiries to “law enforcement agencies, former employers and supervisors, references, and schools.”49 Although by 1980 Ivins had already admitted criminal activities to his therapists, he had not been arrested or charged, let alone convicted, and a NACI would have uncovered nothing. Inquiries to former employers, supervisors, references, and schools would likely have elicited opinions similar to those of colleagues later in his career: hardworking, bright, and a bit eccentric. Had Ivins’s initial position been considered a “critical sensitive” one, the NACI would have been combined with a background investigation, which would have included a “personnel security investigation consisting of both records reviews and interviews” covering the last five years of his life.

47. Ibid., 170. 48. Ibid., 171–173. 49. U.S. Army, "AR-604 Personnel Security Clearance," in AR 604-5, 1962: Section 1-311.

85

JESSICA STERN AND RONALD SCHOUTEN

Appendix B, Paragraph 2 (o) of AR 604-5 provides for review of medical records under specific circumstances, including where the employee has indicated that he has a “history of nervous or mental disorders.” Ivins had not so indicated. In short, at the time Dr. Ivins was first cleared to handle dangerous pathogens, the clearance process offered little chance of detecting someone suffering serious mental illness if that person did not want that fact to be detected. Once Ivins had joined USAMRIID, he had the status of a cleared, and presumably trusted, insider, with the clearance process having given him its stamp of approval as trustworthy. The bar he had to jump over to reach that status was not high, and he cleared it without difficulty. But Ivins still had to go through reinvestigations. From 1988 on, these were required at least every five years. Moreover, he had to fill out forms on his medical history and give authorization for checks of his medical records, which he did many times. These processes also failed to detect a problem, despite a number of indicators that should have been followed up. Ivins did self-report mental health issues on personnel security and medical history forms over the years. But his descriptions of the issues from one form to the next were strikingly inconsistent and glossed over their seriousness. On one form, he said he had been treated for “job-related stress,” while on another he said he had been treated for “passive-aggressive behavior.” His description of the times and places of treatment varied—and he never mentioned the fact that he had been prescribed antipsychotic medication. On one form in 1987, Ivins put question marks next to items on whether he had ever suffered from memory change, trouble with decisions, hallucinations, improbable beliefs, or anxiety. No one followed up on any of the indicators of mental illness or inconsistencies in these forms. No one spoke to the physicians who had been treating him or reviewed his medical records. If, over the course of Ivins’s career at USAMRIID, background investigators had spoken to the series of therapists and clinicians who treated him, most of them would have recommended against his clearances and access to BSAT had they known the nature of his work.50 One, interviewed later, said he would have described Ivins as having had “sociopathic intentions,”

50. “Many of the civilian mental health professionals who treated Dr. Ivins prior to 2001 (Dr. #1, Dr. #2 and Therapist #1) did not know that he had a security clearance and would have advised against it had they been consulted. However, even after recommending involuntary hospitalization for Dr. Ivins because of his suicidality and homicidality, the psychiatrist who treated Dr. Ivins from 2000–2008 continued to take the position that Dr. Ivins should have full access to agents such as anthrax.” EBAP Report, 17. See also EBAP Report, 56.

86

3. LESSONS FROM THE ANTHRAX LETTERS

being “homicidal,” and being one of the “scariest” patients he had ever treated.51 However, the doctor who treated Ivins in 2000–2008 had a markedly different view. In 2003, as part of heightened security measures following the anthrax letters, a background investigator finally interviewed this psychiatrist. The psychiatrist stated that the condition for which Ivins sought treatment “did not and does not affect . . . reliability and judgment.”52 The investigator reported dutifully that Ivins “does not have a condition” that would raise an issue. Years later, the same psychiatrist revealed to investigators that, from the time he began treating Ivins in May 2000, he had prescribed a variety of psychotropic medications, including antipsychotic medication. In addition, the psychiatrist or clinicians employed by his clinic had documented a range of serious psychiatric symptoms. As noted earlier, one therapist in his practice resigned after the psychiatrist ignored her concerns about Ivins’s apparent dangerousness. However, none of this appears to have been considered by the psychiatrist in the assessment that Ivins should be allowed to work in a secure setting. Remarkably, that psychiatrist, who had prescribed the antipsychotic medication for him and provided the letter justifying barring him temporarily from the hot suite in 2005, told investigators in the very last week of Ivins’s life—after he had been involuntarily hospitalized for threatening mass murder—that he would still recommend him for access to dangerous pathogens. As noted earlier, that doctor had never read the notes of other doctors’ sessions with Ivins, or the notes from the therapist in his own practice who had quit when he refused to take any action about her concerns about Ivins.53 He changed his view only after investigators asked him to read those notes while they waited. c o gn iti ve a nd o rga n i zati o na l bi a ses Clearly, the processes for clearing and monitoring personnel failed in the Ivins case. At the same time, Ivins’s colleagues ignored an astonishing number of red flags, both before the attacks and during the investigation.54 We believe that a series of cognitive and organizational biases allowed Ivins's colleagues to ignore the signs of his dark side and focus on the fact that he had passed through the clearance and reinvestigation processes, his positive contributions to his community, and his familiarity, lulling them into maintaining an unduly favorable view of him as merely a harmless eccentric. The biases that allowed an ultimately violent insider to remain at a

51. 52. 53. 54.

Willman, Mirage Man, 66. EBAP Report, 191, quoting the investigator’s report. Ibid., 103. Ibid., 33ff.

87

JESSICA STERN AND RONALD SCHOUTEN

biological research facility, where he had essentially unimpeded access to a potential weapon of mass destruction, include many that Matthew Bunn and Scott Sagan identify as “worst practices.”55 We argue that the letter attacks are an example of what Max H. Bazerman and Michael D. Watkins classify as a “predictable surprise”: an event that catches people unaware despite the availability of information that would enable them to anticipate the incident.56 Predictable surprises occur because leaders at all levels fail, for cognitive, organizational, or political reasons, to understand and act on the information at their disposal.57 As Bazerman and Watkins note, a number of cognitive and organizational biases are important factors in predictable surprises.58 People tend to have positive illusions, convincing themselves that problems either do not exist or are smaller than they really are. People also suffer from conservatism bias, the tendency to adjust beliefs insufficiently when presented with new evidence.59 Although leaders often know that their organizations are vulnerable, they fail to take action to reduce risks in part because the costs of mitigation are both significant and known, while the benefits are uncertain. A common tendency to discount the future leads individuals and organizations to focus more on the near-term costs of reducing the threat, rather than the more significant cost of cleaning up the mess should the “surprise” come to pass in the future. Special interest groups often prefer the status quo, and they may actively block reforms that they perceive would be costly to themselves. In this case, researchers may constitute the special interest group aiming to stop new regulations. Organizational and cognitive biases seem to have prevented Dr. Ivins’s colleagues, subordinates, and superiors from taking action in response to what they witnessed in his behavior, both before and after the anthrax letter mailings. Ivins was secretive and duplicitous, but many warning signs were nonetheless observable and observed. This is an example of what Diane Vaughan has called the "normalization of deviance." People inside USAMRIID became so accustomed to Ivins’s deviant behavior that they no longer saw it as deviant, even though, for people outside the organization (especially with hindsight), it is apparent that his behavior posed a risk to safety and security.60 People seemed to have assumed that the clearance

55. See chapter 6 of this book. 56. Max H. Bazerman and Michael D. Watkins, Predictable Surprises: The Disasters You Should Have Seen Coming, and How to Prevent Them (Cambridge: Harvard Business School Press, 2004), 1. 57. Ibid., 9–10. 58. Bazerman and Watkins, Predictable Surprises. 59. Sheridan Titman, "Discussion of ‘Underreaction to Self-Selected News Events,'" Review of Financial Studies 15, no. 2 (2002): 527–531. 60. Diane Vaughan, The Challenger Launch Decision: Risk Technology, Culture, and Deviance at NASA (Chicago: University of Chicago Press, 1996).

88

3. LESSONS FROM THE ANTHRAX LETTERS

process was enough to screen out those who would pose a danger to the organization and the public. The EBAP Panel concluded that familiarity was a central part of what led so many red flags to be ignored. After decades at USAMRIID, Dr. Ivins and his eccentricities were a familiar part of the environment there, seen as part of how things were, not as a threat. This could in part be a product of ingroup favoritism, where preferential treatment is given to members of a person’s own group. This preferential treatment is part of the tendency of organizations to display what Matthew Bunn and Scott Sagan call the NIMO (Not in My Organization) bias, an assumption that the organization is immune to insider threats—which is also an example of organizational hubris.61 There is strong evidence that USAMRIID personnel fell prey to this bias. “Dr. Ivins was never evaluated by USAMRIID for mental fitness,” an Army official wrote to David Willman in response to a Freedom of Information Act request.62 Willman reports that Army physicians treated information about employees’ use of psychotropic medications as confidential and did not inform others in the chain of command.63 Once Ivins was hired and cleared, management seems to have assumed that the initial background checks were sufficient to protect the organization from malicious or mentally ill insiders.64 Scientists in the small circle working with deadly pathogens may also be affected by the “affective heuristic,” which leads them to see people, events, or activities that have one positive quality as having other positive qualities as well, and hence as not threatening. Thus, scientists who work with these organisms view both the organisms and their fellow scientists as low risk, and therefore see little justification for additional burdens on their scientific work. Others, looking at the problem from the outside, see a low-probability but high-consequence potential risk; to them, the resistance of the scientific community to scrutiny and oversight is simply short-sighted obstinacy. As we have shown, Ivins’s superiors did not have access to his medical records at the time he was hired, and they did not pursue access to the records even after he signed authorizations that would have allowed the records to be checked. No one other than his private mental health clinicians knew he was homicidal. Some colleagues were aware, because he told them, of his excessive drinking and paranoia.65 His supervisors and law enforcement

61. Matthew Bunn and Scott Sagan, A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes (Cambridge, MA: American Academy of Arts and Sciences, 2014), 3. 62. Willman, Mirage Man, 68. 63. Ibid., 376, note 22. 64. EBAP Report, 96–97. 65. Ibid., 155; Goldstein, Hull, and Tate, “Acquaintances and Counselor Recall the Scientist’s Dark Side.”

89

JESSICA STERN AND RONALD SCHOUTEN

were not informed of the criminal acts he had committed and admitted to his psychiatrists.66 Some have suggested that coworkers fear retribution if they report negative information about colleagues or supervisors, a problem that would seem to apply to cases of insider threats in facilities of all types. Jarod Gonzalez and Victoria Sutton have pointed out that there are gaps in legal protections for whistle-blowers in scientific laboratories.67 They raise the possibility that concerns about employer retaliation may dissuade lab workers from reporting biosurety concerns. In not reporting what they observed, Ivins’s colleagues may have been motivated by such fears, or by wishful thinking, denial, friendship, or a desire not to harm his career. The potential reasons for the failure of Ivins’s coworkers, subordinates, and supervisors to address his aberrant behavior are the same as they are in any other workplace. They include all the biases we have discussed thus far, as well as simple reluctance to get involved or to take action that might endanger the career of a friend or coworker, denial or minimization of possible problems, and fear of retaliation or punishment. While this case was an extreme event, these biases and organizational issues are pervasive. Like Amy B. Zegart’s analysis of the Fort Hood shooter case in chapter 2, this case raises deep questions about organizations’ ability to respond appropriately to even the most alarming of red flags.

Changes in Security Clearance Regulations after the Anthrax Mailings The 9/11 attacks and the anthrax mailings provoked a massive effort to combat terrorism in general and bioterrorism in particular. U.S. government spending on biological defense went from $137 million in 1997 to $4.1 billion in 2004.68 New regulations and policies were adopted in an effort to improve existing biosafety and biosecurity measures. In 2002—before the investigation had identified Ivins as the likely perpetrator—Congress passed the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (also referred to as the Bioterrorism Act).69 This law has defined much of the U.S. approach to security for dangerous pathogens ever since.

66. Goldstein, Hull, and Tate, “Acquaintances and Counselor Recall the Scientist’s Dark Side.” 67. Jarod Gonzalez and Victoria Sutton, "Whistleblower and Liability Protections for Scientific Laboratory Employees," Journal of Biosecurity, Biosafety and Biodefense Law 3, no. 1 (2012). 68. David Frantz, “The Dual Use Dilemma: Crying out for Leadership,” Saint Louis University Journal of Health Law & Policy 7, no. 1 (2013): 33. 69. "Public Health Security and Bioterrorism Preparedness and Response Act of 2002," PL-188, 107th Congress.

90

3. LESSONS FROM THE ANTHRAX LETTERS

Under the Bioterrorism Act, for the first time all scientists working with agents on the select agent list had to be registered and undergo a background review known as a security risk assessment (SRA). A genuine assessment of the risk an individual posed, considering all the unique circumstances of each individual, would be a sensible approach. But contrary to the name, the SRA is not an assessment of risk but an assessment of whether individuals fall into one of the “restricted person” categories defined in the law; people in these categories are barred from working with BSAT. A restricted person is defined as someone who meets any of the following criteria: • is under indictment for a crime punishable by imprisonment for a term exceeding one year • has been convicted in any court of a crime punishable by imprisonment for a term exceeding one year • is a fugitive from justice • is an unlawful user of any controlled substance • is an alien illegally or unlawfully in the United States • has been adjudicated a “mental defective” or has been committed to any mental institution70 • is an alien (other than an alien lawfully admitted for permanent residence) who is a national of a country which the Secretary of State has determined to have repeatedly provided support for acts of international terrorism (if the determination remains in effect) • has been discharged from the armed forces of the United States under dishonorable conditions

As Ronald Schouten and Gregory Saathoff have noted, the mentally defective/involuntarily committed criterion for revocation or denial of access to BSAT is both too narrow and overly broad.71 It is too narrow in that it does not capture behaviors and psychological problems that pose a significant risk to safety and security where the person has neither been involuntarily committed nor deemed incompetent by a court. Although this rule existed during part of Ivins’s employment at USAMRIID, he did not meet the criteria for revocation of his access to pathogens because, in spite of his extensive behavioral and mental health problems, he had never been involuntarily

70. The term “adjudicated as a mental defective” means that a court or other lawful authority has determined that a person, as a result of marked impaired cognitive ability, mental or other illness, or incompetency, is a danger to himself, herself, or others; or lacks the mental capacity to contract or manage his or her own affairs. The term includes someone found not guilty by reason of insanity or found incompetent to stand trial. See “Meaning of Terms,” 27 Code of Federal Regulations, Part 478.11 (Washington, DC: Government Printing Office, 2014). 71. Ronald Schouten and Gregory Saathoff, "Insider Threats in Bioterrorism Cases," in International Handbook of Threat Assessment, ed. J. Reid Meloy and Jens Hoffmann (New York: Oxford University Press, 2014), 246–259.

91

JESSICA STERN AND RONALD SCHOUTEN

committed (until July 2008, the last month of his life) and had never been “adjudicated a mental defective.” Hence, this regulation could not be relied on to prevent the same thing happening again. At the same time, the restriction is too broad in that talented, reliable scientists who suffer from treatable mental illnesses or certain medical conditions may find that they are excluded from their work because of a temporary exacerbation of their illness that results in a commitment or adjudication that meets the definition. For the subset of people working at DOD laboratories, DOD further expanded its biosurety and biosafety measures with a series of Guidance Messages, ultimately incorporated into Army Regulation 50-1, "Biological Surety," put in place in draft at USAMRIID in 2004 and formally enacted in 2008.72 It established rules for a wide range of activities involving work with biological agents by DOD personnel, both military and civilian. These measures addressed the Biological Personnel Reliability Program (BPRP), criteria for reliability assessments, personnel records screening, medical evaluations, and rescreening requirements, as well as rules for handling and transport of agents and for laboratory mishaps. The BPRP, modeled on the nuclear program, called for security assessments, drug testing, assessment of physical competence, evidence of dependability, and evaluation by a Competent Medical Authority (CMA). The regulation also contained a list of disqualifying factors that included alcohol dependence or abuse, alcohol-related incidents, drug abuse, and “any significant mental or physical condition substantiated by the CMA, or aberrant behavior considered by the certifying official to be prejudicial to reliable performance of BPRP duties.” Had these measures been fully implemented earlier, it is possible but (as we discuss below), not definite that they would have disqualified Ivins from working with anthrax and would thus have kept him from a position in which he could carry out the attacks. However, the success of these measures still depends upon evaluators who are vulnerable to the individual and organizational biases we describe above. In 2011 the National Science Advisory Board for Biosecurity (NSABB, a panel of the Department of Health and Human Services) issued its recommendations for hiring and employment practices for those working with BSAT.73 It recommends personal interviews with references, whenever possible, rather than reliance on written recommendations; confirmation of past work experiences; and confirmation that the applicant has never aroused

72. AR-50-1 was revised in August 2012, along with similar regulations on nuclear and chemical surety. 73. National Science Advisory Board for Biosecurity (NSABB), "Guidance for Enhancing Personnel Reliability and Strengthening the Culture of Responsibility," 2011.

92

3. LESSONS FROM THE ANTHRAX LETTERS

suspicion of workplace misconduct. It recommends achievement- or goalfocused, documented, periodic performance reviews for all laboratory personnel, with permission to share the information with future employers: “Institutions conducting BSAT research . . . [should] implement programs or processes that enable the reporting of concerning behaviors in a respectful and responsible manner.” The panel recommends mandated ethics and education courses for employees, and frequent reiteration of security protocols. Each institution is left to decide whether to consult medical records or interview mental health professionals. In making these recommendations, the NSABB acknowledged concerns that any efforts to scrutinize the physical and behavioral characteristics of BSAT researchers might have a chilling effect on work in the field. Managers of biological research laboratories have reasons to avoid stymieing creativity or damaging the morale of the highly trained people they hire by imposing intrusive surveillance measures. The NSABB suggested that “[t]he effectiveness, potential impact, and unintended consequences of any measures being implemented should be considered in light of the costs and burdens that they impose.”74 Here, again, is scope for discretion that could be misapplied in the absence of awareness of the dangers of organizational biases we describe above. The Select Agent Rule regulations established a requirement for suitability assessments before individuals could work with “Tier 1” BSAT—those agents with the greatest potential for catastrophic misuse.75 In response to those requirements, and consistent with the efforts and recommendations of the NSABB to have each institution develop policies and procedures that fit its needs, the National Biodefense Analysis and Countermeasures Center (NBACC, an agency established by the Department of Homeland Security in Frederick, Maryland) developed its own Personnel Reliability Program (PRP) to supplement the required security risk assessments. Going beyond the procedural requirements of AR 50-1, the NBACC PRP attempts to address issues of workplace culture, individual and group responsibility for safety and security, and occupational health. Rather than relying solely on the dated and ill-fitting definition of restricted person contained in 18 U.S.C. 175b, it looks to more comprehensive evaluations to determine who should be hired or retained in positions involving work with BSAT. Factors to be considered include the following: • mental alertness • mental and emotional stability • trustworthiness

74. Ibid., 5. 75. Centers for Disease Control and Prevention, and Animal and Plant Health Inspection Service, Guidance for Suitability Assessments, Rev. 1 (Atlanta: CDC, 2013).

93

JESSICA STERN AND RONALD SCHOUTEN

• • • • • • • • •

freedom from unstable medical conditions dependability in accepting responsibilities effective performance flexibility in adjusting to changes good social adjustment ability to exercise sound judgment in meeting adverse or emergency situations freedom from drug/alcohol abuse or dependence compliance with requirements positive attitude toward the PRP76

This version of the PRP encourages and supports those enrolled in it to voluntarily restrict themselves in the event of illness or life stresses that could keep them from working safely and securely. The NBACC PRP represents an effort to ensure that those “inside the wire” are worthy of the trust ordinarily conferred by in-group bias on the basis of assumptions and familiarity. Perhaps most importantly, it is an effort driven by institutional leadership, not by outside regulators, to create a culture of safety and security. The EBAP recommendations are consistent with those of the NSABB in calling for more comprehensive evaluations.77 However, the panel goes further in its recommendations. It warns against sole reliance on the opinions of clinicians who have a treatment relationship with applicants seeking clearance and access. This recommendation is based upon accepted practice in forensic mental health, as well as the failure of such reliance in the case of Ivins. The panel recommends that treating clinicians and independent evaluators be given specific information regarding the purpose and significance of the information requested, as well as a waiver of liability from the applicant. It also calls for special training of background investigators and the review of medical records by qualified individuals. Finally, consistent with the NBACC approach, the report emphasizes the essential role of laboratory leadership in the success of any PRPs, as well as the importance of an occupational wellness approach that has employee selfinterest and health, as well as security, as its goals. Had they been in place at the time, AR 50-1, the NSABB guidelines, the NBACC PRP, and the EBAP recommendations could have decreased the risk that an insider such as Bruce Ivins could have perpetrated the anthrax mailings. These steps plug gaps by imposing periodic reassessment and medical review, and establishing meaningful procedures that address important security and safety issues.

76. Jacki J. Higgins et al., "Implementation of a Personnel Reliability Program as a Facilitator of Biosafety and Biosecurity Culture in BSL-3 and BSL-4 Laboratories," Biosecurity and Bioterrorism: Biodefense Strategy, Practice, and Science 11, no. 2 (June 2013): 130–137. 77. EBAP Report, 18–20.

94

3. LESSONS FROM THE ANTHRAX LETTERS

However, they also rely on supervisors, colleagues, and subordinates to be willing to exercise objective judgment with regard to coworkers and to report aberrant behaviors in spite of in-group bias. Despite the level of detail, they are subject to failure unless the individuals working at every level in those facilities believe that these changes are important and are willing to build and join in a culture of safety and security. We note, as well, that hindsight is always 20/20 and that another disaster can occur if we focus on threats of the past without considering how threats may evolve in the future.

Lessons for a New Environment Even after the anthrax letter attacks, high-containment laboratories have exhibited notable security and safety failures, as identified repeatedly by the Government Accountability Office (GAO), among others.78 Audits conducted by the CDC and the USDA in 2006 and 2012 documented safety and security concerns at labs across the country, including transferring dangerous agents to facilities not authorized or equipped to handle such materials, allowing unauthorized access to agents, and failing to provide biosafety/biosecurity training to persons in charge of institutional oversight.79 Moreover, the Centers for Disease Control did not address its own shortcomings.80 The CDC sets the standard for safety and security at highcontainment laboratories throughout the United States. It promulgates the select agent regulations as well as laboratory safety guidelines for both government and private high-containment labs. Astonishingly, investigators identified a series of violations of CDC-promulgated policies and procedures at the CDC’s own laboratories. CDC personnel did not always properly restrict access to select agents or ensure their physical security.

78. Government Accountability Office (GAO), High-Containment Laboratories: Assessment of the Nation’s Need Is Missing, GAO-13-466R, February 25, 2013; GAO, High-Containment Laboratories: National Strategy for Oversight Is Needed, GAO-09-74, September 21, 2009. 79. U.S. House of Representatives, Committee on Energy and Commerce, “Memorandum to Members, Subcommittee on Oversight and Investigations,” July 14, 2014; Written Testimony of Richard H. Ebright, July 16, 2014, to U.S. House of Representatives, Committee on Energy and Commerce, Subcommittee on Oversight and Investigations, “Review of CDC Anthrax Incident,” 10. 80. These were documented by the Inspector General for Health and Human Services (HHS) in reports issued in 2008, 2009, and 2010. See Subcommittee on Oversight and Investigations Staff, Committee on Energy and Commerce, “Memorandum to Members Re: Hearing on ‘Review of CDC Anthrax Lab Incident,’” July 14, 2014; Julie Steenhuysen and Sharon Begley, "Insight: CDC Didn’t Heed Own Lessons from 2004 Anthrax Scare," Reuters, June 29, 2014.

95

JESSICA STERN AND RONALD SCHOUTEN

Every year there have been incidents of unauthorized transfers of restricted materials.81 Accidents have occurred at both government and nongovernment laboratories. In 2004 scientists at the Southern Research Institute in Frederick, Maryland, accidentally sent a batch of live anthrax to a children’s hospital in California, incorrectly believing that they had deactivated the agent.82 In response to this incident, the CDC developed a list of recommended procedures intended to ensure that such an incident would never recur. Nevertheless, in a June 2014 incident, CDC personnel “reprised, nearly exactly” the 2004 episode.83 Technicians used the wrong procedures to deactivate anthrax, employed improper procedures to verify inactivation, and sent it to a laboratory that was not equipped to handle live agents. The June 2014 incident was investigated internally by the CDC as well as by the USDA-APHIS (Animal and Plant Health Inspection Service). Investigators found both safety and security violations. Laboratory personnel often “piggybacked,” following their colleagues through doors without using their own key cards, making it difficult to know who had access to the secure laboratories or who might have been exposed to live anthrax after the incident.84 Refrigerators were not marked to indicate that live anthrax was stored in them. In one case the key to a refrigerator was left in the lock.85 As the CDC was coping with these anthrax incidents, on July 1 researchers in a Food and Drug Administration (FDA) lab on the National Institutes of Health (NIH) campus in Bethesda, Maryland, found vials of potentially live smallpox virus (Variola major) that had been stored unnoticed for years, possibly decades, far from the CDC vault where the nation’s only smallpox was supposed to be.86 A former CDC scientist, Sean G. Kaufman, pointed out that the 2014 anthrax incident reflected a lax organizational culture at the CDC and noted that the agency had developed remarkably few controls regarding “approval, adaptation, review, verification and implementation of [standard operating procedures]” for ensuring safety and security.87 This is a systemic problem, Kaufman testified, not only for the CDC but also for the

81. Subcommittee on Oversight and Investigations, Committee on Energy and Commerce, “Review of CDC Anthrax Lab Incident,” July 16, 2014; Steenhuysen and Begley, "Insight: CDC Didn’t Heed Own Lessons." 82. Steenhuysen and Begley, "Insight: CDC Didn’t Heed Own Lessons.” 83. “Memorandum to Members”; written testimony of Richard H. Ebright, 3. 84. Richard Fausset and Donald G. McNeil Jr., "After Lapses, CDC Admits a Lax Culture at Labs," New York Times, July 13, 2014, 1. 85. “Memorandum to Members.” 86. “CDC Media Statement on Newly Discovered Smallpox Specimens,” July 8, 2014. 87. Written testimony of Sean G. Kaufman, 4.

96

3. LESSONS FROM THE ANTHRAX LETTERS

“majority of research laboratories around the world.”88 When scientists make dangerous mistakes that reflect poor training, this suggests a serious organizational problem; even worse, Kaufman argued, there are no procedures in place to punish willfully noncompliant scientists, which has particular implications for insider threats.89 Other safety and security violations have been documented: Security doors have frequently been left unlocked, and in 2010 an unauthorized, unaccompanied employee gained access to restricted areas in a biosafety level 3 (BSL-3) lab—that is, a lab handling pathogens just below the most deadly level of BSL-4.90 According to Ren Salerno, a biosecurity expert at Sandia National Laboratories, the system tends to focus on equipment, rather than risk assessment, so that the gravest vulnerabilities are often left unaddressed.91 In testimony after the June 2014 incident, the GAO reiterated its earlier finding that many new high-containment labs have been built without detailed national-level assessment of the real need for them, and without uniform national standards for biosafety and biosecurity.92 After the June 2014 anthrax incident, other incidents became public that involved CDC shipments to other laboratories of virulent select agents that should have been inactive or attenuated. In 2006 the CDC sent at least two shipments of DNA from anthrax bacteria that contained viable pathogenic bacteria. Also in 2006 the CDC shipped DNA from Clostridia botulinum—the organism responsible for botulism—that contained viable pathogenic bacteria. In multiple instances between 2001 and 2006 (and possibly until 2009), the CDC shipped viable brucellosis bacteria. In 2014, low-pathogenicity influenza virus shipped by the CDC had been contaminated with highly pathogenic H5N1.93 Such incidents raise both safety concerns, involving the potential for accidental exposure, and security concerns, involving the potential for unauthorized or undocumented access to select agents. “These previously undisclosed CDC-select agent incidents are fundamentally similar to the

88. Ibid., 5. 89. Ibid. 90. Allison Young, "Security Lapses Found at CDC Bioterror Lab in Atlanta," USA Today, June 27, 2012. 91. Fausset and McNeil, "After Lapses, CDC Admits a Lax Security Culture." 92. GAO, “High Containment Laboratories: Recent Incidents of Biosafety Lapses,” written testimony for “Review of CDC Anthrax Lab Incident” hearing, July 16, 2014. 93. "CDC Director Releases After-Action Report on Recent Anthrax Incident; Highlights Steps to Improve Laboratory Quality and Safety," news release, Centers for Disease Control and Prevention, July 11, 2014; "Summary of the Inadvertent Shipment of an Influenza Virus H5n1-Containing Laboratory Specimen," Centers for Disease Control and Prevention, July 14, 2014; Ebright testimony, 6.

97

JESSICA STERN AND RONALD SCHOUTEN

2014 CDC anthrax incident,” argues biosecurity expert Richard Ebright.94 Yet, remarkably, the CDC apparently has not learned from its own earlier mistakes or the mistakes of other non-CDC laboratories, including those that contributed to the anthrax letter attacks. Moreover, since 2001, the number of high-containment laboratories has increased dramatically. There were 412 such labs in 2004; as of 2010 there were an estimated 1,495 registered labs in the United States.95 As the number of labs has increased, so has the number of accidents, and so has the number of potential insiders who, like Ivins, have access to highly dangerous materials. No recent incidents at high-containment laboratories appear to have involved malicious individuals intending to do others harm. No one died as a result of these and other accidents, and no one, other than laboratory personnel, has been infected.96 However, if any of the incidents that led to personnel being infected occurred with an organism transmissible among humans, the results could be far more widespread.97 M. Lipsitch and A. P. Galvani argue that risk evaluations are not keeping pace with research innovations on novel potential pandemic pathogens.98 Many biologists and experts are especially concerned about “gain-of-function research” on highly pathogenic organisms, which involves genetic modification experiments that alter various properties of the organism, such as increasing the transmissibility of influenza viruses in mammals.99 Incidents with such pathogens of the kind that have occurred at CDC facilities could result in many deaths. Even worse would be a deliberate release by a malicious insider. Derrin Culp points out that during discussions about H5N1 research, the risk of terrorists gaining access to biological weapons dominated the conversation, but this is only half of the concern. A far greater risk is “researchers using their own

94. Ebright testimony. 95. Jocelyn Kaiser, "Taking Stock of the Biodefense Boom," Science 333, no. 6047 (2011): 1214. 96. Denise Grady, "Pathogen Mishaps Rise as Regulators Stay Clear," New York Times, July 19, 2014. Eleven scientists became ill between 2004 and 2010 because of laboratory accidents. 97. Maria D. Van Kerkhove et al., "Comment on ‘Seroevidence for H5N1 Influenza Infections in Humans: Meta-analysis,’" Science 336, no. 6088 (2012): 1506. 98. M. Lipsitch and A. P. Galvani, "Ethical Alternatives to Experiments with Novel Potential Pandemic Pathogens." PLOS Medicine 11, no. 5 (2014): 1. 99. Lipsitch and Galvani, "Ethical Alternatives," 2; R. Roos, "Think Tank Sees Big Risks in Flu Gain-of-Function Research," CIDRAP News, September 6, 2013; Arturo Casadevall et al., "Redaction of Sensitive Data in the Publication of Dual Use Research of Concern," MBio 5, no. 1 (2014): 1–13; Sabrina Engel-Glatter, "Dual-Use Research and the H5N1 Bird Flu: Is Restricting Publication the Solution to Biosecurity Issues?" Science and Public Policy 41, no. 3 (2014): 370–383; Kenneth I. Berns et al., "Adaptations of Avian Flu Virus Are a Cause for Concern," Science 335, no. 6069 (2012): 660–661.

98

3. LESSONS FROM THE ANTHRAX LETTERS

findings in malevolent ways.”100 They have both the knowledge and the materials to know how to kill people. David Franz makes the point that combating insider attacks is similar to reducing the risk of the accidental release of Dual Use Research of Concern (DURC) materials. It is not enough to tighten regulations, he says, because such regulations would be unlikely to prevent an act by an “unethical, uncaring, unstable, or criminal mind.”101 In order to address these issues adequately, a vibrant culture of safety and security is needed to reduce opportunities for an insider to conduct an attack.102 The recent security and safety lapses discussed above suggest that a dangerously lax organizational culture is still pervasive. At the time of the anthrax letters, USAMRIID’s approach to security was stuck in the Cold War, when the major threat was the Soviet Union and possible saboteurs, and patriotic group solidarity was presumed to be sufficient to prevent insider threats.103 Cognitive and organizational biases contributed to USAMRIID’s vulnerability to insider threats. Rules were not followed, in part because of a widespread assumption that “our organization” could never be a source of enemies. Disclosures of continuing security and safety violations suggest that similar biases persist today. The anthrax mailings prompted substantial changes in DOD policies and procedures for the handling of biological agents and for increased scrutiny of researchers in private and academic laboratories. A key question to be asked when considering the new and proposed regulations is whether they might have prevented the anthrax mailings. While Dr. Ivins, like other researchers at USAMRIID, had unlimited access to the hot suites in which work with anthrax was done, where he worked alone, security measures were in place. For example, records were kept of who entered the suites and when. However, these records were not monitored on a regular basis, so no one noticed the spike in Ivins’s late-night entries to the suites just prior to each of the mailings until long after the attacks. If a “two-person rule” had been in place at USAMRIID, and it had been followed, it would have been difficult for Ivins to spend hours alone in the hot suites without detection. But even the two-person rule, which has drawn complaints from many scientists, can prevent insider attacks only if

100. Derrin Culp, "Lessons Not Learned: Insider Threats in Pathogen Research," Bulletin of the Atomic Scientists, April 3, 2013. 101. Frantz, "The Dual Use Dilemma," 36. 102. Gregory Koblentz, "From Biodefence to Biosecurity: The Obama Administration's Strategy for Countering Biological Threats," International Affairs 88, no. 1 (2012): 132. 103. Guillemin, American Anthrax, 251.

99

JESSICA STERN AND RONALD SCHOUTEN

personnel adhere to it. Continuing incidents at high-containment labs show that rules do not solve the problem if they are not followed. New regulations have not been easy to implement and have engendered both resistance and resentment. Differences in risk assessment may represent the fundamental problem in the effort to gain support for biosurety measures: The risks are perceived quite differently by those who work with these agents and by those charged with protecting national security. And personnel reliability involves highly intrusive assessments, which managers and staff may resist.104 Some reject the idea that the 2001 anthrax mailings were of domestic origin or that the perpetrator was Ivins, an insider. Others see the events of 2001 as a “black swan,” a rarity that is somehow unlikely to recur. The Ivins case demonstrates that it is not enough to have regulations on the books; people need to follow them. It is not enough to monitor access to hot suites with electronic key cards; someone needs to review the data that the cards generate. Where medical information is requested and available, someone with appropriate knowledge and skill needs to review it. Much of this has to do with leadership.105 Leaders must foster a culture in which individuals feel committed not only to the science but also to security. They need to be made aware of the organizational, cognitive, and political biases that can threaten security at even the most secure-seeming labs. As we have shown, although Bruce Ivins led a double life, many warning signs were nonetheless observable and observed—though not reported or acted upon. USAMRIID personnel ignored red flags, probably because of in-group bias, wishful thinking, and a wish to avoid actions that could harm a fellow insider, friend, and coworker. Ivins had a security clearance, and people seem to have assumed that the clearance process was enough to exclude dangerous people. Even after the spectacular organizational failures that the anthrax letter attacks represent, highcontainment labs—including those that are part of the CDC—are still failing to take action to prevent “predictable surprises” from recurring. Dr. Michael Bell, a nineteen-year CDC veteran who was appointed to a newly created position to oversee safety at the labs, concedes that he sees a “potential for hubris” as work becomes routine and researchers cease to follow protocols.106 Safety and security protocols at many high-containment laboratories around the globe are less stringent than those in the United States.107 The

104. Franz, "The Dual Use Dilemma," 31–42. 105. Ibid., 54–55; U.S. Army Biosurety Program. 106. Fausset and McNeil, "After Lapses, CDC Admits a Lax Security Culture." 107. Alison K. Hottes, Benjamin Rusek, and Fran Sharples, Biosecurity Challenges of the Global Expansion of High-Containment Biological Laboratories (Washington, DC: National Academy Press, 2012).

100

3. LESSONS FROM THE ANTHRAX LETTERS

CDC should represent the highest standard for high-containment laboratories in the United States and in the world. For that reason, an appropriate safety and security culture—both to preclude and to respond to incidents and accidents—is critically important to ensure safety and security not just at CDC facilities, but at all high-containment laboratories. Better incentive structures need to be devised to ensure that scientists in laboratories everywhere report all such incidents. In order to fulfill its leadership role, the CDC needs not only to develop but also to follow policies and procedures that bring about real cultural change in high-containment laboratories. These should include the following: • Provide training both domestically and internationally that assesses previous accidents and incidents, especially from the perspective of cognitive and organizational biases. • Share details about incidents that have occurred in the United States and elsewhere when discussing security measures abroad. • Recognize that because safety and security regulations are often resented, methods must be developed to incentivize following such rules. • Develop standard operating procedures for dealing with security and safety, and also use "red team" exercises to explore how vulnerabilities in the system might be exploited, and how barriers to exploitation could be strengthened. • Incorporate different kinds of insiders into these "red team" games, including not only malicious insiders or those interested in personal financial gain, but also those who aim to draw attention to themselves or to policies they oppose. • Ensure that personnel reliability programs incorporate ongoing assessments of counterintelligence vulnerabilities, including vulnerabilities to self-described whistle-blowers or attention seekers. • Recognize that insiders know better than anyone else how to thwart investigations, and that it is therefore imperative to design exercises to explore the variety of ways that insiders could deliberately deflect attention away from themselves, both before an event and afterward. • Consider how to design incentives for reporting red flags while still maintaining morale. • Ensure that treating clinicians consulted during security-clearance processes understand what is at stake. • Continuously revise not only the list of select agents but also procedures to ensure safety and security as science progresses, particularly in regard to gain-of-function research. • Factor in the trade-offs that could push companies to conduct their research on select agents abroad. • Train background investigators regarding behavioral health issues that may indicate risk to safety and security. • Ensure that investigators who interview treating clinicians and review medical records have the requisite knowledge and skill to make appropriate assessments and are able to explain the nature and risks of working

101

JESSICA STERN AND RONALD SCHOUTEN

with BSAT, as well as the significance of the questions being asked. Moreover, the investigators must be sensitive to the importance of protecting the privacy of those being evaluated.

Remarkably, we find that some of the same organizational failures that came to light as a result of the anthrax letter mailings played a role in the series of biosecurity and safety failures at high-containment labs disclosed in 2014. In other words, the U.S. government has not yet learned from the “worst practices” that led to the anthrax mailings. We expect future “predictable surprises” as a result.

102

chapter 4

Green-on-Blue Violence A First Look at Lessons from the Insider Threat in Afghanistan Austin Long

The rise and fall of the insider threat in Afghanistan presents a case distinct from many of the other insider threats in this book, for it takes place in the context of an ongoing internal war. The dynamics of internal war in Afghanistan are further complicated by the role of outside intervention, most particularly the United States. Yet despite these differences the Afghan insider threat is worth closer examination: It demonstrates the utility of intensive and serious vetting of personnel and further stresses that such an effort can be put in place on a national scale relatively quickly. The overall trajectory of the insider threat in Afghanistan is puzzling. The number of “green-on-blue” attacks, negligible for most of the first decade after the international intervention began in 2001, went up dramatically in 2011. Members of the Afghan National Security Forces (ANSF) attacked personnel from the International Security Assistance Force (ISAF) at least forty-five times from January 2011 to December 2012.1 In January of 2013, ISAF commander General John Allen considered the insider threat “his number one strategic threat,” according to some sources.2 The risk was that insider attacks would undermine the willingness of ISAF’s member nations to continue sending troops. Then, as the insider threat began to pose a real risk to the ISAF mission and to any post-ISAF international presence, the numbers declined almost as precipitously as they had risen. In the first three months of 2013, the U.S. Department of Defense reported only five insider attacks and only four more during the next six months.3 There was a slight increase to six attacks

1. Denis D. Gray and Rahim Faiez, “Afghan Violence Falls, but Insider Attacks up in 2012,” Associated Press, December 30, 2012. Although other reports give slightly different total numbers, all show the same general trajectory. 2. Denver Beaulieu-Hains, “ISAF, NATO Employ Tactics against Inside Threats,” Joint Multinational Training Command press release, January 29, 2013. 3. Department of Defense, Report on Progress toward Security and Stability in Afghanistan (2013), 24.

103

AUSTIN LONG

50 40 30 20 10 0 2008

2009

2010

2011

2012

2013

Figure 4.1. Insider attacks, ANSF on ISAF, by year, 2008–2013

during the last three months of 2013, for a total, according to ISAF, of fifteen attacks for the whole year (see figure 4.1). In the next three months, January to March 2014, there were just two such attacks.4 Thus the insider threat, while still significant, no longer seems to pose a major risk to ISAF or a potential post-ISAF mission. This trajectory of rapid ascent and rapid decline makes the Afghanistan case potentially fruitful for more general examinations of insider threats. The rapid increase in the insider threat demonstrates that, at least under certain conditions, threats can quickly emerge even after years of negligible activity. This suggests that the U.S. Marine Corps aphorism “complacency kills” is highly applicable to potential insider threats. Yet the rapid decline suggests that even significant insider threats might be ameliorated quickly with the right policies under the right conditions. This chapter explores potential lessons from the rise and fall of the insider threat in Afghanistan. It proceeds in two parts; the first focuses on the causes of the rise, looking for any potential warning signs. The second part examines possible reasons for the decline. The chapter concludes with observations on the generalizability of the Afghan experience to other insider threats.

Sources of the Insider Threat: A Framework The causes of many attacks in Afghanistan are hard to discern or untangle, but the general motivations can be divided into two broad categories, insurgent-related motives and personal motives. These may require different approaches for both analysis and amelioration.

4. Ibid., 15.

104

4. GREEN-ON-BLUE VIOLENCE

Insurgent-related motives indicate that the attacker was either an existing insurgent who deliberately infiltrated the ANSF or was a member of the ANSF who subsequently aligned with the insurgency. In this latter category are two distinct types of actor. The first type is a person who became disillusioned and hostile to ISAF after joining the ANSF. The second type is a member of ANSF who was coerced into conducting an attack by the insurgency (for example, by threats against his family). These motives are fundamentally strategic, even though they may involve grave or suicidal risk by the individual. The Taliban has recognized the strategic impact on ISAF caused by high levels of insider attacks. Committed Taliban members who are willing to sacrifice themselves in suicide bombing attacks are no less likely to do so in insider attacks. Similarly, an ANSF member whose family is credibly threatened by insurgents may see self-sacrifice as the only way to protect his family. In contrast, personal motives are seldom strategic. Instead, they involve a violent response to profound dissatisfaction with life in the ANSF. Violence is not the only response to dissatisfaction or the most common one, which makes the choice of violence as a response particularly puzzling. A major role in some such attacks is likely to be played by emotion, especially rage, which can lead to self-destructive action.5 Dissatisfaction is not unique to the ANSF. It is a common feeling among security force personnel, especially those involved in an internal war. There are the common causes of low morale that abound in any war, such as complaints about poor pay, leadership, equipment, training, and discipline.6 In addition, some additional sources of dissatisfaction are much more common in internal war, or even unique to it. For example, where conflict revolves around ideology (rather than ethnic or other identity), the ideology of the opposing side, if it is more appealing than that of the state, can become a major source of dissatisfaction. Where internal war revolves around identity, dissatisfaction can develop along identity dividing lines.7 Local grievances and disputes can amplify dissatisfaction if the government is unable or unwilling to resolve those disputes.8

5. See Roger Petersen, Understanding Ethnic Violence: Fear, Hatred, Resentment in Twentieth Century Eastern Europe (New York: Cambridge University Press, 2002). 6. Hew Strachan, “Training, Morale, and Modern War,” Journal of Contemporary History 41, no. 2 (April 2006). 7. See International Crisis Group, Policing in Afghanistan: Still Searching for a Strategy, 2008; Austin Long and Andrew Radin, “Enlisting Islam for an Effective Afghan Police,” Survival 54, no. 2 (April–May 2012); and Richard Miller, “The Trouble with Brahmins: Class and Ethnic Tensions in Massachusetts' ‘Harvard Regiment,’” New England Quarterly 76, no. 1 (March 2003). 8. John Donnell, Viet Cong Recruitment: Why and How Men Join (Santa Monica, CA: RAND, 1966), gives examples from South Vietnam in the 1960s.

105

AUSTIN LONG

Propaganda can also play a major role in increasing dissatisfaction. As Jacques Ellul notes in his classic study, propaganda uses both personalpsychological and social forces.9 There is thus often ample material for propaganda in internal war, from individual grievances to ideological or ethnic divides. Foreign support is a particularly likely source of dissatisfaction and propaganda: The adversary can play on nationalist sentiment, in addition to ideology or identity, to foment dissatisfaction in the security force. The presence of large numbers of foreign troops adds friction along cultural lines as a source of dissatisfaction.10 In this way nationalism, one of the few sources of cohesion during internal war, can become a negative rather than a positive force. Although dissatisfaction and propaganda are common, the responses to dissatisfaction vary. Albert O. Hirschman’s seminal work on dissatisfaction, Exit, Voice, and Loyalty, describes three possible responses.11 Dissatisfied members of organizations can exit, leaving the organization. They can choose to exercise "voice," expressing their discontent in an attempt to provoke change. Or they can choose loyalty, conforming to the current status of the organization and suppressing their discontent. Dissatisfied members of security forces similarly have three options, parallel to those described by Hirschman. The first is simple exit through desertion or draft dodging. This is a very common response in internal war. In South Vietnam in the 1960s and 1970s, both desertion and draft dodging were common at rates much higher than the U.S. Army experienced in World War II.12 Exit was also a major problem for the military of the Soviet-supported Democratic Republic of Afghanistan in the 1980s.13 The second option that dissatisfied security force members have is to commit violence as a means of exercising voice. Security forces are seldom responsive to exercise of voice, particularly during internal war; individuals may resort to violence as a substitute. This may be expressed as group violence in the form of mutiny or even a coup. In South Vietnam, for example, a series of coups and attempted coups from 1960 to 1965 were accompanied

9. Jacques Ellul, Propaganda: The Formation of Men’s Attitudes (New York: Random House, 1973). 10. See discussion in Donnell, Viet Cong Recruitment, 22–34. 11. Albert O. Hirschman, Exit, Voice, and Loyalty: Responses to Decline in Firms, Organizations, and States (Cambridge, MA: Harvard University Press, 1970). 12. Robert Brigham, ARVN: Life and Death in the South Vietnamese Army (Lawrence, KS: University Press of Kansas, 2006), chapters 1 and 3. 13. Rodric Braithwaite, Afgantsy: The Russians in Afghanistan, 1979–1989 (New York: Oxford University Press, 2011); and Olga Oliker, Building Afghanistan’s Security Forces in Wartime: The Soviet Experience (Santa Monica, CA: RAND, 2011).

106

4. GREEN-ON-BLUE VIOLENCE

by significant violence.14 In addition, South Vietnamese units mutinied at various times.15 In addition to group violence, there are some examples of individual violence. However, death or serious injury is the likely outcome of a single individual committing violence against an armed group of security personnel, so such events are probably rare. They may be underreported. However, a few examples can be found. Barry Goodson noted one such incident in South Vietnam, in a joint unit that combined a squad of U.S. Marines with a platoon of local militia known as popular forces (PFs). He describes a case in which a PF member of the joint formation began shooting at his fellow unit members. He was quickly killed by return fire. No significant investigation of his motivation was conducted.16 A Marine officer who commanded a unit in western Iraq described another example. His Marines were playing cards with their Iraqi counterparts when one of the Iraqis accused a Marine of cheating and then shot him. The Iraqi was immediately killed by return fire; the Marine’s wound was nonfatal. The Iraqi unit commander shrugged off the incident as unfortunate but not premeditated. The Marine commander more or less did as well.17 Dissatisfied security forces can also exercise disloyalty, the inverse of Hirschman’s loyalty, by playing both sides: remaining in the security forces while supporting the enemy. Support may range from providing intelligence to supplying food, weapons, or other equipment. Disloyalty also includes shirking duty, such as allowing the enemy through a checkpoint or intentionally avoiding confrontation with the enemy during patrols. Disloyalty seems common in internal war. In South Vietnam, accommodations between government forces and insurgents, where both sides deliberately avoided each other, were not uncommon. U.S. military personnel thought that South Vietnamese forces often launched such so-called “search and avoid” missions. Many members of the South Vietnamese security forces also provided intelligence to the other side, although it can be difficult to tell whether these were infiltrators or rather formerly loyal members

14. See Thomas Ahern, CIA and the Generals: Covert Support to Military Government in South Vietnam (Washington, DC: Center for the Study of Intelligence, 1998), declassified 2009. 15. For significant examples, see Jack Shulimson, U.S. Marines in Vietnam: An Expanding War, 1966 (Washington, DC: History and Museums Division, Headquarters, U.S. Marine Corps, 1982), 73–92; and U.S. Army Special Forces Participation in the CIDG Program Vietnam, 1957–1970 (Houston: Radix, 1996), 110–115. 16. Barry Goodson, CAP Mot: The Story of a Marine Special Forces Unit in Vietnam, 1968– 1969 (Denton, TX: University of North Texas Press, 1997). 17. Discussion with USMC officer, September 2012.

107

AUSTIN LONG

who had become disillusioned.18 The Soviet experience in Afghanistan was similar.19 Dissatisfied members of security forces, including the ANSF, can choose which option to exercise. Hirschman found that the decision to exercise exit rather than voice was conditioned by the probability of success of voice. If dissatisfied members thought that complaining (voice) was unlikely to produce positive change, then they were more likely to exit the organization. This same pattern is likely true of the choice between exit and violence faced by dissatisfied security personnel. If a coup or a mutiny seems likely to solve the causes of dissatisfaction, then it will look more attractive. If violence will not solve the problem, then the choice of exit will look more attractive. This seems a plausible explanation for the fact that troop mutinies declined and desertion increased in Afghanistan after the intervention of large numbers of Soviet soldiers. Before these soldiers arrived, Soviet advisers were vulnerable, and mutiny with impunity was not impossible. Once Soviet troops were in place, however, mutineers would risk retaliation from overwhelming Soviet force and had little reason to believe mutiny would change things, so desertion became the preferred option. This logic is more tenuous with regards to individual violence. Even if an individual act did lead to change, it would likely be a Pyrrhic victory because the perpetrator could expect a high risk of being killed or seriously injured. However, rage is likely to dominate strategic logic here. An analogy to workplace shootings in the United States suggests itself, for those shootings likewise do not seem motivated by strategic logic but rather by intense emotion. Insurgent propaganda can further inflame rage in security force members. The choice of disloyalty rather than exit or voice is more complex. Disloyalty is clandestine and therefore often less risky than violence. However, some forms of disloyalty, such as providing intelligence or supplies to the enemy, still carry risk of discovery and punishment. Logically, then, disloyalty of this type is likely to indicate commitment to the enemy that has emerged due to ideological or identity-based dissatisfaction, rather than simple grievances about pay and living conditions (except, perhaps, in cases of selling supplies to the enemy). Disloyalty via shirking, such as the “search and avoid” missions, demonstrates the opposite. Rather than ideological commitment to the enemy cause, it seems likely to derive from more commonplace dissatisfaction or from a desire to continue the pay and benefits of security force membership while avoiding the responsibilities and danger.

18. Martin Dockery, Lost in Translation: Vietnam, a Combat Advisor’s Story (New York: Presidio, 2003), chapter 4. 19. See discussion in Braithwaite, Afgantsy.

108

4. GREEN-ON-BLUE VIOLENCE

The Insider Threat in Afghanistan: Causes and Context Dissatisfaction is high within the ANSF. In addition to the common reasons such as issues over pay and leadership, ANSF complaints reflect broader Afghan cleavages, both ethnic and, to a lesser extent, religious. Tajiks, Uzbeks, and Hazara are typically on one side; on the other are Pashtuns, the ethnic group that makes up the vast majority of the Taliban. Tribal or factional fault lines also create grievances. The presence of U.S. and allied forces in Afghanistan for more than a decade adds a nationalist and religious element that is particularly easy for insurgent propaganda to exploit. Instances of each kind of response to dissatisfaction in the framework are readily observed in the ANSF; here the focus is on violence and disloyalty, rather than exit.20 This framework makes it clear that the rise and fall of ANSF insider attacks tell only part of the story of insider threats. For example, disloyalty may have a very different trajectory than violence that is potentially no less important. The framework also helps make sense of the available data on causes of insider attacks. As one news report notes, Of the 79 insider attacks from May 2007 to September 2012, military investigators found that 38 percent were likely to have been triggered by personal motives; 6 percent were suspected cases of enemy infiltration; and 14 percent were attributed to co-option, in which insurgents persuaded a member of the security forces to help carry out an attack. The cause of 38 percent of the cases was unknown or still under investigation.21

Subsequent analysis by the U.S. Department of Defense found that “approximately half of the insider attacks that occurred in 2012 had some degree of insurgent ties.” In contrast, the same report notes that only two of the nine attacks (22 percent) from January to October 2013 had insurgent ties.22 The trajectory based on available data suggests a change in the causes of violence attributable to insurgent opportunism. Prior to 2012, infiltration or coercion/co-option apparently accounted for less than 20 percent of attacks, spiking to about 50 percent in 2012, before dropping back to around 20 percent in the first three quarters of 2013. A plausible interpretation of

20. For some evidence on trends in the “exit” option over time, see data in Department of Defense, Report on Progress toward Security and Stability in Afghanistan, April 2012, 20–21; ibid., December 2012, 56–57; ibid., July 2013, 33–37; ibid., November 2013, 47–48; and ibid., April 2014, 15–16. 21. Ernesto Londono, “Many Insider Attacks in Afghanistan Stem from Personal Motives, Data Suggest,” Washington Post, December 18, 2012. 22. Department of Defense, Report on Progress toward Security and Stability in Afghanistan, November 2013, 24.

109

AUSTIN LONG

the large spike in 2012 is that the insurgency, having observed the effect on ISAF of the relatively small number of successful attacks prior to 2012, chose to emphasize insider attacks. The subsequent decline, also suggestive, is addressed in the next section. Yet even if half of the attacks are linked to insurgent strategic logic, this still leaves half to be explained by personal motives, most likely rage. This is underscored by the fact that, while the majority of insider attacks are carried out by Pashtuns, at least some of the publicly documented attacks have involved non-Pashtuns, who are typically strongly anti-Taliban and are less vulnerable to coercion, as few Taliban are found in non-Pashtun areas.23 For example, a member of the national intelligence service attacked U.S. soldiers in the province of Panjshir in 2011. The individual was from Panjshir, which is almost entirely Tajik and one of the most secure provinces in Afghanistan. This attacker was thus unlikely to have been either an infiltrator or a subject of coercion.24 The frequency of demonstrations of this level of rage, which is both homicidal and, to an extent, suicidal, makes Afghanistan unique at present; dissatisfied individuals in such a context would typically be much more likely to choose exit or disloyalty. Several hypotheses have been proposed to explain the increase in attacks caused by personal motives that lead to this level of rage. One reason that has been proposed is cultural friction between ISAF and ANSF. This friction combines with personal grievances to produce dissatisfaction that leads to violence. While this theory is plausible, cultural friction is a constant, rather than a variable that has increased over the past few years, since neither Afghan nor Western culture has changed much recently. Likewise, personal grievances—such as the anger at alleged cheating at cards in the instance noted above—should be fairly constant (unless ISAF personnel have become more obstreperous over time). Moreover, cultural friction and personal grievance need not automatically lead to rage and nonstrategic violence when exit and disloyalty are available responses. If cultural friction and personal grievance are likely to be constants, something about the context of these factors must have changed, leading to greater rage and violence. One possible context change is the increased number of U.S. forces in Afghanistan beginning in 2010 and the simultaneous increase in the size of the ANSF. This would create more opportunities

23. See Department of Defense, Report on Progress toward Security and Stability in Afghanistan, July 2013, 34. A few Taliban are non-Pashtun, principally Uzbeks. Antonio Giustozzi, The Taliban Beyond the Pashtuns (Waterloo, Canada: Centre for International Governance Innovation, 2010) notes that “even in northern Afghanistan the bulk of the insurgency is still Pashtun” (2). 24. Ahmad Qaim, “Afghan Agent Kills NATO Soldier and Civilian in Panjshir,” Reuters, July 9, 2011.

110

4. GREEN-ON-BLUE VIOLENCE

for friction, leading to more attacks. Under this explanation, however, the number of attacks should have peaked along with U.S. force levels in 2011 and then started dropping as these levels fell by about one third by the end of September 2012. Instead, the number of attacks increased even as troop levels fell in 2012. However, the much lower U.S. force levels may help explain the reduction in attacks in 2013. Another possible explanation emphasizes the focus on attempting to recruit Pashtuns into the ANSF beginning around 2010. This may have added a higher proportion of Pashtuns who were vulnerable to recruitment, coercion, or propaganda. Yet the majority of ANSF are still non-Pashtuns, and the Pashtuns who have joined are mostly not from areas dominated by the Taliban. During the reporting period ending in December 2012, only 13 percent of total recruits were southern Pashtuns, those more vulnerable to coercion and more likely to be infiltrators.25 Thus, this theory can explain at most a small fraction of the increase in insider attacks during 2011. The U.S. Department of Defense does note that the incidence of attacks is “related to ISAF troop densities and the areas of heaviest insurgent activity in the Pashtun-dominated areas of the south and east of the country.”26 Data presented in the Long War Journal supports this contention; it reports that thirty-five of eighty-seven attacks took place in just two of Afghanistan’s thirty-four provinces, Helmand and Kandahar, which are in the southern heartlands of the Taliban, and thirty-two of the remaining fiftytwo attacks took place in provinces in the south and east that are primarily Pashtun.27 This information could support the two hypotheses that focus on recruitment of Pashtuns and the frequency of ISAF-ANSF interactions. Yet in the areas where the insurgency is worst, dissatisfaction of all kinds is also likely to be strongest, if only from the stress of combat. For example, from October 2013 to March 2014, six of the ten most violent districts in Afghanistan were in Helmand and Kandahar. It is thus unsurprising that these provinces also have the most insider attacks.28 So the geographic pattern, while suggestive, is far from conclusive.

25. U.S. Department of Defense, Report on Progress toward Security and Stability in Afghanistan, December 2012, 57–58. 26. Department of Defense, Report on Progress toward Security and Stability in Afghanistan, November 2013, 24. 27. Data from www.longwarjournal.org/archives/2012/08/green-on-blue_attack.php#data. These data are slightly different from those in U.S. Department of Defense reports because of different counting rules, but they follow the same trajectory (e.g., reporting thirteen attacks in 2013, where DOD reports fifteen. 28. Department of Defense, Report on Progress toward Security and Stability in Afghanistan, April 2014, 11. The measurement was by number of "significant activities" (SIGACTs), a U.S. military measurement that includes attacks on civilians or security forces, improvised explosive devices, and the like.

111

AUSTIN LONG

Another change in context is the simple duration of the conflict and, particularly, of the presence of international forces.29 An Afghan member of ANSF who is typically eighteen to twenty-two years old can probably remember little of the time of Taliban rule, nor a time when international forces did not have a large presence in Afghanistan. The Taliban’s ideological and nationalist appeal—being more remote and abstract—is likely to be substantially stronger to this cohort of ANSF than to those who came before them, and it may thus be a source of dissatisfaction in addition to the constants of cultural friction and personal grievance. This combination might lead to rage and violence rather than simple exit or disloyalty. The majority of insider attacks were conducted by personnel between seventeen and twenty-five years old, a finding that lends some support to this “cohort” hypothesis.30 Although personnel of that age make up the majority of most military organizations, the fact that ANSF members did not conduct significant numbers of insider attacks before 2011 suggests that the “cohort” effect may have increased insider attacks. Events in March 2011 and February 2012 involving the burning of the Koran affected levels of cultural friction and contributed to a rise in perceptions that Western forces, particularly those from the United States, are antiIslamic. The first instance of Koran burning, in March 2011, was a deliberate act by a pastor in the United States; the second, by U.S. personnel at Bagram Airbase in Afghanistan in February 2012, was accidental. Both resulted in widespread and lethal rioting in Afghanistan.31 These incidents correspond in time to the increase in rates of individual insider violence. This is particularly true of the February 2012 incident: At least three of the insider attacks appear to have been in direct response to that incident and the subsequent riots. Although the perception of Western anti-Islamism is not entirely new in Afghanistan—there were also riots after a 2005 report of Koran desecration at Guantánamo Bay—the 2011 and 2012 incidents seem to have had more impact.32 The contrast in the responses to the Koran burnings and to the March 2012 massacre of civilians in Kandahar by a U.S. soldier underscores how Islam transcends ethnic, tribal, and other cleavages in Afghanistan. The Koran burnings provoked nationwide rioting, including in the Tajik-dominated

29. On the role of time in counterinsurgency, see Austin Long, “Time,” in Understanding Counterinsurgency Warfare: Origins, Operations, Challenges, ed. Thomas Rid and Thomas A. Keaney (New York: Routledge, 2010). 30. See Department of Defense, Report on Progress toward Security and Stability in Afghanistan, July 2013, 34. 31. Enayat Najafizada and Rod Nordland, “Afghans Avenge Florida Koran Burning, Killing 12,” New York Times, April 1, 2011; and Alissa Rubin, “Afghan Protests over the Burning of Korans at a U.S. Base Escalate,” New York Times, February 22, 2012. 32. See BBC, “Riots over US Koran 'Desecration,'” May 11, 2005. These principally occurred in the city of Jalalabad.

112

4. GREEN-ON-BLUE VIOLENCE

city of Mazar e Sharif, but there were only very limited protests after the Kandahar massacre, and those took place only in Pashtun areas.33 The sacred nature of the Koran transcends all of the major interpretations of Islam in Afghanistan. Shi’a and Sunni, Tajik and Pashtun, all agree on the importance of Islam and the Koran, even if they agree on little else. If ISAF is perceived as anti-Islamic and anti-Koran, then dissatisfaction will emerge in the ANSF even among members who are not pro-Taliban. One source counted just five insider attacks nationwide in the two months before the February 2012 Koran burning but ten such attacks in the two months after the burning.34 The power of Islam may help explain the increasing propensity of dissatisfied members of ANSF to choose individual violence over exit or disloyalty. It may also interact with the demographic factor, in that younger members of ANSF, who have little memory of a time before Western intervention, now increasingly view Western troops as anti-Islamic. This is surely a combustible mixture for rage. The Taliban has long been cognizant of using the power of Islam, and particularly outrage at desecration of the Koran, in propaganda to mobilize Afghans. There is some evidence that individuals have even tried to manufacture “Koran crises” on behalf of the Taliban. As Bill Ardolino reported in the Long War Journal, A recent example occurred in mid-February [2013] at Forward Operating Base Zangabad, a US facility in a still kinetic [violent] portion of Panjwai district [in Kandahar province]. An Afghan civilian sanitation worker was recorded by surveillance assets as he neatly placed a copy of the Koran in a trash dumpster near the border of the US and Afghan Army portions of the base. The worker then began to loudly proclaim that he had discovered the holy book in the trash, arguing that his American employers had defiled it. . . . This had been the second time an Afghan worker had tried to stage a fake Koran desecration at FOB Zangabad, and attempts by insurgents to stimulate protests against foreign forces remain a threat.35

Fortunately, in this case U.S. forces had surveillance video footage showing the worker planting the Koran, so the incident did not provoke riots or ANSF reactions, but it highlights the potential of Islamic-themed propaganda to inflame tensions and provoke insider threats.

33. “Hundreds Take to Streets to Protest at Killing of 16 Afghan Civilians,” Daily Telegraph, March 13, 2012. 34. Data from www.longwarjournal.org/archives/2012/08/green-on-blue_attack.php#data. 35. Bill Ardolino, “The Anatomy of Green-on-Blue Tensions in Panjwai,” Long War Journal, April 4, 2013.

113

AUSTIN LONG

The Insider Threat in Afghanistan: Hypotheses on Its Decline Just as puzzling as the increase in attacks is their subsequent rapid decline. At present there are two general sets of hypotheses about the decline. The first hypotheses are organized around the countermeasures put in place by ISAF and the ANSF; the second relate the decline to exogenous changes in the context. After the recognition by ISAF in late 2012 that insider attacks posed a strategic risk to the mission, the command formed an insider-threat mitigation working group to manage countermeasures, both proactive and defensive. On the proactive side, the most notable measure was an effort to improve both ISAF and ANSF counterintelligence capabilities.36 ISAF greatly increased the number of counterintelligence teams assigned to support vetting of ANSF recruits. At the same time, the ANSF, and particularly the Afghan National Army (ANA), also committed to addressing vetting issues by adding hundreds of counterintelligence personnel, some of whom were borrowed from the National Directorate of Security (the Afghan intelligence service). By 2013, the vetting process, according to ISAF, had eight steps: “an identification check, two guarantors personal information verification, a criminal check, a verification stamp, drug screening, medical screening and personal data (biometric) screening.”37 The guarantors should be responsible parties (such as tribal elders) who know and vouch for the recruit. The overall intent is to discover links to the insurgency directly, such as through biometrics or criminal records, and indirectly to deter potential infiltrators through the use of guarantors (although it is unclear what, if any, consequences there are for a guarantor whose guaranteed recruit ends up conducting an insider attack). An additional part of the counterintelligence effort included more monitoring of ANSF personnel for changes in attitude, particularly by means of interviews after periods of leave, during which co-option or coercion might have taken place. According to one official who oversaw some of this vetting for ISAF, alarming levels of connections between the insurgency and recruits (even in elite ANSF units) have been discovered by this reinforced effort. While links alone do not indicate infiltration, co-option, or coercion, they underscore the potential; therefore, some have concluded that absent this effort, the problem could have been much worse in 2013.38

36. This account draws heavily on Howard LaFranchi, “Why Insider Attacks Are Down in Afghanistan,” Christian Science Monitor, May 15, 2013; interview with former senior U.S. government official, January 2014; and author observations in Afghanistan in March–April and May–August 2013. 37. “Afghan National Security Forces (ANSF),” NATO Media Backgrounder, June 4, 2013, 2. 38. Conversation with ISAF official, Afghanistan, May 2013.

114

4. GREEN-ON-BLUE VIOLENCE

One challenge in vetting in general is the need to ensure that it is actually taken seriously by those executing it. No matter how good or elaborate a system is in the abstract, it must be carried out diligently by security officers. Afghan security officials had been lax in the past on vetting, so one of the changes put in place was to introduce “false positives” into the system. These were Afghans attempting to join the security forces who deliberately reported information that should trigger concerns during vetting. If these individuals slipped through the system, Afghan counterintelligence could pinpoint which officers had failed in their due diligence.39 This system was not without drawbacks, as it increased the vetting burden without expanding the number of actual recruits into the system. However, the number of such false positives was modest, so as a percentage of recruits to be vetted, the burden was small. In contrast, knowing that each recruit could be deliberately tested by one’s superiors likely induced the desired level of focus in those doing the vetting. This surge in ISAF counterintelligence in 2012 and 2013 led to the detention of 9 ANSF personnel because of their insurgent ties and the removal of an additional 85 from their posts. At least 79 other ANSF personnel were “identified for further exploitation and neutralization,” although the results of that “exploitation” (follow-up on intelligence collection) are not clear.40 The ANSF, during the same period, detained 13 potential insider attackers after intelligence was shared that indicated the individuals were preparing to attack, and dozens of others were dismissed or barred from ISAF facilities by CI [counterintelligence] screening. Additionally, one member was reassigned, one member was cleared through investigation, and there are 36 ongoing Afghan investigations [as of mid-2013].41

Enhanced vetting of new recruits slowed progress towards desired ANSF force levels, but ISAF did not report the number of recruits rejected after vetting.42 According to one source, roughly 10–20 percent of recruits were rejected in the 2011 time period, but this also included those rejected for other than counterintelligence reasons: as too young, insufficiently fit, and the like.43

39. Interview with former senior U.S. government official, January 2014. 40. Department of Defense, Report on Progress toward Security and Stability in Afghanistan, July 2013, 35. 41. Ibid., 36. 42. Ibid., 64. 43. Comment by Jack Kem, former deputy commander of Combined Security Transition Command–Afghanistan/NATO Training Mission–Afghanistan, May 2014.

115

AUSTIN LONG

The data noted earlier—that there have been fewer attacks in 2013 and also that the percentage of attacks linked to insurgent related motives is down—also seem to support arguments pointing to the efficacy of the counterintelligence effort. The monitoring by ANA was not focused just on the insurgency but also on general antiforeigner sentiment, and it may thus have detected and prevented cases arising from personal grievance as well. For this reason, most observers place more emphasis on the ANSF counterintelligence effort than on the ISAF effort, although ISAF enabled biometric, media exploitation, and signals intelligence–based counterintelligence that the ANSF could not have conducted on its own. In addition to counterintelligence, both ISAF and ANSF increased efforts to promote cultural awareness. This was intended to reduce the possibility of rage and violence resulting from cultural friction. ISAF efforts included predeployment training, recommended reading, and even a video game.44 As with counterintelligence, observers emphasized the importance of ANSF efforts, as ISAF efforts had been in place for some time, while before 2012 ANSF had done little to promote Afghan cultural understanding of ISAF. An example of ANSF cultural training came in 2012 as the Afghan Ministry of Defense began issuing a pamphlet titled “Cultural Understanding—A Guide to Understanding Coalition Cultures.” This pamphlet informed Afghan soldiers of Western customs that would be offensive to many Afghans, warning them, for example, “Please do not get offended if you see a NATO member blowing his/her nose in front of you.” The material in this pamphlet was presented to ANA personnel over the course of three one-hour sessions by Afghan instructors.45 In late 2010, ISAF also put a defensive measure in place, the so-called “guardian angel” policy. This policy required that when ISAF and ANSF personnel were interacting, at least one member of ISAF was to remain armed and vigilant against possible insider attacks. The concept was intended both to deter attacks and to ensure effective response in case of attack. Guardian angels are somewhat controversial within ISAF. While some credit them with saving lives by means of deterrence and response, others believe that they damaged rapport with ANSF personnel. Some argued that good rapport was preferable to guardian angels as protection against insider attacks; as one ISAF member observed during a football game with his ANSF counterparts, “this is our protection against green on blue.”46 Both attitudes may be true, with guardian angel policies being more effective against

44. Michelle Tan, “Video Game Offers Cultural-Awareness Training,” Army Times, August 19, 2009. 45. Kevin Sieff and Richard Leiby, “Afghan Troops Get a Lesson in American Cultural Ignorance,” Washington Post, September 28, 2012. 46. Conversation with ISAF officer, Afghanistan, March 2013.

116

4. GREEN-ON-BLUE VIOLENCE

Table 4.1 Insider attack effectiveness Year

Attacks

Deaths

Wounded

Casualties per Attack

Ratio of Deaths to Wounded per Attack

2008 2009 2010 2011 2012 2013

2 5 5 16 44 13

2 12 16 35 61 14

3 11 1 34 81 29

2.5 4.6 3.4 4.3125 3.227273 3.307692

0.666667 1.090909 16 1.029412 0.753086 0.482759

insurgent-motivated attacks and rapport more effective against attacks arising from personal motivations. One method of examining the efficacy of guardian angels is to examine the efficacy of attacks. A decline in the number of killed and wounded per insider attack would support the thesis that guardian angels limited the impact of attacks by engaging the attacker or forcing the attacker to use different and less effective tactics (such as engaging from a greater distance). Data compiled by the Long War Journal from ISAF reports suggests that the efficacy of attacks does seem to have declined since the introduction of guardian angels in 2012.47 Table 4.1 summarizes the number killed per year, number wounded per year, number of attacks per year, average casualties per attack (killed and wounded), and average ratio of killed to wounded per attack. The table data indicate that the effectiveness of attacks peaked in 2011, before the introduction of guardian angels. In 2012 and 2013, the rate of casualties per attack was nearly 25 percent lower than in 2011. Similarly, the casualties produced by attacks shifted from roughly even numbers of killed and wounded per attack in 2011 to roughly half that rate, with two wounded per one killed in 2013. The available evidence on the fate of attackers may also provide insight on guardian angel effectiveness. An increase in the percentage of attackers captured, killed, or wounded by return fire rather than escaping unharmed might indicate effective response by guardian angels. The available data on the fate of attackers by year for the peak years is summarized in table 4.2. After the introduction of guardian angels, attackers seem to have faced much greater odds of being killed or captured during an attack. (This excludes incidents for which the fate of the attacker is unclear and instances in which return fire was not possible, such as a suicide bombing by an insider.)

47. Data from www.longwarjournal.org/archives/2012/08/green-on-blue_attack.php#data.

117

AUSTIN LONG

Table 4.2 Attacker fate (where known) Year

Kill or Capture

Escape

Ratio

2011 2012 2013

7 23 10

6 14 1

1.17 1.64 10.00

While this evidence is not conclusive, it does support ISAF’s argument that guardian angels, along with improved situational awareness training, have mitigated the impact of insider attacks.48 However, it does not indicate much about whether the guardian angels deterred attacks. The decline in overall attack numbers may be attributable to guardian angels or to other factors. In addition to the ISAF countermeasures, other hypotheses focus on the changing context of the war in 2013. A major change was the decline in U.S. and international force levels. This meant that there were fewer opportunities for ISAF and ANSF to interact. It also provided a tangible and visible symbol of the decrease and possible termination of the international presence, which might have decreased nationalist resentment and dissatisfaction. It certainly undercut the insurgent propaganda message that “foreign occupiers” wished to remain indefinitely.49 The troop withdrawal was accompanied by shifts in operating patterns as the ANSF received more responsibility for combat operations. As fewer and fewer ISAF troops were at or near the front line during operations, the interactions that did take place between ISAF and ANSF were typically in less stressful situations. This may have helped reduce the sort of dissatisfaction that leads to rage and violence. However, a new pattern of violence began emerging in 2013, with attacks by ANSF personnel on Western journalists and aid workers. Most remarked upon was an event in April 2014, when an Afghan police officer attacked two Associated Press journalists, killing one.50 These attacks suggest some level of grievance beyond the personal, with motives that were either insurgent linked or tied to a broader perception of Westerners as un-Islamic. They are unlikely to have arisen out of personal grievance: There appears to have been no interactions between the attackers and their targets prior to these events.

48. Department of Defense, Report on Progress toward Security and Stability in Afghanistan, April 2014, 16. 49. This discussion draws heavily on discussion with a U.S. analyst, February 2014. 50. “Canadian-Born Journalist Kathy Gannon Wounded in Attack in Afghanistan,” Associated Press, April 4, 2014.

118

4. GREEN-ON-BLUE VIOLENCE

In the case of the fatal attack on the journalists, although the attacker survived and was interviewed after surrendering, his motives remain murky. Initially, he claimed not to know why he committed the attack. He later claimed it was in revenge for an air strike in his home province of Parwan that had killed civilians (although none of the dead appear to have been related to him). He was noted to be extraordinarily pious and may have been influenced by a cleric who called for holy war against foreigners. He was slightly older than the typical insider attack, with his age given as late twenties. The attacker apparently had at least some premeditation: Normally armed only with a pistol, he had used an assault rifle that he took from a subordinate.51 The attacks on non-ISAF Westerners may also support the hypothesis that lower numbers of ISAF troops have reduced opportunities for potential attackers. Those seeking to attack Westerners must therefore look for other targets. It may also indicate that guardian angel procedures have deterred potential attackers, who then shifted to less protected targets. At present none of these hypotheses are fully supported by available data, but it seems likely there was some interaction of multiple reasons for the decline. Improved counterintelligence seems to have been effective at quelling insurgent-related attacks and perhaps some personally motivated attacks. At the same time, the changing context of the war, particularly the ISAF drawdown, likely also contributed to a reduction in personally motivated attacks. Some conclusions and potential lessons can be drawn from currently available evidence.52 First, the guardian angel policy and improvements in situational awareness training seem to have reduced the impact of insider attacks. The number of attacks decreased, those that did take place produced fewer casualties and fatalities, and attackers were much less likely to escape. Second, the improved joint ISAF-ANSF counterintelligence effort seems to have reduced the number of insurgent-linked attacks and may have had some effect on the overall number of attacks. Improved counterintelligence collection and analysis resulted in more than a hundred potentially threatening insiders being detained, reassigned, or denied access to ISAF facilities. Although there is no way to know how many of them would actually have attacked, the decline in the percentage of attacks with insurgent ties suggests that some such attacks may have been prevented.

51. Amir Shah and Kim Gamel, “Afghan Probe Begins in Attack on AP Journalists,” Associated Press, April 9, 2014. 52. One major recommendation for better analysis is that ISAF should release details of insider threat attacks at the end of the ISAF mission in December 2014. While data that would personally identify attackers and victims could (and probably should) be redacted, along with any information that could reveal intelligence sources and methods, there is no doubt that enough would remain to improve analysis. A single comprehensive database of attacks and after-action investigations would allow for better analysis.

119

AUSTIN LONG

Third, broader social trends and the social context of insider threats are important. The cohort effect seems particularly important, for there may be other examples of similar cohort effects in other insider threats. For example, if a society is experiencing expanding income inequality driven by corruption, a cohort effect might be an increasing willingness to engage in insider activity for money. In Russia, income inequality caused by corruption is, according to some sources, very significant.53 This is distinct from the earlier Soviet period, which had its own venalities but no billionaires. As a cohort of personnel who have only ever known the post-Soviet system comes to dominate the Russian nuclear complex, the economically motivated insider threat may rise. The present concern over older nuclear material leaving Russia, highlighted by a series of arrests in Moldova, may soon be matched by fears about more recent insider activity.54 Observing the social context may help provide early warning of potential problems in time to take proactive corrective action. Abstracting these lessons to the broader question of insider threats to nuclear facilities suggests that an emphasis on preemption of threats and consistent personnel monitoring is likely to have a positive effect. Preemption requires a significant investment in counterintelligence and personnel monitoring, which is likely to be expensive and may raise civil liberties concerns in some countries. In Afghanistan the expense was not large in the context of the overall war, but for nuclear enterprises operating on thinner budgets, cost may limit preemption. Similarly, civil liberties issues for ANSF personnel did not pose much of a burden, but the same is unlikely to be true in Western countries. The equivalent of a guardian angel in the nuclear materials context is probably something akin to the “two-person” rule. But it may be more intensive, in the sense of requiring a “third person” who is part of a securityonly unit and has no other responsibilities. This would be burdensome, both financially and in terms of work flow, so it might be applied only to protect very high-risk nuclear materials. Ultimately, the main lesson of insider attacks in Afghanistan may be that even seemingly overwhelming insider threats can be managed with a combination of proactive and defensive measures on the one hand and changes in the environment on the other. In 2012 the tide of insider attacks threatened to cripple the ISAF mission, yet barely a year later the tide was turned. This indicates that even grave problems in a nuclear materials context may be ameliorated.

53. See www.pbs.org/wgbh/frontline/article/inequality-and-the-putin-economy-insidethe-numbers. This academic conclusion is supported by Russian films such as Leviathan and The Fool (both released in 2014), which show that only fools challenge a corrupt system rather than seeking rewards from it. 54. On the Russian-linked nuclear smuggling in Moldova, see Desmond Butler and Vadim Ghirda, “Nuclear Black Market Seeks IS Extremists,” Associated Press, October 7, 2015.

120

chapter 5

Preventing Insider Theft Lessons from the Casino and Pharmaceutical Industries Matthew Bunn and Kathryn M. Glynn

Insiders pose serious threats to many types of organizations. In the nuclear world in particular, nearly all of the documented thefts of highly enriched uranium (HEU) or separated plutonium—the two materials that could be used to make a nuclear bomb—appear to have been perpetrated by insiders. Therefore, protection against insider threats is an absolutely critical part of keeping the essential ingredients of nuclear bombs out of terrorist and criminal hands. Insiders, with their authorized access to sensitive areas and materials, their knowledge of the nuclear security system and its weaknesses, and their relations with other staff, pose major challenges for security planners. To address this threat, a broad range of insider-protection measures are required in national regulations and recommended in international guidelines for handling weapons-usable nuclear material (and, often, for operations in vital areas of nuclear facilities as well), including checks to ensure that insiders are trustworthy before granting access, using the two-person or three-person rule so that no one is alone with weapons-usable nuclear material, continuous surveillance of material operations, searches of employees entering and leaving key areas, accounting sufficiently accurate to detect either abrupt or protracted thefts, use of uniquely identifiable and difficult-to-defeat tamper-indicating devices, and storage of material The authors would like to thank the pharmaceutical and casino security managers who gave us their time, insights, and access to their facilities; they prefer to remain anonymous. We are grateful to the Global Nuclear Future Initiative of the American Academy of Arts and Sciences, which provided funding for this research. Our thinking was clarified and strengthened by comments from participants in a workshop on insider threats sponsored by the American Academy, held at Stanford University in December 2011. We are also grateful to the Belfer Center for Science and International Affairs at the Harvard Kennedy School, which provided travel support for interviews, and to the Nuclear Threat Initiative, which supported the research that helped us develop the overall framework described here.

121

MATTHEW BUNN AND KATHRYN M. GLYNN

in secure vaults or vault-type rooms when not in use.1 A number of useful sets of recommendations for protecting against insider theft of nuclear material have been developed.2 Nevertheless, insider-threat-protection practices in the nuclear industry and in other national security contexts vary widely and are often focused on simply complying with national-level rules rather than on continuous performance improvement. In this chapter we explore practices for protecting against insider threats in two high-security industries with a profit incentive to achieve excellence in preventing insider theft—casinos and controlled pharmaceutical production—and explore whether the nuclear industry and other high-security operations can adapt practices from these industries.3 To perform our assessment, one of us (Glynn) carried out structured interviews with security managers of several casinos and pharmaceutical facilities producing drugs with high black-market value. The interviews were based on a consistent set of questions, for comparability from one interview to the next, but also flexibly pursued issues as they arose in the discussions. Because of limitations of time and resources, these interviews covered only a limited number of facilities and only facilities located in the United States. All of the interviewees wished to remain anonymous and to keep the facilities whose security they managed unnamed as well. We combined these interviews with a review of relevant literature on casino and pharmaceutical security,4 a review of literature on nuclear industry practices to protect against insiders (such as the material already cited), and extensive discussions with nuclear industry experts on insider protection by one of the authors (Bunn) over a period of several years. Our assessment is that the casino and pharmaceutical industries have developed some valuable approaches that the nuclear industry and other organizations should consider adopting. Many of the practices we consider are already in use for operations with weapons-usable materials in some countries, but they should be considered for broader application. At the same time, the casino

1. International Atomic Energy Agency, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities, INFCIRC/225/Rev.5 (Vienna: IAEA: 2011), www-pub.iaea.org/MTCD/publications/PDF/Pub1481_web.pdf. 2. International Atomic Energy Agency, Preventive and Protective Measures against Insider Threats (Vienna: IAEA, 2008); World Institute for Nuclear Security, Managing Internal Threats: A WINS International Best Practice Guide for Your Organization (Vienna: World Institute for Nuclear Security, 2010). 3. This chapter draws heavily on Kathryn M. Glynn, "Preventing Insider Theft: A CrossIndustrial Analysis" (master's thesis, Harvard Kennedy School, 2011). 4. See, for example, Derk J. Boss and Alan W. Zajic, Casino Security and Gaming Surveillance (Boca Raton, FL: Auerbach, 2010); Robin Koh, Edmund W. Schuster, Indy Chackrabarti, and Attilio Bellman, Securing the Pharmaceutical Supply Chain (Cambridge, MA: Massachusetts Institute of Technology, 2003), http://forum.autoidlabs.org/uploads/media/MIT-AUTOID-WH021.pdf; and Pharmaceutical Security Initiative, 2012, www.psi-inc.org/index.cfm.

122

5. PREVENTING INSIDER THEFT

and pharmaceutical industries are different from the nuclear industry in some key respects. In particular, both industries accept that in some cases the expense of preventing small thefts may not be worth the cost of prevention—an attitude those handling weapons-usable nuclear material cannot afford to adopt when it comes to kilogram quantities of weapons-usable material. We proceed in several stages. First, we offer a framework for analyzing programs to protect against insider theft, dividing these into categories. Second, we describe the insider protections used in the casino and the pharmaceutical industries, using this framework. Third, we offer recommendations for the nuclear industry, intended to supplement existing best-practice guidance documents, on which we also draw.

Insider Protection: A Framework for Analysis All situations involving protection against potential insider threats involve some combination of managing the potential insiders and managing the items to be protected, which could be things that might be stolen, areas of a facility that might be sabotaged, people who might be attacked, or information that might be stolen, damaged, or misused. For this analysis, which focuses on items or materials that might be stolen, we refer to the items to be protected as “critical material,” and we identify two kinds of information we refer to as “critical knowledge.” First-degree critical knowledge, such as vault combinations, is knowledge that provides a major step toward gaining direct access to critical material. Second-degree critical knowledge can be characterized as security-related knowledge that conscientious employees should ideally bring to the attention of management or of security personnel and that, if it remains concealed or forgotten rather than reported, increases the ease of diversion.5 Examples of seconddegree critical knowledge include the location of a blind spot in an area supposedly monitored by a surveillance camera or the insight that a colleague has been rendered a target for blackmail by financial or personal difficulties. Programs to protect against insider threats generally combine elements addressing the following six questions, with varying degrees of emphasis: 1. How are insiders screened and monitored to ensure they are trustworthy? Most high-security organizations perform some form of background check before giving people access to items, areas, or information to be protected, or information about how these are secured. The thoroughness of such checks varies widely, ranging from a simple criminal background

5. For similar definitions applied to safety, see James T. Reason, Managing the Risks of Organizational Accidents (Aldershot, UK: Ashgate, 1997).

123

MATTHEW BUNN AND KATHRYN M. GLYNN

check (or less) to a full investigation, in which the person’s career, financial status, mental health, friends, and family are all considered. Some form of monitoring of authorized insiders may be continued after they are employed, to detect notable changes in behavior or circumstances that may bear on their propensity to become an insider. (Many accounts of insider cases note that they are often preceded by inappropriate behaviors noticed by coworkers.)6 In many environments, for example, insiders must undergo new background checks every few years to maintain their clearance, and staff are encouraged to report any changes in their own circumstances or suspicions about others. Both initial background screening and ongoing monitoring of employee behavior raise issues of privacy and civil liberties, and how much intrusion employees agree to permit varies depending on whether they are joining, for example, a highly secretive intelligence agency or a commercial company not dealing with anything relating to national security. 2. How are staff trained and motivated to reduce their vulnerability to becoming insiders and to convince them to watch for and report suspicious activities or security weaknesses? Keeping up staff morale and motivation, and convincing employees to be active participants in achieving good security, are critical elements of an effective program to protect against insiders. One obvious step is ensuring that staff are adequately paid so that desperation and anger at the organization for undervaluing them do not add to the motivation for insider theft.7 Programs to make employees feel that they are well treated and their concerns are addressed are also important, and need not be particularly expensive. Studies of insider theft and sabotage in nonnuclear industries regularly conclude that simple employee disgruntlement is a major contributing factor.8 Many organizations use training and incentive programs to convince employees to take security seriously, be on the lookout for insider dangers, and report any suspicious activity or security weaknesses that they observe. Many organizations also provide training so that employees recognize and counter efforts to recruit them for nefarious purposes (for example, counterintelligence briefings that are often given to people with authorized access to secret information).

6. Dawn M. Capelli, Andrew P. Moore, and Randall F. Trzeciak, The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) (Indianapolis: Pearson Education, 2012). 7. Ruth A. Duggan, “Addressing the Insider Threat—A Call to INMM Community Action,” in Proceedings of the 52nd Annual Meeting of the Institute for Nuclear Materials Management, Desert Springs, Calif., July 17–21 (Northbrook, IL: INMM, 2011). 8. Capelli, Moore, and Trzeciak, The CERT Guide to Insider Threats.

124

5. PREVENTING INSIDER THEFT

Preemployment: screening

During employment: monitoring, training, motivation

Postemployment: access restriction, monitoring

Figure 5.1. Insider protection during the employment life cycle

Particularly difficult issues arise when authorized employees know they are about to lose their jobs or have just left their jobs. At these moments, the organization’s ability to offer incentives and disincentives is much reduced, and the employees’ loyalty to the organization may be minimal, yet their access to critical materials or knowledge that could help with a malevolent act may remain unchecked. Our interviews suggest that insider programs often include steps for dealing with these kinds of situations, such as removing employees from the most sensitive forms of access once they are in the process of leaving the organization; changing keys, combinations, or passwords after an employee with access to them has left; and making clear the penalties associated with providing key information to unauthorized individuals after employment. In some cases, some monitoring of employees’ activities continues for a period after access is terminated. For example, the passports of Russian nuclear weapons designers are reportedly held in the safe of the site security officer for five years after their employment comes to an end.9 Figure 5.1 summarizes the different forms of monitoring, control, and incentives and disincentives that may be applied at each stage of the employment life cycle. 3. How are the items to be protected controlled, monitored, and accounted for? Methods to secure and control the protected items themselves vary widely, depending on the circumstances of particular industries and operations. At Fort Knox, at one extreme, gold bars virtually never leave hardened vaults, and virtually no one ever enters those vaults. At the other extreme, in a casino, money and chips that can be exchanged for money are constantly handled in large quantities by hundreds of people on the gaming floor. However, virtually all high-security organizations will have some element of security, monitoring, and accounting for the items, areas, or information they are trying to protect. In particular, monitoring measures such as security cameras can make it possible to detect thefts as they are occurring, and accurate accounting can make it possible to confirm that nothing

9. Personal communication with former Russian nuclear weapon designer, 2001.

125

MATTHEW BUNN AND KATHRYN M. GLYNN

1. Critical material housed in secure vault

4. Critical material returned to secure vault

2. Critical material removed from secure vault

3. Critical material “on the floor” (handled by multiple personnel) Figure 5.2. Generic critical material cycle

significant is missing—or to identify when things do appear to be missing and further investigation is required. Items likely to tempt thieves because of their high value, portability, and related characteristics often go through a regular cycle: storage in a secure vault when not in use, removal from the vault, processing and use on the equivalent of a “shop floor,” and return to the vault (see figure 5.2). The interviews conducted for this paper focused closely on how security is managed for each of the steps in this cycle, and how employees are screened, monitored, and motivated. 4. How are interactions between the insiders and the items to be protected limited and monitored? Controlling who can have access to the critical material, and under what circumstances, is often among the most important elements of a program to protect against insider threats. In many organizations, for example, no one would be allowed to access the critical material without a clear job requirement to do so; protected items might be kept in a vault when not in use, with very few people having authorized access to the vault; a two-person rule might be in place, prohibiting anyone from being alone with the material; and security cameras might provide additional monitoring whenever items are accessed. 5. How are investigations done to find dangerous insiders who may be present? Despite their best efforts, organizations sometimes find that they have a malevolent insider in their midst—a thief, a saboteur, an assassin, a spy.

126

5. PREVENTING INSIDER THEFT

Sometimes only indirect evidence exists that hints at this possibility. Many high-security organizations have processes for investigating the possibility of insiders in their midst. In some cases, this can be done discreetly, with little disruption to the organization. However, in other cases, the hunt for an insider can lead to major effects on morale and everyone suspecting everyone else. 6. How are testing, assessment, and learning from experience done? Security systems must be assessed to see how effective they are. Some organizations use a “red teaming” approach, in which small groups are charged with examining the security measures in place and trying to conceive of ways to overcome them. Often, particular elements of the system are subject to tests, such as how accurate the accounting of material is or whether an alarm sounds when material is carried past certain detectors or a vault is opened without proper authorization. Mechanisms for learning from past experience of what does and does not work are also important. Having laid out this framework, we will now discuss security against insiders in the casino and pharmaceutical industries in the United States, examining how each of these six elements is implemented in these two industries and how much reliance is placed on each. In both cases, we will begin by describing the general environment in the industry in question, which can have a major bearing on protection against insider threats.

Protection against Insider Theft in the Casino Industry e n vi ro nm en t, o perati o n s, a n d secu r i t y a s s u m p t i o ns The critical materials in a casino are cash and chips. Chips are used at gaming tables, and patrons may exchange them for cash at cages located throughout the gaming floor or at the main cashier. Employees may exchange chips that they may receive as tips only at the main cashier. When not in use at the cages or by the main cashier, cash is stored in a secure vault and counted in a special “count room,” which is a vault of its own (see figure 5.3). The use of chips rather than cash is itself an antitheft measure, as the chips have no inherent value and are less likely than cash to be targeted by casual thieves.10 In principle, the cash and chips in a casino are individual countable items, but they are so numerous as to make frequent item-by-item accounting difficult. In this respect, a casino is somewhat analogous to a nuclear

10. Christopher Beam, “Ocean's One: What's the Point of Stealing Casino Chips?” Slate, December 17, 2010.

127

MATTHEW BUNN AND KATHRYN M. GLYNN

Figure 5.3. Gaming critical material flow

facility handling large numbers of small items, such as a facility assembling pellets or plates of nuclear material into fabricated fuel elements, where critical nuclear materials would be removed from a secure vault and accounted for before and after their use on the floor. Casinos are a customer-facing industry and cannot allow security measures to encroach on the customer experience. Thousands of people enter and leave the casino every day carrying both chips and cash, and because the casinos seek to maintain a welcoming atmosphere for customers, the security personnel do not search or scan them. For gaming establishments, the motivation to ensure against the diversion of critical materials is purely financial. Small-scale diversions are typically not considered worth the time, effort, and money required to stop them. Gaming security managers reported that a cashier could probably skim “a few hundred dollars” a day without detection. Our interviews indicate that security professionals in the gaming industry operate under two unique assumptions. First, they assume that some threat, internal or external, is always present. Second, casino security professionals

128

5. PREVENTING INSIDER THEFT

assume that nonsecurity staff (dealers, servers, cashiers, and so on) are probably not trustworthy and may well prove to be thieves. To paraphrase one interviewee, “If I never hired anyone with a questionable personal history, I’d have to turn down 90% of the job applicants in Vegas.” The casino security managers who participated in our study indicated that regulations governing the casino industry typically require that the security operation be composed of two distinct and independent units. Security staff members are a visible presence on the floor. They are trained in customer relations as well as security procedures and are charged with maintaining the physical security of the casino. Surveillance team members sit in secluded rooms monitoring security camera feeds from throughout the casino. Every table game is monitored from multiple angles to identify cheaters. Surveillance teams typically verify employee ID badges for access into secure areas and also monitor the vault interiors and doors, cages, and the “count room”—a separate vault where the money is counted. Cameras are carefully hidden so that patrons do not feel like they are being spied on. Employees, on the other hand, always know that Big Brother is watching. To address the possibility of the casino’s general manager being involved in activities that he or she might wish to cover up, the surveillance team reports to a distinct chain of command, not through the general manager. s c reeni n g an d mo n i to ri n g sta ff Most floor employees are hired at the entry level and are given little responsibility for or access to first-degree critical knowledge. Nevertheless, employment applications include authorization to conduct a criminal background check and a credit check. Red flags include major property crime or fraud arrests, gambling addictions, or significant debt (though two managers indicated that the 2008 financial meltdown has made bankruptcy too common to be considered a red flag). Security and surveillance personnel undergo stricter background checks, though nothing like the screening required for a security clearance to handle weaponsusable nuclear material. Casinos do not specifically monitor changes in employee behavior off the job after hiring (such as sudden and unexplained wealth). On the job, suspicious changes in behavior may show up in surveillance. One interviewee reported a case in which a cocktail waitress began spending inordinate amounts of time near one particular gaming table; the casino eventually discovered that she was colluding with a dealer to steal chips. Casinos also maintain a list of “permanently ejected” individuals. The “permanently ejected” list includes patrons who are banned from the premises for reasons varying from drunken brawls to gambling addiction, as well as former employees fired for misconduct or theft.

129

MATTHEW BUNN AND KATHRYN M. GLYNN

Security personnel escort employees terminated for cause off the property, and their ID and access badges are confiscated. Door codes (where they are used) are immediately changed. One casino reported that all exemployees are banned from the premises for ninety days, while another indicated that it allows former employees to return as patrons as long as they were not placed on the “permanently ejected” list. Every casino security manager interviewed indicated that the processes and security and surveillance systems already in place could be relied upon to stop an ex-employee from abusing critical knowledge. t r ai n in g an d mo ti vati n g sta ff Most new employees undergo approximately two days of orientation, primarily on casino operations. New hires are indoctrinated into the security operations specific to their own work. Security and surveillance personnel require more extensive training, which is also conducted on the job. Surveillance personnel are required to know how to play every table game so that they can better detect cheats or card-counters, while security personnel are trained on how to conduct “chip counts,” escort critical gaming materials, and interact with patrons. Security and surveillance personnel often undergo weekly or monthly security training. Generally, training appears to be focused on procedures and practices rather than “red-team” exercises (that is, exercises in which mock adversaries attempt to defeat the security system and the security team has to find ways to detect and respond to the attempt). In some instances, security training is just a part of a general training required by state regulations, including everything from sexual harassment prevention to security procedures. General floor employees receive regular security training only if a promotion requires additional access to critical materials or knowledge. Floor employees make a reasonable wage, counting salary and tips. Security and surveillance personnel receive higher salaries because they do not receive tips. According to one casino security manager, wages are neither a major source of loyalty to the establishment nor a major source of disgruntlement. All employees are aware that theft is an ever-present threat. Nevertheless, interviewees expressed the view that while security and surveillance staff were highly vigilant, general employees probably would not bother to report suspicious activity short of clear and overt misconduct. In some cases, the casinos provide training and other materials to emphasize to employees that threats to the casino’s well-being are also threats to their jobs. But motivating nonsecurity employees to be on the lookout for security issues does not appear to be an area on which casinos place much emphasis. However, multiple casino security managers

130

5. PREVENTING INSIDER THEFT

indicated that anonymous tip lines were one of their most productive security programs. c o n trolli n g, mo n i to ri n g, a n d acco u nt i ng f o r pro tected i tems Both a cashier and a security employee must agree to enter the vault where cash is secured. Cash and chip transfers between the vault and cages and between cages and tables require a security escort, dual concurrence, and signatures from both the deliverer and the receiver of the critical material attesting to the accuracy of the count. At least every twenty-four hours, cash is collected from each cage and escorted to the count room. Dual concurrence is required to enter and exit the count room. To reduce the probability of collusion, a two-person team comprising individuals from different organizations, typically a trained cashier and a Gaming Commission member, are present for the count. Surveillance cameras continuously monitor the interiors of and the entrances to the vault and the count room. l im i ti n g an d mo n i to ri n g i n si d er- i te m i nt e r ac t i o ns Access to the vault, cages, and count room is permitted only to specified individuals under precise circumstances. Staff may exchange the chips that they receive for tips only at the main cashier, where cashing an unusually large quantity or denomination of chips, or cashing out unusually frequently, would raise questions. Dealers' tips (also chips, which they are not allowed to cash) are placed in a locked "toke box," located at every table, then distributed among dealers at the end of the week, based on the number of hours worked. Uniforms for the floor staff are designed to discourage theft. Sleeves are typically elbow length or shorter, and pockets are either disallowed or covered with an “apron.” c o n du ctin g in vesti gati o n s Interviewees did not provide a great deal of detail about the investigations they conduct when a staff member is suspected of theft. Often, suspicions are raised from, and key evidence provided by, activities observed on surveillance cameras. assessm ent, t esti n g, a n d lea rn i n g Learning from collective experience, rather than formal testing and assessment, appears to be the mainstay of casino security operations. Casinos learn from problems they have encountered themselves, and they also have

131

MATTHEW BUNN AND KATHRYN M. GLYNN

a system for sharing information on threats. According to one source, a cheating ring was apprehended because casinos in New York, New Jersey, and Connecticut shared information including suspect descriptions and modus operandi. The first casinos hit were unable to stop the cheaters but were able to provide enough information to neighboring casinos that security and surveillance were able to identify and apprehend the offenders. Data sharing could provide similar results in cases of insider diversion schemes. p o ten tia l w eak po i n ts Multiple security managers reported that dealers have been caught stealing chips, typically through sleight of hand. Dealers are prohibited from cashing chips, but a crooked dealer could easily collude with a food and beverage employee or a patron, who could cash the stolen chips without suspicion. Every casino reported surveillance as the primary method to detect and disrupt such a scheme. Another potential vulnerability is cash skimming from the vault, count room, or cage. One casino reported that cashiers who are either over or under on their cash counts by a specified amount during a rolling twelvemonth period are terminated. Although the exact amount of acceptable gain or loss was not disclosed, a cashier with this second-degree critical knowledge could carefully steal just below the line and avoid detection— just as some nuclear material thieves have done.11 Finally, the standoffish relationship between surveillance and general employees has both positive and negative implications for diversion prevention efforts. Assuming that most employees are less than trustworthy, gaming security and surveillance officers are unlikely to suffer from the “halo effect,” in which well-liked employees are assumed to be trustworthy.12 However, constant awareness of being under surveillance and potential suspicion is unlikely to generate feelings of loyalty or buy-in from most employees. Thus, such approaches probably lower the threshold for individuals to cross over into illicit activity and make employees less likely to report second-degree critical knowledge that could provide insight into potential security threats.

11. See, e.g., Frontline, "Loose Nukes: Interview with Leonid Smirnov," Public Broadcasting System, 1996, www.pbs.org/wgbh/pages/frontline/shows/nukes/interviews/smirnov. html. 12. Richard E. Nisbett and Timothy DeCamp Wilson, “The Halo Effect: Evidence for Unconscious Alteration of Judgments,” Journal of Personality and Social Psychology 35 (1977): 250–256.

132

5. PREVENTING INSIDER THEFT

Protection against Insider Theft in the Pharmaceutical Industry e n vi ro nm en t, o perati o n s, a n d s e curi ty a ssumpti o n s In this section, we focus on sites that produce and distribute a particular Schedule II narcotic that is subject to abuse and has a high street value. (Interviewees asked us not to specify which one, for only a few facilities produce it, and they did not wish to reveal facility-specific security information.) In these facilities, the active pharmaceutical ingredient (API) is stored in a secured vault until it is ready for use. It is then moved to the production area, where it is combined with inactive ingredients to make the final dosage form (FDF), small pills in the case of the facilities we focused on. The pills are then packaged and sent out to distributors, leaving the control of the original facility that made them (see figure 5.4). Like a nuclear bulk-processing facility, these sites are producing or fabricating large quantities of critical material in bulk and have to ensure that accounting uncertainties that suggest an operational gain or loss are not masking diversion. Only a small portion of the security incentive in the pharmaceutical industry comes from the financial value of the drugs that might be stolen; instead, companies want to avoid the brand impact of having their drugs driving black markets and also seek to avoid scrutiny (and potential shutdown) from regulators. This means much lower tolerance for small-scale thefts. The potential for insider theft exists at every level of the pharmaceutical production and distribution chain. Individuals employed at production sites, distribution centers, and pharmacies are all potential insiders. However, this study is based on interviews with security managers for production and distribution sites; we did not explore security at pharmacies or transporters handling these materials. At the pharmaceutical distribution sites, most employees are professionally licensed pharmacists and pharmacy technicians, bound by the ethical standards of the American Pharmacists Association (APA) and keenly aware that a breach would result in the loss of their licenses. Interviewees assumed that APA licensing was a major contribution to reducing insider risks among these personnel, though it is not clear that this conclusion is backed by data. The pharmaceutical distribution site whose staff we interviewed did not differentiate between staff who did or did not handle controlled substances, but this facility trains surveillance cameras on every workstation at which controlled substances are handled. At production sites, staff are typically not licensed pharmacists or pharmacy technicians, but pharmaceutical producers reported requiring additional training and screening for individuals assigned to handle controlled substances in the factories.

133

production line

vault

FDF

Figure 5.4. Pharmaceutical critical material flow

** Typically shipped in large-capacity pill bottles

* Typically packaged in blister packs for short-term use

QA checks for API purity/content

FDF= final dosage form

API = active pharmaceutical ingredients

inactive ingredients

API

*

**

in-patient facilities

wholesaler

brick-andmortar pharmacies

patient

mail order pharmacies

regional distributor

5. PREVENTING INSIDER THEFT

The security managers we interviewed indicated that their operations, unlike casinos, do not differentiate between security and surveillance operations. Security personnel report to an on-site security manager, who in turn reports to the security manager at corporate headquarters. The site general manager is excluded from the security chain of command to maintain the objectivity and independence of the security operation. No regulations overtly restrict relationships between security and nonsecurity staff, although, according to one interviewee, they operate in “separate circles” that naturally limit daily interactions. In addition to the security team, controlled substance teams (CSTs), usually comprising security, compliance, and law enforcement professionals, are assigned to every pharmaceutical production site handling Schedule II substances. Acting as something akin to an internal auditor, they are charged with ensuring that the company complies with both the letter and spirit of relevant regulations. Like the security team, the CSTs report to corporate headquarters rather than to site managers. Security managers for controlled pharmaceutical producers report expending a great deal of effort to ensure security buy-in from corporate leadership on down. They attempt to ensure that every employee is aware of the harsh penalties for failure to comply with federal regulations. Simultaneously, pharmaceutical producers pride themselves as stewards of public health, and they work to ensure that every employee shares that sense of responsibility. According to one interviewee, security has moved from being considered a “business disabler to a business enabler.” Quality assurance (QA) plays a central role in pharmaceutical production, and it is used as an element of theft prevention as well. At production sites, manufactured pills are pulled at random for QA checks. Although these checks are primarily intended to ensure accurate formulation, they also provide a check against the diversion of API that would lead to detectable changes in pill formulation. At distribution sites, QA randomly selects filled prescriptions to check for the accuracy of pill counts. Producers and distributors of Schedule II substances are subject to several layers of regulation. The Drug Enforcement Administration (DEA) is the primary regulator concerned with theft of Schedule II pharmaceuticals. The DEA also regulates the design and construction of facilities producing or distributing controlled substances. The DEA approves blueprints for Schedule II production facilities to ensure compliance with security requirements. They are not required to do so, but many companies seek DEA guidance when designing their security system. The DEA has the authority to inspect facilities on short notice and can shut down a facility that is found to be in violation of security procedures. The Department of Health and Human Services enforces the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which guarantees privacy and security standards for patient information. Pharmaceutical

135

MATTHEW BUNN AND KATHRYN M. GLYNN

distributors in particular appear to consider HIPAA training a valuable part of their employee indoctrination, and they count on it to increase general security awareness and buy-in, though it is not focused on protecting against theft. The Food and Drug Administration (FDA) is mainly concerned with quality assurance and regulatory compliance. The FDA would be the first regulator notified if QA detected an irregular formulation. Our interviewees indicated that most pharmaceutical distribution facility employees, and some staff at production sites, are licensed by the APA and could lose their license if caught stealing or contributing to thefts by others. s c reeni n g an d mo n i to ri n g sta ff Pharmaceutical firms subject potential employees to financial and criminal background checks. Red flags include criminal activity and a history of substance abuse. As in the gaming industry, pharmaceutical security managers indicated that the economic downturn has made bankruptcy or financial hardship so commonplace that it is no longer a useful red flag. The pharmaceutical industry maintains a “disbarred list” of individuals banned from working with controlled substances, listing individuals fired from producers or distributors under suspicion, people who had been convicted of possession or distribution of illegal drugs, and the like. Ex-employees are immediately denied access to facilities and their IT systems, no matter the reason for their departure. It is unlikely that an individual terminated for illicit activities would be hired by another pharmaceutical company, and the worst offenders would be placed on the national disbarred list to prevent them from falsifying employment records to conceal their past misdeeds. t r ai n in g an d mo ti vati n g sta ff Pharmaceutical companies give new employees site-specific security training as well as training required for HIPAA and other regulatory compliance. At pharmaceutical production sites, individuals selected to work with controlled substances are required to undergo additional training. HIPAA requires annual refresher training, and most corporations conduct annual or quarterly security training as well. DEA and FDA audits and short-notice inspections help ensure that site managers and employees remain vigilant. One interviewee in particular emphasized that security vigilance is a by-product of a security-conscious corporate culture that recognizes theft prevention as an essential element of brand protection and operational success.

136

5. PREVENTING INSIDER THEFT

c o n trolli n g, mo n i to ri n g, a n d acco u nt i ng f o r th e item s to be pro tected When API is received at a production facility, workers measure its weight and then subject it to a number of quality checks to ensure purity before clearing it for production. The two-person rule is in effect when workers open an API vault, remove a specific amount (by weight), secure the vault, and transport the API to the production line, where they confirm its weight and purity once more. The production line is under constant camera surveillance, as are the inside and the outside of the vaults. The CST and security personnel also monitor the production lines. The factory produces pills in batches of modest size, making it possible for the accounting system to measure input and output, and localize any identified losses, more precisely than would be plausible in a continuous process. QA tests pills from every production lot. If QA workers find that the percentage of API is low in randomly selected pills, they would first suspect and investigate the possibility of misformulation or inadequate mixing. If the reason for the low API percentage cannot be determined, then security is notified to investigate the possibility of API diversion. If a machine jams and pills fall onto the floor, the line is halted and each pill is retrieved, accounted for, and destroyed. The vast majority of pills are packaged in large-capacity bottles (commonly holding 100 pills for brand-name, controlled substances and 1,000 pills for generics) and shipped to a wholesaler. A small percentage of the pills destined for in-patient facilities are packaged in blister packs. Both types of packaging include “tamper-evident” seals. (However, tests have suggested that thieves may be able to defeat many types of seals.)13 Once the wholesaler takes custody of the FDF, the responsibility for its security transfers from the manufacturer to the distributor. The wholesaler typically ships the product via regional distribution centers, and then on to pharmacies. Pills are repackaged into the appropriate pill-count bottle after each prescription is verified. Distribution site QA randomly samples filled prescriptions to ensure that they include the correct number of pills. One pharmaceutical distribution site security manager explained that bottles of pills are purchased by weight, not pill count. To ensure that they never fall below their contractually required weight, it is not uncommon for manufacturers (particularly of generic pharmaceuticals, including generic narcotics) to overfill bottles, including 1,005 pills or so in a 1,000-pill bottle. If a prescription bottle comes up short, this “gain” is used to offset it at no

13. Roger G. Johnston, “Tamper-Indicating Seals,” American Scientist 94, no. 6 (November– December, 2006): 515–523.

137

MATTHEW BUNN AND KATHRYN M. GLYNN

additional cost. One interviewee acknowledged that such errors “did happen,” given “the [tens of thousands] of prescriptions we filled each day.” l im i ti n g an d mo n i to ri n g i n si d er- i te m i nt e r ac t i o ns Vaults for controlled substances and their active ingredients are under constant camera surveillance. Only specified personnel are allowed to access the vaults, and then only with two people acting together. The workers measure the material both when it leaves the vault and when it arrives in the production area. The production area is under surveillance by security cameras and watched by security and by the CST. At distribution sites, some prescriptions are filled by machine; licensed pharmacists and pharmacy technicians fill the remainder by hand. A limited number of individuals handle controlled substances, and security cameras are trained on them to detect any attempt to divert critical pharmaceutical materials. As in the casino industry, both pharmaceutical producers and distributors require pocketless uniforms to discourage casual theft. c o n du ctin g in vesti gati o n s Here, too, interviewees did not provide substantial detail on how their companies conduct investigations when they suspect employees of theft. As with casinos, evidence from surveillance cameras plays a major role in raising initial suspicions and providing evidence. Overall, it does not appear that investigations themselves are a major element of the insider protections at pharmaceutical facilities. assessm ent, t esti n g, a n d lea rn i n g Pharmaceutical security managers reported conducting red-team exercises in which participants brainstorm diversion scenarios and security personnel simulate countering them. These exercises help identify potential vulnerabilities and stimulate vigilance. Learning from and sharing experience are also critical elements of pharmaceutical security programs. The Pharmaceutical Security Institute (PSI) maintains a database of pharmaceutical-related incidents. Data are collected on a voluntary basis but, according to multiple interviewees, the database is comprehensive. A security manager contacts the PSI to report an incident; if the PSI has similar incidents in its database, it will put the security managers from both companies in touch with each other. Contact is voluntary, but security managers report enthusiastically following through to learn from each other’s experiences. (Because brand protection is a key goal, PSI covers both counterfeiting and thefts of controlled substances

138

5. PREVENTING INSIDER THEFT

with its main emphasis on counterfeiting. In the case of thefts, the incident database focuses on very large incidents, valued at $100,000 or more.)14 In addition to the PSI database, one manufacturing firm reported a more informal supply-chain security database focusing on cargo theft, maintained by the company's security staff. Now collecting data from multiple companies as well as state and local law enforcement officials, this unofficial consortium provides a “safe space” for security professionals to discuss challenges they face, exchange data, and discuss legislation that affects their efforts. p o ten tia l w eak po i n ts The pharmaceutical security system also has potential weaknesses. Resourceful thieves could defeat the seals on bottles and blister packs to remove pills without detection. The extra pills packaged to ensure compliance with contracted weight requirements appear ripe for diversion. No standard exists for the number of “extra” pills per bottle, and pharmaceutical distribution sites consider this gain a windfall rather than an accounting concern. The pharmaceutical industry may also be in danger of falling victim to the halo effect. Every interviewee emphasized that their employees were licensed professionals, held accountable to the APA code of ethics—yet it is not obvious that this substantially reduces the risk that these individuals will participate in insider theft. Doctors and nurses who steal medications face similar professional penalties, but such theft remains an ongoing problem. This belief in the honesty of licensed professionals may lull security professionals into overlooking suspicious acts. There is also the possibility of surreptitious theft while insiders are handling the drugs. Casino dealers manage to palm chips despite sleeveless uniforms and multiple security cameras; pharmaceutical workers may well be able to do the same with pills that are much smaller than casino chips. Pharmacies themselves represent another potential weak point in the system. Several interviewees argued that theft of Schedule II pharmaceuticals is most likely to occur at individual pharmacies. Burglaries targeting controlled substances are not uncommon, and fraudulent prescriptions are a major concern. Indeed, some pharmacies have given up carrying drugs that are in particular demand by violent thieves (see figure 5.5). The extent to which insiders are involved in these thefts cannot be determined without access to arrest and prosecution records, but it cannot be discounted.

14. Pharmaceutical Security Initiative, “The Counterfeit Situation,” www.psi-inc.org/ counterfeitSituation.cfm.

139

MATTHEW BUNN AND KATHRYN M. GLYNN

Figure 5.5. An example of retailer security concern

Recommendations for the Nuclear Industry The casino and pharmaceutical industries, of course, are not the same as the nuclear industry, intelligence agencies, or other high-security organizations. In particular, casinos and pharmaceutical plants can afford to take the attitude that small thefts may not be cost-effective to prevent. Moreover, every facility is unique and must implement insider protections best suited to its particular circumstances and processes. Nevertheless, this analysis of insider protection in the casino and security industries suggests some approaches to insider protection that others should consider. We focus here on potential applications in the nuclear industry in particular. Constant video surveillance of both vaults and all insider interactions with materials. Both the casino and the pharmaceutical industries use security cameras to monitor critical material inside vaults as well as the vault door. Both use constant video surveillance when insiders are handling critical material. It may seem redundant to monitor both the vault interior and the door, but there have been a number of major thefts in other industries that involved people gaining access to the inside of the vault by unorthodox means—such as tunneling in from underneath—and surveillance inside vaults would help deter insiders with legitimate access from palming critical material from the vault. Similarly, constant video surveillance may seem redundant when the two-person rule is in effect, but it provides an additional layer of detection and therefore of deterrence of insider theft.

140

5. PREVENTING INSIDER THEFT

Frequent and rigorous material accounting. Casinos devote a special vault to counting their cash and require a rigorous two-person count at the end of every shift. The pharmaceutical industry requires rigorous accounting of input materials and product, in batches small enough that uncertainties could not cover a major theft. Nuclear facilities handling weapons-usable nuclear material in bulk forms also typically require detailed accounting for the material, but opportunities for more frequent and localized accounting may exist that would not substantially increase costs. Requiring everyone who touches critical material to sign for it. The gaming industry’s practice of requiring every individual who touches cash or chips to sign his or her name and vouch for count accuracy could also be used more widely at nuclear facilities. Although a determined thief will likely be undeterred, this simple and inexpensive process could provide three distinct benefits: • Increasing security awareness and personal responsibility (“I signed for it, so I better make sure it is properly accounted for”). • Providing a record of critical material movement. This “paper trail” could provide an investigative starting point should critical material go missing. • Offering insight into irregular employee activities—for example, repeatedly “forgetting” to sign for critical material or falsifying or tampering with the signature card would call for further scrutiny.

Implementing an expanded two-person rule. Both gaming and pharmaceutical security operations expand on the two-person rule by requiring that the two individuals be from different departments. Individuals who report to different chains of command and who do not regularly interact are less likely to form the kind of trust required for successful collusion or suffer the same disgruntlement. Some nuclear facilities follow similar practices: Opening the warhead storage bunkers at the Pantex plant near Amarillo, Texas, requires lifting off a multiton block from the door using a specialized forklift and then opening two locks, the key to one of which is held by the operations staff, the other by security (personal observation, 1995). This simple practice could be incorporated more widely at nuclear facilities. Rewarding attention to security. One step that every organization should take is to consciously reward, rather than marginalize, employees who point out security vulnerabilities and options for improvement.15 At the very least, an anonymous tip line should be installed (and its contents acted upon) to remove the fear of reprisal as a barrier to reporting concerns and to convince employees that concerns will be addressed.

15. Matthew Bunn, “Incentives for Nuclear Security,” in Proceedings of the 46th Annual Meeting of the Institute for Nuclear Materials Management, Phoenix, Ariz., July 10–14 2005 (Northbrook, IL: INMM, 2005).

141

MATTHEW BUNN AND KATHRYN M. GLYNN

Seeking widespread buy-in to the importance of security. A number of pharmaceutical security managers explained that they strive for security buy-in by emphasizing corporate commitment to being a steward of public health and also stressing that good security protects the work and livelihood of every employee. While buy-in may take years to achieve in full, similar tactics simultaneously appealing to emotion (patriotism, or the desire to prevent a nuclear disaster) and pragmatism (security is here to protect my work) may be fruitful. Splitting security and surveillance. This practice has both advantages and disadvantages (which may explain why casinos have adopted it and pharmaceutical plants have not). Surveillance teams independent of security could make it more difficult for a security officer and a technician with access to material to collude to steal material. Moreover, surveillance officers are probably better able to monitor the activities of all facility employees objectively, avoiding the halo effect. On the other hand, with only the information available from security cameras and alarm systems, surveillance officers may not be privy to information about particular people that might help them interpret what they are seeing. The educated professionals employed at nuclear facilities may resist the Big-Brother-is-watching atmosphere that exists at most casinos. Therefore, security officers should be the trusted and approachable “face” of security, while the surveillance team remains largely unseen. Involving regulators in design. One pharmaceutical producer described DEA involvement “at the blue-print stage” of facility design, reviewing approaches and making suggestions. In the nuclear industry as well, it might be worthwhile to involve regulators and security experts from the earliest stages of design in order to achieve a “security by design” approach in which cost-effective security measures are established at the outset. Establishing threat databases and experience sharing. As discussed above, the PSI maintains a database of all pharmaceutical-related crimes. Similarly, casinos share information on crimes and criminals that they confront; as one example, commercial firms are in the business of providing software that allows the casinos to easily put photos and names of card counters, thieves, and others excluded from their casinos in a shared database. (There are several such firms; one of the leading companies is Biometrica Systems.)16 Outside researchers have also developed extensive databases on insider cyber incidents related to critical infrastructure. Properly administered, similar databases could provide a wide range of benefits to nuclear security operations. Such an effort might include both databases for particular countries administered by national institutions (such as the National Nuclear Security Administration in the United States)

16. Biometrica Systems, 2012, www.biometrica.com/index.html.

142

5. PREVENTING INSIDER THEFT

and databases serving the broader international community, perhaps administered by an organization such as the World Institute for Nuclear Security. These databases should include specifics of real cases of nuclear material theft (modus operandi, responsible parties, etc.) and near misses that did not culminate in the actual loss of material. It would also be worthwhile to include selected incidents at nonnuclear facilities that may help inform nuclear security managers about adversary capabilities and tactics to be protected against.17 These incidents could include cases of multiple insiders conspiring together to steal money or other valuable items and cases where outsiders and infiltrated insiders worked together to defeat elaborate security systems such as in the remarkable Antwerp Diamond Center heist in 2003,18 along with others.19 Ideally, the institution managing the database should employ professionals to regularly analyze it for trends, lessons learned, and potential threats. To maximize effectiveness, the database should not be overclassified, and it should be widely available to nuclear security professionals and site managers. If parts of the database require higher classification, they can be separated from the rest. Potential benefits of national and ultimately international databases of this kind include the following: • Increasing vigilance. One of the reasons to make such databases widely available to nuclear security managers is to help increase vigilance and threat awareness. The attitude that “it will never happen here” is more easily overcome when one can point to numerous recorded incidents in which it did, or almost did. • Connecting the dots on threat information. Adversaries carrying out surveillance on one facility may be watching other facilities as well, and the nature of the activity may become clear if these facilities are exchanging information. An employee report of being approached by a suspiciously curious stranger might be overlooked at one facility, but it might provoke increased scrutiny if observed at multiple facilities. • Sharing best practices, jointly developing solutions. The PSI database of pharmaceutical crimes encourages security managers who have experienced similar incidents to contact each other. Interviewees indicated that the additional transportation security database discussed earlier also provides a forum for discussion of real incidents and potential responses.

17. Bruce Hoffman, Christina Meyer, Benjamin Schwarz, and Jennifer Duncan, Insider Crime: The Threat to Nuclear Facilities and Programs (Santa Monica, CA: RAND, 1990). 18. Scott Andrew Selby and Greg Campbell, Flawless: Inside the Largest Diamond Heist in History (New York: Union Square Press, 2010). 19. See Matthew Bunn, Securing the Bomb 2010: Securing All Nuclear Materials in Four Years (Cambridge, MA: Project on Managing the Atom, Harvard University, and Nuclear Threat Initiative, 2010), www.nti.org/securingthebomb, 95.

143

MATTHEW BUNN AND KATHRYN M. GLYNN

• Improving responsiveness to emerging issues. Data might include premature failures or unexpected weaknesses in security technologies, issues with new procedures, and the like. With these data from other facilities in hand, security managers would be better able to foresee vulnerabilities and allocate budgets, allowing security to move from reactive response to incidents to proactive anticipation of vulnerabilities. • Strengthening employee buy-in. Individual facilities might encourage employees to review information from the database and help prepare their own site’s data for contribution, helping them to understand the reality of the threat and to be on the lookout for relevant information.

In the world of nuclear safety, the sharing of operating experience, including incidents that could have a safety implication (such as clogged pumps or cracked equipment), has been an absolutely central element of the dramatic increase in nuclear safety achieved in the decades since Three Mile Island. In the United States, each reactor is a member of the Institute for Nuclear Power Operations (INPO, the U.S. arm of the World Association of Nuclear Operators, or WANO), and is required to provide reports on each safety-related incident, with an analysis of root causes and lessons learned. INPO analyzes these reports and distributes lessons-learned bulletins to all operating U.S. reactors. Moreover, INPO reviews and rates each facility’s implementation of these lessons learned.20 No comparable process exists in the field of nuclear security, either at the national or the international level. The use of some or all of these practices from the casino and pharmaceutical industries may help the nuclear industry reduce the risks of insider theft. But there is no magic bullet. Insiders, with their authorized access to facilities and knowledge of the facility security system (and, potentially, its vulnerabilities), will remain a significant challenge for nuclear security. Finding ways to keep employees motivated and loyal, to build strong security cultures with widespread employee buy-in to the need for stringent security, and to give employees incentives to identify and resolve potential vulnerabilities will remain difficult management problems. Difficult challenges also arise in striking an appropriate balance between respecting employees and remaining aware of the possibility that any insider could commit criminal acts. Constant vigilance and an approach focused on continual adaptation and improvement will remain necessary.

20. Joseph V. Rees, Hostages of Each Other: The Transformation of Nuclear Safety since Three Mile Island (Chicago: University of Chicago Press, 1996).

144

chapter 6

A Worst Practices Guide to Insider Threats Matthew Bunn and Scott D. Sagan

From the anthrax letters to the Fort Hood shooter, from Edward Snowden to the Wikileaks data dump, U.S. government organizations have faced insider threats with grave consequences since the 2001 terrorist attacks. Organizations in other countries have also suffered damaging insider incidents, ranging from multiple Taliban attacks inside the Afghan Army to a 2014 insider sabotage of the turbine at the Doel-4 nuclear power plant in Belgium that caused more than $150 million in damage.1 The serious challenges posed by insider threats should not be a surprise to any organization’s leader or security manager. As the chapters in this book make clear, however, organizations often find it exceedingly difficult to understand insider threats and guard against them. Why is this the case? As we noted in the introduction, part of the answer is that there are deep organizational and cognitive biases that lead managers to downplay the threats that insiders pose to their own facilities and operations. For the sake of morale within the organization, they want to stress the loyalty, team spirit, and trustworthiness of their employees. Cognitive dissonance, affect bias, and the illusion of control often lead managers to believe the stories they repeat. Managers and employees are not often shaken out of these complacent beliefs, in part because they simply do not know about the wide range of insider incidents that have taken place in other countries, in other industries, or even in their own industry, and the lessons that might be learned from them. While in the field of safety, sharing of information about accidents and lessons learned is routine, and there are regularized processes

1. See, for example, Erik Raspoet, “Wie is de Saboteur van Doel 4?” February 11, 2015, www.erikraspoet.be/?p=679; “Hoe Kan zo Iemand in Doel Werken?” HLN.be, www.hln.be/ regio/nieuws-uit-lokeren/-hoe-kan-zo-iemand-in-doel-werken-a2095802, October 21, 2014; and Robin Sayles, “Belgian Regulator Sets New Security Steps after Suspected Sabotage,” Inside NRC, December 29, 2014.

145

MATTHEW BUNN AND SCOTT D. SAGAN

for it, in the field of security, with its penumbra of secrecy and its (often legitimate) fear of external enemies, little such sharing takes place, and few have the opportunity to learn from the incidents that do occur.2 In the nuclear area, the International Atomic Energy Agency (IAEA) Division of Nuclear Security and the World Institute for Nuclear Security (WINS) have produced “best practices” guides as a way of disseminating ideas and procedures that have been identified as leading to improved security, including protecting against insider threats.3 Similar guides exist in other industries. But sometimes mistakes are even more instructive than successes. Otto von Bismarck once said that only a fool learns from his own mistakes; a wise man learns from the mistakes of others. This book is intended to help provide such vicarious learning, drawing on episodes involving intelligence agencies, nuclear operators, the professional military, scientific organizations, and the gambling and pharmaceutical industries. In this chapter we draw on these and other examples to offer a summary set of “worst practices” that led to past disasters, and we offer lessons about mistakes that high-security organizations should learn to avoid in the future. As specialists in nuclear weapons and nuclear power, we are particularly interested in promoting learning in the nuclear security arena by encouraging nuclear security operators to learn from the mistakes made in other sectors. But we believe that this vicarious learning exercise provides important lessons that are broadly applicable to many organizations. Each situation is unique, and serious insider problems are relatively rare, but the incidents we describe reflect issues that exist in many contexts and that every leader and security manager, and every member of the concerned public, should consider. Common organizational practices—such as favoring production over security, failing to share information across subunits, setting inadequate rules or waiving rules inappropriately, having exaggerated faith in in-group loyalty, and focusing excessively on external threats—can be seen in many past failures to protect against insider threats.

Worst Practice 1: Assume That Serious Insider Problems Exist Elsewhere But Are NIMO (Not in My Organization) Some organizations, such as companies in the gambling industry, assume that among their employees there are likely to be some thieves. As the chapter by Matthew Bunn and Kathryn M. Glynn demonstrates, security managers in

2. For a comparison of safety and security institutions in the nuclear realm, see Matthew Bunn, “Strengthening Global Approaches to Nuclear Security,” IAEA-CN-203-298, in Proceedings of International Nuclear Security: Enhancing Global Efforts, Vienna, July 1–5, 2013 (Vienna: International Atomic Energy Agency, 2013). 3. International Atomic Energy Agency, Preventive and Protective Measures against Insider Threats, Security Series No. 8 (Vienna: IAEA, 2008); and World Institute for Nuclear Security, Managing Internal Threats: A WINS International Best Practice Guide for Your Organization (Vienna: WINS, 2010).

146

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

such industries accept that relatively low-consequence insider theft happens all the time, despite employee screening and monitoring designed to prevent it. They remain interested in minimizing the number of small insider incidents but focus primarily on preventing large thefts from occurring. In contrast, organizations that consider their staff to be part of a carefully screened elite—including intelligence agencies, guard forces for political leaders, military services, and many nuclear organizations— often have strong internal reasons to stress and reinforce the loyalty and morale of their employees in order to encourage better operations. They also sometimes have incentives to encourage perceptions that competitors do not have the same levels of loyalty. The repeated stress on the high loyalty of one’s organization when compared to others can lead management to assume falsely that insider threats may exist in other institutions, but not in this organization. Like the well-known NIMBY (Not in My Back Yard) phenomenon, whereby citizens recognize the need to place hazardous materials somewhere but not near them, security leaders may suffer from NIMO (Not in My Organization) biases. A dramatic case in point was the failure to remove Sikh bodyguards from Indian Prime Minister Indira Gandhi’s personal security unit after she had instigated a violent political crackdown on Sikh separatists in 1984. In June of that year, Operation Blue Star targeted Sikh separatists who had taken over the Golden Temple in Amritsar.4 Extra security personnel were deployed at the residence of the prime minister after a series of death threats were made against her and her family. According to H. D. Pillai, the officer in charge of Gandhi’s personal security, “[T]he thrust of the reorganized security . . . was to prevent an attack from the outside. . . . What we did not perceive was that an attempt would be made inside the Prime Minister’s house.”5 When it was suggested by other officials that Sikh bodyguards should be placed only on the outside perimeter of the prime minister’s compound, Mrs. Gandhi insisted that this could not be done without damaging her political reputation: “[H]ow can I claim to be secular if people from one community have been removed from within my own house?”6 On October 31, two Sikh guards—one a long-standing bodyguard (Beant Singh, the personal favorite of Mrs. Gandhi) and the other a newly added guard (Satwant Singh)—worked together and assassinated Mrs. Gandhi. Unfortunately, the Gandhi case is not the only example of insiders attacking the political leaders they are supposed to be protecting. While Pervez

4. For more detail, see Scott D. Sagan, “The Problem of Redundancy Problem: Why More Nuclear Security Forces May Produce Less Security,” Risk Analysis 24, no. 4 (2004): 935–946. 5. Ritu Sarin, The Assassination of Indira Gandhi (New Delhi: Penguin, 1990), 19. 6. Ibid.

147

MATTHEW BUNN AND SCOTT D. SAGAN

Musharraf was president of Pakistan, for example, he survived at least two near-miss assassination attempts, both of which were perpetrated by active Pakistani military personnel in league with al-Qaida.7 Similarly, Ahmed Wali Karzai, a powerful Afghan regional official and the brother of the Afghan president, was assassinated in 2011 by his principal security guard, a confidant who had worked with the family for seven years.8 Edward Snowden’s remarkable theft of countless U.S. government documents provides another example of organizations failing to provide adequate protection against insiders because of excessive confidence in the trustworthiness of their employees. James Clapper, director of National Intelligence, lamented after the incident that “our whole system is based on personal trust.”9 Strikingly, Ralph Schrader, chairman and president of Booz Allen Hamilton, Snowden’s last employer as a contractor for the U.S. government, made clear on the company’s blog that he suffered from a powerful case of NIMO: “In all walks of life, our most trusted colleagues and friends have this in common. We can count on them. No matter what the situation or challenge, they will be there for us. Booz Allen Hamilton is trusted in that way.”10 Clapper, it appears, learned the lesson, telling Congress, with respect to “egregious violations” of the trust placed in employees who are in fact insider leakers or spies, “we have them right now, and we’ll have them in the future.”11 These cases offer several key lessons. First, and most fundamentally, organizational leaders should not assume that their personnel are so loyal that they will never be subject to opposing ideologies, shifting allegiances, personal incentives, or coercion that could lead them to become insider

7. See, for example, “Escaped Musharraf Plotter Was Pakistan Air Force Man,” Agence France Presse, January 12, 2005; and “Musharraf Al-Qaeda Revelation Underlines Vulnerability: Analysts,” Agence France Presse, May 31, 2004. 8. Bashir Ahmad Naadem, “Suspects Arrested in Wali Assassination,” Pajhwok Afghan News, July 12, 2011. 9. David E. Sanger and Eric Schmitt, “Spy Chief Says Snowden Took Advantage of a ‘Perfect Storm’ of Security Lapses,” New York Times, February 11, 2014. It is particularly striking that Clapper referred to auditing and monitoring as capabilities to be installed in the future, when President Obama’s “Insider Threat Policy,” announced in November 2012 in response to the massive release to Wikileaks by Bradley (Chelsea) Manning, required all agencies to establish insider threat deterrence, detection, and mitigation programs within 180 days and to put in place capabilities to “monitor user activity on all classified networks.” Barack Obama, “National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs,” November 12, 2012, www.whitehouse.gov/the-pressoffice/2012/11/21/presidential-memorandum-national-insider-threat-policy-and-minimumstand. 10. Quoted in Luke Harding, The Snowden Files: The Inside Story of the World’s Most Wanted Man (New York: Vintage, 2014), 55. 11. James Clapper, testimony in U.S. Senate, Committee on Armed Services, Testimony on Current and Future Worldwide Threats to the Security of the United States (Washington, DC: Government Printing Office, 2014), 19.

148

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

threats. Second, managers should beware of the “halo effect,” in which well-liked employees are assumed to be trustworthy (a special case of affect bias, the tendency we all have to assume that something we like for a particular reason has other positive qualities as well).12 Third, managers should understand that guards and computer security specialists themselves can be part of the insider threat—“the most dangerous internal adversaries,” in the words of a senior Russian nuclear security manager.13 Indeed, according to one database, guards were responsible for 41 percent of insider thefts at nonnuclear guarded facilities.14 Hence, managers should not assume that adding more guards automatically leads to increased security.15 Finally, individual leaders or facility managers should not countermand security professionals’ judgments solely for personal or parochial political reasons.

Worst Practice 2: Assume That Background Checks Will Catch All Insider Threats The belief that personnel who have been through a serious background check will not pose an insider problem is remarkably widespread. There are three basic reasons why this belief is mistaken. First, background checks are often not very effective. Second, background checks provide a “snapshot” of an individual at a given point in time and are not a measure of permanent character. Individuals change over time, and security leaders and managers sometimes forget that fact. Third, even completely trustworthy employees may become insiders, especially if they are coerced. Background checks as they are conducted today often fail to catch indicators of potential problems. These checks have only rarely caught spies or thieves trying to infiltrate an organization.

12. For more on the halo effect, see Richard E. Nisbett and Timothy D. Wilson, “The Halo Effect: Evidence for Unconscious Alteration of Judgments,” Journal of Personality and Social Psychology 35, no. 4 (1977): 250–256. For a discussion of affect bias (and other biases likely to be important to nuclear security managers), see Daniel Kahneman, Paul Slovic, and Amos Tversky, eds., Judgment under Uncertainty: Heuristics and Biases (Cambridge, MA: Cambridge University Press, 1982). 13. Igor Goloskokov, “Refomirovanie Voisk MVD Po Okhrane Yadernikh Obektov Rossii [Reforming MVD Troops to Guard Russian Nuclear Facilities],” trans. Foreign Broadcast Information Service, Yaderny Kontrol 9, no. 4 (Winter 2003). 14. Bruce Hoffman, Christina Meyer, Benjamin Schwarz, and Jennifer Duncan, “Insider Crime: The Threat to Nuclear Facilities and Programs,” 1990, www.rand.org/content/dam/ rand/pubs/reports/2007/R3782.pdf. 15. Sagan, “The Problem of Redundancy Problem.” Under many circumstances, however, adding more guards is an important contribution to security. See Matthew Bunn, “Thinking about How Many Guards Will Do the Job” (commentary on “The Problem of Redundancy Problem”), Risk Analysis 24, no. 4 (2004): 949–953.

149

MATTHEW BUNN AND SCOTT D. SAGAN

Sometimes, as in the case of the self-radicalization of Nidal Hasan described by Amy B. Zegart, an individual can start out as a loyal member of the organization and thus pass background checks with flying colors, but then change over time. Leonid Smirnov, to give another example, perpetrated one of the first well-documented thefts of weapons-usable nuclear material (1.5 kilograms of 90 percent enriched HEU from the Luch Production Association in Podolsk in 1992), yet was a trusted employee who had worked at the facility for many years before he turned to nuclear theft.16 Similarly, as discussed in Thomas Hegghammer and Andreas Hoelstad Dæhli’s chapter, Ilyass Boughalab passed a security clearance process in Belgium and was approved to work in the vital areas of the Doel-4 nuclear reactor—and then resigned his post to go fight for terrorists in Syria, having become radicalized, according to his family, after his clearance was approved.17 Even in-depth, ongoing monitoring long after the background check can miss key insider issues: After all, Aldrich Ames famously passed numerous CIA lie detector tests.18 Even if all the members of an organization are highly reliable and loyal, coercion remains a danger. In a case in Northern Ireland in 2004, for example, thieves allegedly linked to the Provisional Irish Republican Army made off with £26 million from the Northern Bank. The bank’s security system was designed so that the vault could be opened only if two managers worked together, but the thieves kidnapped the families of two bank managers and blackmailed the managers into helping them carry out the crime.19 (The thieves also used deception in this case, appearing at the managers’ homes dressed as policemen.) No background check or ongoing employee monitoring system can prevent insiders from acting to protect their families. Terrorists (as the Northern Bank thieves may have been) also make use of such coercion tactics and might do so to enlist help in a theft of

16. For interviews with Smirnov, see Frontline, “Loose Nukes: Interviews” (Public Broadcasting System, 1996), www.pbs.org/wgbh/pages/frontline/shows/nukes/interviews; and Ginny Durrin and Rick King, Avoiding Armageddon, episode 2, “Nuclear Nightmares: Losing Control” (Ted Turner Documentaries, 2003), www.pbs.org/avoidingarmageddon. 17. For discussion of Boughalab, see Hegghammer and Dæhli, chapter 1 of this book, and Erik Raspoet, “Wie is de Saboteur van Doel 4?” and “Hoe Kan zo Iemand in Doel Werken?” Remarkably, this is the same reactor that was sabotaged by an insider almost two years after Boughalab left; the reactor had a terrorist in the vital area, but that was not who committed the sabotage. As of late 2015, the actual perpetrator had not been identified. 18. Tim Weiner and David Johnston, Betrayal: The Story of Aldrich Ames, an American Spy (New York: Random House, 1995). 19. For a good introduction to the Northern Bank case, see Chris Moore, “Anatomy of a £26.5 Million Heist,” Sunday Life, May 21, 2006. One of the managers, Chris Ward, was subsequently charged with being a willing participant in the crime, and the kidnapping of his family was called a sham. Ward denied the charges and was subsequently acquitted. See Henry McDonald, “Employee Cleared of £26.5 Million Northern Bank Robbery,” Guardian, October 9, 2008.

150

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

nuclear material, rather than money. For example, kidnapping in order to blackmail family members into carrying out certain actions has been a common Chechen terrorist tactic.20 A 2014 study from Sandia National Laboratories concluded that in a database of major nonnuclear crimes involving thefts of valuables worth millions of dollars from guarded facilities or transports, coerced insiders were “by far the most common type.”21 The lesson here is clear: It is important to have programs that screen employees for trustworthiness and monitor their behavior once employed, but no one should ever assume that these programs will be perfectly effective. Measures to prevent insider theft are needed even when a manager believes that all of his or her employees are completely trustworthy.

Worst Practice 3: Assume That Red Flags Will Be Read Properly The best high-security facilities typically have programs to monitor the behavior of employees for changes that might suggest a security issue, and also to encourage other employees to report such changes. Effective personnel screening, training, and monitoring systems are designed to pick up subtle signs that personnel reliability has been or is about to be compromised by disgruntlement, mental health problems, drug abuse, or personal life difficulties, or that security reliability has been or is about to be compromised by shifting political allegiances, corruption, recruitment, or self-radicalization. Picking up subtle signs of danger is difficult, but security managers often assume that severe red flags will not go unnoticed. But if individual incentive systems, faulty assumptions, or poorly designed information-sharing procedures encourage people not to report problems, even the reddest of red flags can be ignored. The shooting incident at Fort Hood, Texas, as analyzed by Amy B. Zegart, is a tragic example of this problem. On November 5, 2009, U.S. Army Major Nidal Hasan opened fire on a group of soldiers preparing to deploy to Afghanistan, killing thirteen and wounding twenty-nine. Major Hasan had made no secret of his radicalized, violent beliefs, voicing to his peers and supervisors his justification of suicide bombers, his defense of Osama

20. Robyn Dixon, “Chechnya’s Grimmest Industry: Thousands of People Have Been Abducted by the War-Torn Republic’s Kidnapping Machine,” Los Angeles Times, September 18, 2000. 21. Jarret M. Lafleur, Liston K. Purvis, Alex W. Roesler, and Paul Westland, The Perfect Heist: Recipes from Around the World (Albuquerque, NM, and Livermore, CA: Sandia National Laboratories, 2015), http://prod.sandia.gov/techlib/access-control.cgi/2014/141790.pdf, 72. Similarly, a much earlier study found that coercion tactics were relatively common and often successful. See Robert Reinstedt and Judith Westbury, Major Crimes as Analogs to Potential Threats to Nuclear Facilities and Programs, N-1498-SL (Santa Monica, CA: RAND, 1980).

151

MATTHEW BUNN AND SCOTT D. SAGAN

bin Laden, and his devotion to Sharia law over the U.S. Constitution over a period of years before the attack. The San Diego Joint Terrorism Task Force (JTTF), an interagency group managed by the FBI, had also obtained multiple e-mail communications between Hasan and a “foreign terrorist” reported in the press to be Anwar al-Aulaqi.22 Why did multiple U.S. government processes fail to act on the obvious red flags raised by Hasan? Zegart identifies multiple reasons. First, the process for review and removal of an officer on security reliability grounds was time-consuming and cumbersome, posing an immense set of headaches to anyone who tried to act. Combine this with the incentive to keep someone with Hasan’s psychiatry specialty in the service, and no officer at Walter Reed decided to start proceedings against him. Second, the Army’s system for reviewing officers’ performance failed to compile the relevant information in a usable way. There were two sets of files for each officer. Personal files were quite detailed, but they were kept only at the local level and destroyed when a service member moved on, making it impossible to track behavior from one assignment to the next. Officer evaluation reports (OERs) had only yes/no judgments on standardized questions, combined with an overall rating of an officer’s suitability for promotion; given the shortage of middle-grade officers in the post–Cold War military, there were substantial pressures not to make trouble by giving poor ratings, and every OER that Hasan received was positive, despite his alarming statements and abysmally poor performance in his job. As a Senate investigation found, Hasan’s reviews misrepresented his actual performance and made no mention of the red flags that he was repeatedly raising. Third, as often happens in organizational settings, significant social shirking occurred, for there was ample opportunity to pass difficult responsibilities on to someone else. Hasan was moving soon from Walter Reed to Fort Hood, and officers at the former base knew that as long as they did nothing to raise any issues about his transfer, they would not have to deal with him anymore. (The wonderful phrase used to describe the practice of writing positive reviews of poorperforming service members so that they can be shipped to another command is “packaged for export.”) Fourth, at least some officers apparently feared that actions taken to discipline a Muslim officer for his political statements would have been perceived as discriminatory.

22. U.S. Committee on Homeland Security and Governmental Affairs, A Ticking Time Bomb: Counterterrorism Lessons from the U.S. Government’s Failure to Prevent the Fort Hood Attack, Special Committee Report (hereafter "Senate Report"), 112th Congress, 1st session, February 3, 2011, 28–31; Sebastian Rotella and Josh Meyer, “Fort Hood’s Suspect Contact with Cleric Spelled Trouble, Experts Say,” Los Angeles Times, November 12, 2009; Carrie Johnson, “FBI to Probe Panels That Reviewed Emails from Alleged Fort Hood Gunman,” Washington Post, December 9, 2009; and Carrie Johnson, Spencer S. Hsu, and Ellen Nakashima, “Hasan Had Intensified Contact with Cleric,” Washington Post, November 21, 2009.

152

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

Fifth, there was a severe lack of information sharing between Army security specialists and the Joint Terrorism Task Forces (JTTFs), which had responsibility for evaluating the intercepted e-mail messages between Hasan and al-Awlaqi, and between different JTTF offices. The San Diego JTTF wanted an investigation of the e-mail communication that it had found, but the Washington office had jurisdiction and did not give Hasan as high a priority as the San Diego office thought justified. Because of problems with their information systems and misunderstandings between them, both the San Diego JTTF and the Washington JTTF thought the other was monitoring Hasan’s continued communications when, in fact, neither was. In the end, the only investigation that the Washington JTTF performed was a review of Hasan’s OERs, which found only positive reports—and some individuals, Zegart notes, even interpreted Hasan’s obsession with Islamic extremism as praiseworthy research. No one looked at Hasan’s local records, interviewed him, or spoke to any of his colleagues or superiors. Hence, a junior Department of Defense official in the Washington JTTF, after reviewing the positive OERs, reportedly made the tragic and controversial decision that Hasan’s e-mail conversations with al-Awlaqi were just part of a research project and did not feel the need to pass on the intelligence reports to Hasan’s superior officers. Jessica Stern and Ronald Schouten tell a similarly troubling story in their chapter on the 2001 anthrax attack. In the case of Bruce Ivins, the reddest of red flags went unreported—up to and including his own expressed concern about his increasingly dangerous paranoia and the possibility that he would end up in the newspaper under the headline “Paranoid Man Works With Deadly Anthrax.” As Stern and Schouten report, other strikingly red flags were available in the alarmed notes of the mental health professionals treating Ivins, but the leaders of the organization never bothered to read them. Even when a researcher supervised by Ivins reported to their boss that she was too frightened to be in the same room with him, nothing was done. Part of what was happening was the "frog on the stove" syndrome—Ivins’s colleagues had been used to writing off his eccentricity for so long that there was a much higher threshold than there would normally have been for recognizing when behavior was becoming truly dangerous. That such flagrant signs could go unreported or fail to provoke a reaction is, for us, perhaps the most disturbing lesson of our study of insider threats. When individual and group incentives push against objective analysis of warning signals, and when, as often happens in compartmentalized security organizations, information sharing is restricted, even the reddest of red flags can be ignored. It would be comforting to assume that this phenomenon could not occur in more danger-prone organizations, such as those that manage the security

153

MATTHEW BUNN AND SCOTT D. SAGAN

for nuclear materials. Surely the security systems at nuclear power facilities in the United States would catch someone like Hasan. But the case of Sharif Mobley, analyzed briefly in the chapter by Thomas Hegghammer and Andreas Hoelstad Dæhli, suggests that this may not always be the case. In March 2010, Mobley was arrested in Yemen for alleged involvement in alQaida and for shooting a guard in an attempt to escape. Yet between 2002 and 2008, prior to traveling to Yemen, Mobley worked at five U.S. nuclear power plants (Salem-Hope Creek, Peach Bottom, Limerick, Calvert Cliffs, and Three Mile Island), where he was given unescorted access inside the plant (though not in the vital areas) to perform maintenance and carry supplies. According to a Nuclear Regulatory Commission (NRC) report, Mobley voiced his militant views during his work, referring to non-Muslim coworkers as “infidels” and remarking to some in his labor union: “We are brothers in the Union, but when the holy war comes, look out.”23 Although the rules in place at the time required individual workers to report any suspicious behavior on the part of coworkers, none of Mobley’s fellow union members apparently reported these statements. The red flags were again invisible. Cases of ignoring red flags as extreme as Hasan’s, Ivins’s, or even Mobley’s do not happen often. But the issues raised—failing to report problems because of the headaches involved, passing troublesome employees off to someone else, failing to report coworkers who behave in a suspicious manner—arise in smaller ways in almost every organization. Indeed, U.S. Defense Department research suggests that indicators of insider security problems are systematically underreported.24 One study of several cases of insider information-technology sabotage in critical infrastructure even found that 97 percent of the insiders involved in the cases “came to the attention of supervisors or coworkers for concerning behavior prior to the attack,” but the observed behavioral precursors were “ignored by the organization.”25

23. Scott Shane, “Worker Spoke of Jihad, Agency Says,” New York Times, October 4, 2010, www.nytimes.com/2010/10/05/us/05mobley.html?_r=0; and Peter Finn, “The Post-9/11 Life of an American Charged with Murder,” Washington Post, September 4, 2010, www.wash ingtonpost.com/wp-dyn/content/article/2010/09/04/AR2010090403334.html. 24. Suzanne Wood and Joanne C. Marshall-Mies, Improving Supervisor and Co-Worker Reporting of Information of Security Concern (Monterey, CA: Defense Personnel Security Research Center, 2003). Subsequently, researchers from the same center developed an improved reporting system now used in the Department of Defense, and the reporting system may be of interest to nuclear security managers. See Suzanne Wood, Kent S. Crawford, and Eric L. Lang, Reporting of Counterintelligence and Security Indicators by Supervisors and Coworkers (Monterey, CA: Defense Personnel Security Research Center, 2005). 25. Andrew P. Moore, Dawn M. Capelli, and Randall F. Trzeciak, The “Big Picture” of Insider IT Sabotage across U.S. Critical Infrastructures, CMU/SEI-2008-TR-2009 (Pittsburgh: Software Engineering Institute, Carnegie Mellon University, 2008).

154

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

Putting in place processes to increase the chances of noticing and acting on such signals is crucial to reducing insider dangers.26 This is a difficult problem, for employees often resist reporting on friends and colleagues. Organizations should provide training with real stories (such as those in this book) of disasters that reporting could have prevented and should make the process of reporting easy and known to all employees (including the possibility of anonymous reporting). They must take steps to give employees incentives to report and to prevent retaliation against those who do. It is crucial to establish a process for responding to reports that employees understand and that is considered fair and reasonable. Training should include the possibility that reporting could lead to troubled individuals getting the help they need. Organizations should make counseling and other services available to employees whose unusual behavior is caused by stress, distressing life events, or mental health issues—and publicize (if employees permit) cases of employees who benefit from and are grateful for such assistance. Organizations should make it relatively easy and routine for employees to be excluded (or exclude themselves) from the most sensitive work if they are facing unusual stress or emotional issues, and relatively easy and routine for them to return to that work when those issues are addressed. Close monitoring of the items to be protected and any interactions that people have with them is a crucial supplement to efforts to encourage staff to report on concerning behavior. For example, protection against insider cyberthreats relies heavily on software to monitor unusual user activity. Such protections were strikingly absent when Private Bradley (Chelsea) Manning downloaded over 700,000 highly classified documents onto compact disks to provide to the Wikileaks organization, or when Edward Snowden used “scraping” software to find and save a similarly massive set of documents from the highly classified networks of the National Security Agency (NSA).27 That the NSA did not have such software in place is particularly remarkable, as it is the agency charged with responsibility for cybersecurity, and Snowden’s activities came years after Manning’s actions had revealed critical vulnerabilities. Indeed, in response to Manning, President Obama had announced a National Insider Threat Policy in November 2012 (while Snowden’s downloads were under way), directing all agencies to establish

26. See Wood, Crawford, and Lang, Reporting of Counterintelligence and Security Indicators. For examples of programs to encourage incident reporting with respect to safety, see “Engineering a Reporting Culture” and “Engineering a Just Culture,” in James Reason, Managing the Risks of Organizational Accidents (Aldershot, UK: Ashgate, 1997), 196–213. 27. David Leigh, “How 250,000 U.S. Embassy Cables Were Leaked,” Guardian, November 28, 2010; and David Sanger and Eric Schmitt, “Snowden Used Low-Cost Tool to Best NSA,” New York Times, February 8, 2014.

155

MATTHEW BUNN AND SCOTT D. SAGAN

comprehensive insider-threat-protection programs and mandating, as one of the “minimum standards,” that they put in place the ability “to monitor user activity on all classified networks in order to detect activity indicative of insider threat behavior.”28 The NSA’s efforts to fulfill Obama’s order did not come in time. Since then, however, the NSA has put in place a two-person rule for accessing some critical information and is working to ensure that software for monitoring all user activity is in place.29 Matthew Bunn and Kathryn M. Glynn’s chapter outlines how such in-depth monitoring of the actual items to be protected and people's interactions with them works in the casino and pharmaceutical industries. Cameras, procedures that prevent anyone from having unmonitored access, and even uniforms that make it harder to hide purloined material are all part of the picture. In the nuclear case, access control, security cameras, a two-person or three-person rule, radiation detectors, alarm systems, and accurate and timely accounting and control of the nuclear material itself are all key pieces of the insider-protection puzzle.30

Worst Practice 4: Assume That Insider Conspiracies Are Impossible Conspiracies of multiple insiders, familiar with the weaknesses of the security system (and in some cases including guards or managers), are among the most difficult threats for security systems to defeat. In numerous interactions with managers in nuclear security systems, we have noted that because of the difficulty of defending against multiple insiders, nuclear security systems often include only a single insider in the threats they are designed to protect against. And many nuclear security experts do not see groups of insiders as a credible threat: In a recent survey of nuclear security experts from most of the countries where HEU and separated plutonium exist, most agreed that a single insider was a highly credible threat, but no one rated multiple insiders as highly credible, and only a few rated insider conspiracies as “somewhat credible.”31

28. Obama, “National Insider Threat Policy and Minimum Standards.” 29. Sanger and Schmitt, “Spy Chief Says Snowden Took Advantage of ‘Perfect Storm’ of Security Lapses.” 30. International Atomic Energy Agency, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities, INFCIRC/225/Rev.5 (Vienna: IAEA, 2011), www-pub.iaea.org/MTCD/publications/PDF/Pub1481_web.pdf; and World Institute for Nuclear Security, Managing Internal Threats: A WINS International Best Practice Guide for Your Organization, Rev. 1.0 (Vienna: WINS, 2010). 31. Matthew Bunn and Eben Herrell, What Drives and What Constrains Changes in Nuclear Security Policies? Results of a Survey (Cambridge, MA: Managing the Atom Project, Harvard Kennedy School, 2013).

156

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

Yet insider conspiracies routinely occur. The Sandia study cited earlier found that in its database of crimes, “multiple-insider heists are actually more common than single-insider heists.”32 In 1998, for example, insiders at one of Russia’s largest nuclear weapons facilities attempted to steal 18.5 kilograms of HEU—potentially enough for a bomb.33 The Northern Bank case described above is another example, involving two trusted, senior insiders working together, with both under coercion from threats to their families. The Gandhi case is yet another example, again involving two insiders working together, both trusted enough to be personal guards to the prime minister. The Snowden leak is known to have involved help from at least three other insiders in the NSA system.34 The fact that three of the major cases selected above to illustrate other points also involved insider conspiracies is a telling indicator of how important such conspiracies are. The lesson here is clear. Whenever possible, security systems should be designed to offer substantial protection against even a small group of insiders working together. Security managers should set up “red team” processes for identifying approaches that groups of insiders might use to steal material and for finding cost-effective approaches to stop them.

Worst Practice 5: Rely on Single Protection Measures Many managers have high confidence in particular elements of their security system, from a particularly well-trained guard force to portal monitors at every exit. However, many such systems are much more vulnerable to being defeated than they first appear—especially by insiders, who may be among the staff who know how they work. Portal monitors are one example; they are essential but imperfect. In a discussion with Matthew Bunn, a Lawrence Livermore National Laboratory security expert described a meeting with representatives of a portal-monitor production firm who had very

32. Lafleur, Purvis, Roesler, and Westland, “The Perfect Heist”; Hoffman et al., “Insider Crime.” 33. This attempt was first revealed by the Russian Federal Security Service (FSB), which claimed credit for foiling it. See Yevgeniy Tkachenko, “FSB Agents Prevent Theft of Nuclear Materials,” ITAR-TASS, December 18, 1998. The attempt was discussed in somewhat more detail by Victor Erastov, chief of material accounting for what was then Russia’s Ministry of Atomic Energy; see “Interview: Victor Yerastov: MINATOM Has All Conditions for Providing Safety and Security of Nuclear Material,” Yaderny Kontrol Digest 5, no. 1 (Winter 2000). Neither of those accounts identified the type of material; that information is from a 2000 interview by Matthew Bunn with a Ministry of Atomic Energy official. 34. Ethan L. Bauman, “Information Memorandum: Congressional Notification—Resignation of NSA Employee,” February 10, 2014. At least one of the three—the NSA employee whose resignation is in the title of the memo—asserted that he did not know that the help he provided (including providing his password) was going to contribute to a security breach.

157

MATTHEW BUNN AND SCOTT D. SAGAN

high confidence in their product’s ability to detect nuclear material. The company gave the security expert a radioactive test sample that they were confident their system could detect, and in three times out of five, he was able to carry it through the monitor without detection (because he knew its design and general weaknesses). Or consider the case of tamper-indicating devices (TIDs), also known as seals, widely used to indicate whether any material has been removed or tampered with. Many people believe that an unbroken seal shows with high confidence that the sealed item has not been disturbed. Yet a study of 120 types of seals in common commercial and government use found that all of them could be defeated in ways that would not be detected by the seal inspection protocols in use. Tampering was possible with materials available from any hardware store, and with defeat times averaging about five minutes.35 The TIDs included sophisticated fiber-optic seals, among others; when used as people in the field actually use them, some of these high-tech options did not perform as well as lower-tech methods. In short, the lesson is that security managers should never have too much faith in any one element of their security system, should seek “defense in depth” approaches, and should constantly be looking for potential vulnerabilities. Seals can be defeated, portal monitors can be defeated or gone around, guards can fail to search employees, and employee reporting systems can fail to detect suspicious behavior. But with a system that genuinely offers defense in depth, it can be made very difficult for an insider adversary to overcome all the layers in the system. And if employees are given incentives to report potential vulnerabilities and ways to fix them, the insider’s task can be made harder still.

Worst Practice 6: Assume That Organizational Culture and Employee Disgruntlement Don’t Matter Some organizations have an engineering culture, focused more on the technology than on the people using it. Managers sometimes assume that as long as the right systems and procedures are in place, employees will follow the procedures, and everything will be fine. In most countries, including the United States, nuclear regulators do not require operators to take any steps to ensure a strong security culture or even to have a program to assess and improve security culture that regulators can review. But the reality is that the culture of an organization and the attitudes of its employees have a major impact on security. As General Eugene Habiger, former Department of

35. Roger G. Johnston, “Tamper-Indicating Seals for Nuclear Disarmament and Hazardous Waste Management,” Science & Global Security 9 (2001): 93–112.

158

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

Energy “security czar” and former commander of U.S. strategic forces, put it, “Good security is 20 percent equipment and 80 percent culture.”36 A visit by Matthew Bunn to a Russian nuclear institute in the mid-2000s provides an example of the effect of security culture on insider protection. In the hallway leading to the vault where a substantial amount of weaponsgrade nuclear material was stored, there were two portal monitors that personnel had to pass through, one after the other, an American machine and a Russian machine. When asked why, the site official conducting the tour said that the building next door made medical isotopes, and on Thursdays, when the chemical separations were done to get the desired isotopes from the remainder, so much radiation went up the stack that it set off the American-made portal monitor. So on Thursdays, they turned off the Americanmade monitor and relied on the less sensitive Russian one. Of course, every insider was aware of this practice and would know to plan an attempted theft for a Thursday, making the existence of the American-made monitor largely pointless. A photograph from a 2001 U.S. General Accounting Office report provides a similar example, showing a wide-open security door at a Russian nuclear facility. What is remarkable is that the door was propped open on the very day the U.S. auditors were there to visit, suggesting that the staff did not see this as a problem.37 Perhaps the most spectacular incident caused by a breakdown of security culture was the intrusion by an eighty-two-year-old nun and two other protesters at the Y-12 Department of Energy facility in Tennessee in 2012.38 The protesters went through four layers of fences, setting off multiple intrusion detectors, but no one bothered to check the alarms until the protesters had spent some time hammering and pouring blood directly on the wall of a building where enough weapons-grade HEU metal for thousands of nuclear weapons is stored. As it turns out, a new intrusion-detection system had been setting off ten times as many false alarms as the previous system had, yet this was tolerated; cameras to allow guards to assess the cause of the alarms had been broken for months, and this was also tolerated. The guards apparently had gotten sick of checking out all the alarms, and even the heavily armed guards inside the building did not bother to check when they heard the hammering, assuming that it must have been construction work they had not been told about (even though this all took place before dawn).39

36. From an April 2003 interview by Matthew Bunn. 37. U.S. Congress, General Accounting Office, Security of Russia’s Nuclear Material Improving, More Enhancements Needed, GAO-01-312 (Washington, DC: GAO, 2001). 38. The most detailed analysis of this incident is Eric Schlosser, “Break-in at Y-12,” New Yorker, March 9, 2015. 39. For more information on the incident, see C. Donald Alston, Letter to Secretary of Energy Steven Chu, December 10, 2012, http://pogoarchives.org/m/nss/20121210-alston-ltr.pdf;

159

MATTHEW BUNN AND SCOTT D. SAGAN

To avoid such problems, security managers should seek to build a culture in which all employees take security seriously and count it as an important part of their mission—all day, every day. They must also foster employees’ understanding that security is everyone’s responsibility, not something only the security team has to worry about.40 Establishing clear incentives that make employees understand they will be rewarded for good security performance is one key element of building such a culture and of making clear the priority that management places on security.41 Employee satisfaction is another critical aspect of organizational culture. Disgruntled employees are much more likely to become insiders and much less likely to proactively help to improve security by reporting odd or suspicious behavior or by creatively looking for security vulnerabilities and ways to fix them. In situations ranging from retail theft to information technology (IT) sabotage, disgruntlement has been found to be a key driver of insider threats. In an important study of IT sabotage cases, Andrew P. Moore, Dawn M. Capelli, and Randall F. Trzeciak found that 92 percent of the cases examined occurred “following a negative work-related event such as termination, dispute with a current or former employer, demotion, or transfer.” Well over half of the insiders in these cases were already perceived by others in the organization to be disgruntled.42 Chelsea Manning’s decision to provide a vast trove of classified documents to Wikileaks is a classic example of the importance of disgruntlement. On deployment in Iraq, as a biological man dealing with gender issues in the days of “Don’t Ask, Don’t Tell,” Manning reportedly felt isolated and alone. After being told at a “counseling” session that she would lose her one day off a week as a result of her persistent lateness, Manning flipped over a table, damaging the computer that was on it, and had to be restrained from going for the gun rack in the room. Three weeks later, she began systematically downloading classified documents.43

Norman Augustine, Letter to Secretary of Energy Steven Chu, December 6, 2012, http:// pogoarchives.org/m/nss/20121210-augustine-ltr.pdf; Richard Meserve, Letter to Secretary of Energy Steven Chu, December 6, 2012, http://pogoarchives.org/m/nss/20121206-meserve-ltr. pdf; and Office of the Inspector General, U.S. Department of Energy, Inquiry into the Security Breach at the National Nuclear Security Administration’s Y-12 National Security Complex, DOE/IG0868 (Washington, DC: DOE, 2012), http://energy.gov/sites/prod/files/IG-0868_0.pdf. 40. On the importance of this point, see World Institute for Nuclear Security, Nuclear Security Culture: A WINS Best Practice Guide for Your Organization, revision 1.4 (Vienna: WINS, 2009). 41. Matthew Bunn, “Incentives for Nuclear Security,” Proceedings of the 46th Annual Meeting of the Institute for Nuclear Materials Management, Phoenix, Ariz., July 10–14, 2005 (Northbrook, IL: INMM, 2005), available at http://belfercenter.ksg.harvard.edu/files/inmm-incentives2-05.pdf. 42. Moore, Capelli, and Trzeciak, The “Big Picture” of Insider IT Sabotage. 43. Paul Lewis, “Bradley Manning Flipped a Table during Counseling, Defence Tells Hearing,” Guardian, August 12, 2013. This and other episodes also reflect red flags that went unreported to higher officers and were not acted upon.

160

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

In addition to disgruntlement, organizations need to be on the lookout for signs of mental illness or severe emotional strain, primarily to help employees who may need it, but also because such issues can contribute to insider threats. Countless employees suffer from such problems and never consider taking actions against their organizations, so insider threats and mental illness should not be lumped in one basket. But it is clear that the Ivins case Stern and Schouten describe was primarily driven by deep and long-standing mental illness, which got catastrophically worse in the months leading up to the anthrax attacks. Although the Hasan case described in Zegart’s chapter is quite different, a system on the alert for troubled employees might well have noticed Hasan and taken appropriate steps in time to prevent the shootings he committed. The same is arguably true of Manning. Organizations need processes for encouraging people to report issues related to emotional strains and mental illness, and for addressing such issues sensitively and appropriately. It is crucial not to create an environment in which people fear that they will be punished or excluded from meaningful work if they have any troubles for which they seek help, but if the response to a report is that a person who needs help receives it, that approach may increase employees’ incentive to report concerning behavior, as discussed earlier. The lesson here is straightforward: Organizational leaders (including security managers) should strive to build a strong, performance-oriented culture in which employees believe that they are respected and treated well, in which they have avenues for their complaints and ideas to be heard, and in which they expect the organization to be helpful rather than punishing when issues of mental illness or emotional difficulties arise. Fortunately, organizations have found that it is not very difficult or expensive to combat employee disgruntlement. Providing complaint and ombudsman processes that are perceived to result in actions to address the issues, complimenting and rewarding employees for good work, and addressing the problem of bullying bosses can go a long way toward reducing disgruntlement and its contribution to the insider threat.44

Worst Practice 7: Forget That Insiders May Know about Security Measures and How to Work around Them Many individuals involved in the security field have backgrounds in engineering and safety, where the goal is to protect against natural disasters and accidents, not against reactive adversaries. This situation can produce a

44. Roger G. Johnston, “Mitigating the Insider Threat (and Other Security Issues),” www. ne.anl.gov/capabilities/vat/pdfs/Insider%20Threat%20and%20Other%20Security%20Issues. pdf.

161

MATTHEW BUNN AND SCOTT D. SAGAN

compliance-oriented approach to security: a belief that once systems are in place that are assessed to be capable of beating the adversaries included in the design basis threat (DBT) on the pathways that designers identified, the security system will be effective. But reactive adversaries will observe the security systems and the pathways they protect against, and they will think of other pathways. Insider threats are a particularly dangerous form of reactive adversary because insiders are well placed to understand the organization’s security procedures and their weaknesses. The best case to illustrate this point is that of Robert Hanssen, the senior FBI analyst convicted in 2001 on fifteen counts of espionage in what the FBI has called “possibly the worst intelligence disaster in U.S. history.”45 According to the 2003 Department of Justice report on the case, Hanssen’s initial decision to engage in espionage “arose from a complex blend of factors, including low self-esteem and a desire to demonstrate intellectual superiority, a lack of conventional moral restraints, a feeling that he was above the law, a lifelong fascination with espionage and its trappings and a desire to become a ‘player’ in that world, the financial rewards he would receive, and the lack of deterrence—a conviction that he could ‘get away with it.’”46 His espionage activities often raised alarm bells, but his insider advantage let him avoid detection in three key ways. First, Hanssen was capable of being uniquely reactive to counterintelligence investigations because of his placement within the FBI counterintelligence bureaucracy. Second, Hanssen was able to alter his contact procedures with his Russian associates whenever he felt that he was close to being caught; he was even able to search for his own name within the FBI internal database to monitor whether he was the subject of any investigation.47 Third, he knew how to avoid movement within the FBI bureaucracy that would have subjected him to polygraph examinations.48 Edward Snowden is another key example of how insiders exploit their knowledge of the security system to find ways to defeat it. Snowden was a computer systems administrator, and he had been assigned to look for weaknesses in cybersecurity. After he had already begun downloading classified documents, he switched jobs from working for Dell to working for Booz Allen Hamilton, a move that gave him still broader access. As

45. U.S. Department of Justice, Commission for Review of FBI Security Programs, “A Review of FBI Security Programs,” March 2002, www.fas.org/irp/agency/doj/fbi/websterreport. html. 46. U.S. Department of Justice, “A Review of the FBI’s Performance in Deterring, Detecting, and Investigating the Espionage Activities of Robert Philip Hanssen,” August 2003, www.justice.gov/oig/special/0308/final.pdf. 47. Ibid. 48. David Wise, Spy: The Inside Story of How the FBI’s Robert Hanssen Betrayed America (New York: Random House, 2002), 177.

162

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

Clapper has put it, Snowden “knew exactly what he was doing” and was “pretty skilled at staying below the radar, so that what he was doing wasn’t visible.”49 In other contexts, this problem—that insiders can observe and work around security measures—comes up again and again. In a RAND study of insider crimes, the authors repeatedly found that the success of insider crimes depended on the perpetrators’ observation of security vulnerabilities.50 The study of insider IT sabotage mentioned earlier noted that Snowden was not alone: The insiders overwhelmingly took advantage of their knowledge of the IT security systems, creating access pathways for themselves completely unknown to the organization—in other words, they invented ways to attack that the security planners had not known were possible.51 There are several lessons here. First, security managers need to find creative people with a hacker’s mind-set to come up with a wide range of strategies that insiders might use to try to beat the security system and then develop security measures that will be effective against a broad range of possibilities. A security system adequate to defend against the first few pathways thought of by an unimaginative committee is not likely to be good enough against the real threat. Such uncreative vulnerability assessments were the target for Roger Johnston and his colleagues in the Vulnerability Assessment Team at Argonne National Laboratory. In their instructive and amusing set of “Security Maxims,” they offer the “Thanks for Nothin’” maxim: “Any vulnerability assessment which finds no vulnerabilities or only a few is worthless and wrong.”52 Second, those with the most detailed information about how the organization protects itself against insider threats should be subject to especially strong background checks, reviews, and monitoring to ensure that the organization is appropriately “guarding the guardians.”

Worst Practices 8: Assume That Security Rules Are Followed Security-conscious organizations appropriately create rules and procedures to protect valuable assets. But such organizations also have other, often competing, goals: Managers are often tempted to instruct employees to bend the security rules to increase productivity, meet a deadline, or avoid

49. Sanger and Schmitt, “Spy Chief Says Snowden Took Advantage of ‘Perfect Storm’ of Security Lapses.” 50. Hoffman et al., "Insider Crime." 51. Moore, Capelli, and Trzeciak, The “Big Picture" of Insider IT Sabotage. 52. Roger G. Johnston, “Security Maxims,” Vulnerability Assessment Team, Argonne National Laboratory, September 2013.

163

MATTHEW BUNN AND SCOTT D. SAGAN

inconvenience. And every hour an employee spends following the letter of security procedures is an hour not spent on activities more likely to result in a promotion or a raise. Other motivations—friendships, union solidarity, and familial ties—can also affect adherence to strict security rules. The cases here are legion; indeed, any reader who has worked for a large organization with security rules probably has direct experience of some of those rules being violated. In many cases the security rules are so complex that employees violate them inadvertently. In some cases the deviations from the rules are more substantial. In both the United States and Russia, for example, there have been cases of nuclear security guards sleeping on the job, patrolling without any ammunition in their guns (apparently because shift managers wanted to ensure that there would be no accidental firing incidents on their watch), and turning off intrusion-detection systems when they got tired of checking out false alarms (arguably even worse than simply ignoring those alarms, as appears to have occurred in the Y-12 case). In one U.S. case prior to the 9/11 attacks, an inspector found a security guard at a nuclear facility asleep on duty for more than a half hour, but the incident was not considered a serious problem because no terrorists were attacking at that moment, raising issues about the security culture of both the operator and the regulator.53 The Snowden case again provides a clear example. One civilian NSA employee gave Snowden his certificate to access a classified network to which he knew Snowden had been denied access. He typed in his password (which went with the certificate) on Snowden’s computer, which Snowden had set up to capture the password for later use as well. These actions clearly violated even the remarkably lax protections against insider threats that NSA had in place at the time.54 The U.S. Department of Energy’s nuclear laboratories have been known for widespread violations of security rules since the dawn of the nuclear age. During the Manhattan Project, physicist Richard Feynman was barred from certain facilities for illicitly cracking into safes and violating other rules as pranks to reveal vulnerabilities.55 (Feynman’s tales

53. U.S. Congress, General Accounting Office, Nuclear Regulatory Commission: Oversight of Security at Commercial Nuclear Power Plants Needs to Be Strengthened, GAO-03-752 (Washington, DC: GAO, 2003), www.gao.gov/new.items/d03752.pdf, 12. 54. Bauman, “Congressional Notification: Resignation of NSA Employee.” 55. For Feynman’s account, see Richard P. Feynman, Surely You’re Joking, Mr. Feynman! Adventures of a Curious Character (New York: Norton, 1985), 137–155. For an account of the broader record (possibly more negative than is justified), see President’s Foreign Intelligence Advisory Board, Science at Its Best, Security at Its Worst: A Report on Security Problems at the U.S. Department of Energy (Washington, DC: PFIAB, 1999), www.fas.org/sgp/library/pfiab. This report includes a remarkable listing of previous reports on security weaknesses at the Department of Energy.

164

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

of incompetence at the lab emphasize another important lesson: Do not assume that rules will be implemented intelligently.) Financial incentives often drive rule breaking. Consider, as one example, the case of cheating on security tests at the Y-12 nuclear facility (years before the 2012 intrusion). In January 2004 the U.S. Department of Energy inspector general found that for many years the Wackenhut Corporation, which provided security for Y-12, had been cheating on its security exercises. These exercises simulated attacks on the nuclear facility, challenging the security guards to repel a mock assault. The security tests were important to the guard force: They could affect the payment the security contractor received and possibly the bonuses that security personnel themselves received. Until 2003, the Wackenhut security force received scores of “outstanding” and a total of $2.2 million in bonuses for its performances on security exercises. It was later revealed that, up to three weeks in advance of the exercises, Wackenhut management told Y-12 security officers which buildings and targets would be attacked, the exact number of adversaries, and the location where a diversion would occur. The protective force members thus had ample time to formulate special plans on how to counter the adversary, and they were able to place trucks or other obstacles at advantageous points to be used as barricades and concealment by protective force responders for shooting during the exercises. The Wackenhut management also identified the best-prepared protective force personnel and substituted them for less-prepared personnel, and officers who would normally relieve other protective force personnel were armed and held in “standby” to participate in an exercise, potentially adding six or seven armed responders who would not normally have been available during a shift. And several participants reported that the defenders had also disabled the sensors in their laser-tag gear, so in the tests they were essentially invincible: The system would never score them as having been shot.56 The lesson here is not that security procedures and personnel-screening rules are routinely violated. They are not. Nor is the lesson that security exercises like those at Y-12 are not important—quite the opposite. Instead, the takeaway insight is that rules are not followed universally or strictly, especially when they are in tension with other goals, such as continuing production, meeting deadlines, and maintaining collegial relations among coworkers. Day-to-day practice may be quite different from what is written in the book of procedures. And tests are likely to be reliable only when they are independent and uncompromised. Security managers need to think

56. U.S. Department of Energy, Office of the Inspector General, Inspection Report: Protective Force Performance Test Improprieties, DOE/IG-0636 (Washington, DC: DOE, 2004), http://energy. gov/ig/downloads/inspection-report-protective-force-performance-test-improprietiesdoeig-0636.

165

MATTHEW BUNN AND SCOTT D. SAGAN

carefully about the incentives employees face, and work to make sure that the incentives point in the direction of good security performance rather than poor security performance. Managers also need to establish effective and well-understood systems for reporting minor security infractions and mistakes so that data can be collected and the organization can learn.57 One element of getting incentives pointed in the right direction is to do away with unneeded security rules—rules that are overly burdensome or complex and that contribute little to the overall security of the plant. When employees encounter rules they think are senseless, they typically do not comply with them. This can contribute to a broader culture in which people follow security rules only when they find it convenient, and they come to think of security as a problem for “them” and not “us.” Every high-security organization has some of these unneeded or overly complex rules, as more rules get added over time in response to each incident that arises. Roger Johnston estimates that “[i]n any large organization, at least 30% of the security rules, policies, and procedures are pointless, absurd, ineffective, or actually undermine security (by wasting energy and resources, by creating cynicism about security, and/or by driving behaviors that were not anticipated).”58 Organizations should have regular processes to search for such rules and get rid of them.

Worst Practice 9: Assume That Only Consciously Malicious Insider Actions Matter Some of the most severe threats that high-security organizations face are from malicious outsiders. For intelligence agencies, this means an adversary’s spies; for military units, it is enemy forces; for nuclear facilities, it is thieves and saboteurs. Organizations may therefore focus on preventing attacks or theft by outsiders, and to the degree that they protect against insider threats, they focus on the danger that individuals inside the organization might be recruited by or become sympathetic to a malicious outsider group—hence the attention paid to preventing “penetration” through counterintelligence and personnel screening and monitoring. Yet this focus ignores the possibility that an insider threat can occur when an individual commits a dangerous act, not out of malicious intent, but for other complex reasons. The official definitions of insider threats in the International Atomic Energy Agency (IAEA) guidelines encourage this focus because they emphasize the malicious characteristic of such a threat. The first definition introduced is of the term adversary, which is described as

57. Reason, Managing the Risks of Organizational Accidents, 196–213. 58. Johnston, “Mitigating the Insider Threat (and Other Security Issues).”

166

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

“any individual performing or attempting to perform a malicious act.”59 The IAEA definition of insider builds on this definition: “The term ‘insider’ is used to describe an adversary with authorized access to a nuclear facility, a transport operation or sensitive information.”60 Thus, both definitions include a component of malice. The IAEA definition of a threat also implies the presence of malicious intent: “The term ‘threat’ is used to describe a likely cause of harm to people, damage to property or harm to the environment by an individual or individuals with the motivation, intention and capability to commit a malicious act.”61 But individuals who plausibly had no malicious intent even though they had very faulty, even horrific, judgment have caused serious insider-threat incidents. The 2015 escape of two convicted killers from the Clinton Correctional Facility in Dannemora, New York, provides a compelling example of the dangers a nonmalicious insider can pose. One of the insiders who helped the prisoners escape, Joyce Mitchell, did so consciously, in part because of a nascent sexual relationship with one of them. But another of the insiders who helped them claims he did so inadvertently. Gene Palmer, who had been a corrections officer for a quarter century, gave the prisoners paint, a screwdriver, and access to the catwalk they later used to escape—as well as a hamburger from Mitchell that Palmer claims he did not realize had tools hidden inside it—in return for paintings by the inmates and tips on the activities of other prisoners, never realizing (he says) that he was contributing to an escape plan.62 Stern and Schouten’s analysis of the October 2001 U.S. anthrax attacks provides a more debatable case. As a result of these mailings, at least twenty-two victims contracted anthrax, five people died, thirty-five postal facilities were contaminated, and anthrax spores were found in seven buildings on Capitol Hill.63 But it appears that Bruce Ivins may never have intended to kill or sicken anyone. The available evidence suggests that Ivins, a senior scientist at the U.S. Army Medical Research Institute of Infectious Diseases (USAMRIID), sent the letters more as a wake-up call than as an attack. Stern and Schouten argue that “Ivins’s motivations for the anthrax attacks will never be known for certain, but were likely complex. He may

59. International Atomic Energy Agency, Preventive and Protective Measures against Insider Threats (Vienna: IAEA, 2008), www-pub.iaea.org/MTCD/publications/PDF/pub1359_web. pdf. 60. Ibid. 61. Ibid. 62. For a useful summary, with links to the insiders’ sworn statements, see Kate Miller, “The Dannemora Prison Break: Lessons for Nuclear Facilities,” Nuclear Security Matters, September 9, 2015, http://nuclearsecuritymatters.belfercenter.org/blog/dannemora-prisonbreak-lessons-nuclear-facilities. 63. U.S. Department of Justice, “Amerithrax Investigative Summary,” February 19, 2010, www.justice.gov/amerithrax/docs/amx-investigative-summary.pdf.

167

MATTHEW BUNN AND SCOTT D. SAGAN

not have intended to kill anyone with the anthrax letters, rather hoping to create enough of a scare to boost national attention to, and funding for, work to defend against possible anthrax attacks, to which he had devoted his career.” Personal motives may also have mixed with this national security motive: Ivins had been a major contributor to the development of a controversial anthrax vaccine, and a terrorist anthrax attack had the potential to make his work more relevant, increase the patent-related fees that he was receiving, and impress a woman with whom he worked.64 In retrospect, Ivins was clearly a sick man with warped judgment and a reckless willingness to risk the lives of others, but he probably did not intend to kill a large number of people through his anthrax mailings. Had he intended to do so, the likely death toll would have been much higher. Many other examples of “nonmalicious” but highly misguided insiders could be cited: Oleg Savchuk, who allegedly placed a virus into the computer control system at the Ignalina Nuclear Power Plant in order to call attention to the need for improved security and to be rewarded for his diligence; former National Security Advisor Sandy Berger, who removed highly classified documents from the National Archives to review them at his office; or John Deutch, the CIA director who handled highly sensitive classified information on an insecure computer connected to the Internet.65 Indeed, security problems arising through inadvertence, conflicting incentives, and poor judgment are so pervasive that Johnston has concluded that “[t]he insider threat from careless or complacent employees and contractors exceeds the threat from malicious insiders (though the latter is not negligible). . . . This is partially, though not totally, due to the fact that careless or complacent insiders often unintentionally help nefarious outsiders.”66 The lesson that should be learned from these incidents is that efforts to prevent insider threats primarily though screening for loyalty or, conversely, monitoring for ties to malicious terrorist or criminal organizations are insufficient. Such methods will not detect or deter individuals who make poor judgments, even radically poor judgments, in the name of a private interest or even in pursuit of a distorted vision of the public good.

64. These other motives are also discussed in U.S. Department of Justice, “Amerithrax Investigative Summary”; David Willman, The Mirage Man: Bruce Ivins, the Anthrax Attacks, and America’s Rush to War (New York: Bantam, 2011), 190; and Jeanne Guillemin, American Anthrax (New York: Times Books, 2011), 131. 65. Wen Ho Lee and Helen Zia, My Country versus Me (New York: Hyperion, 2001); William Potter and Charles Ferguson, The Four Faces of Nuclear Terrorism (New York: Routledge, 2005), 224; and Central Intelligence Agency Inspector General, Report of Investigation: Improper Handling of Classified Information by John M. Deutch, 1998-0028-IG (Washington, DC: CIA, 2000). Lee was indicted for stealing classified nuclear weapons designs to share with China, though this has never been proved to the satisfaction of a court. The judge in the case ultimately apologized to Lee for his treatment. 66. Johnston, "Security Maxims."

168

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

Security managers need to focus on the nonmalicious sources of insecurity as well. Building a strong security culture and making good security convenient are two places to start.

Worst Practice 10: Focus on Prevention and Ignore Opportunities for Mitigation One common practice we have observed is for managers to focus primarily on prevention of insider threats at the expense of mitigation efforts. In contrast, the IAEA’s best practices guide for insider threats usefully recognizes the need to maintain both rigorous prevention programs and serious mitigation preparations as part of any nuclear security program. Much the same could be said of insider-threat protection in other sectors. Indeed, the most damaging recent examples of failure to focus on mitigation are in the cyber realm. Why on earth did Bradley Manning, a private, have access to hundreds of thousands of sensitive diplomatic cables from posts all over the world, along with secret war reports not only from Iraq but from Afghanistan as well? Why were no protections in place to limit what one insider could get without detection? And years later, why was it possible for Snowden, a twenty-nine-year-old contractor, to grab huge numbers of documents detailing the most sensitive intelligence operations all over the world without setting off any alarm bells? Clearly, both cases reveal a serious failure to think through systems that would mitigate the damage any insider could do. One temptation for managers to focus on prevention rather than mitigation is the concern that acknowledging that vulnerabilities exist and incidents may occur will stoke public fears. Although the 2011 Fukushima Daiichi accident is clearly a safety, not security, incident, it highlights the dangers that can be created when operators and officials avoid practicing mitigation and emergency response preparations in order to enhance public support and prevent panic. Yoichi Funabashi and Kay Kitazawa have compellingly identified a dangerous “myth of absolute safety” that was used to promote confidence in accident-prevention measures, rather than conduct nuclear emergency response activities in Japan prior to the March 2011 accident. As Funabashi and Kitazawa explain, This myth [of absolute safety] has been propagated by interest groups seeking to gain broad acceptance for nuclear power: A public relations effort on behalf of the absolute safety of nuclear power was deemed necessary to overcome the strong anti-nuclear sentiments connected to the atomic bombings of Hiroshima and Nagasaki. . . . One example of the power of the safety myth involves disaster drills. In 2010, the Niigata

169

MATTHEW BUNN AND SCOTT D. SAGAN

Prefecture, where the 2007 Chuetsu offshore earthquake temporarily shut down the Kashiwazaki-Kariwa Nuclear Power Plant, made plans to conduct a joint earthquake and nuclear disaster drill. But NISA (the Nuclear and Industrial Safety Agency) advised that a nuclear accident drill premised on an earthquake would cause unnecessary anxiety and misunderstanding among residents. The prefecture instead conducted a joint drill premised on heavy snow.67

The myth that the facilities were absolutely safe was repeated so often that it affected operators’ thinking about emergency response. As the accidentresponse plan for the Fukushima Daiichi site reportedly said, “The possibility of a severe accident occurring is so small that from an engineering standpoint, it is practically unthinkable.” If that is what you believe, you are not likely to put much effort into preparing to mitigate severe accidents—and they did not.68 The Fukushima case provides a clear lesson that it is important to avoid, in both public presentations and private beliefs, the “myth of absolute security.” Yet nuclear officials the world over continue to perpetuate the myth that nuclear material and facilities are absolutely secure.69 The belief that a facility is already completely secure is never correct, and this belief will lead to complacency that is the enemy of preparedness for either prevention or mitigation. Prevention of insider threats is a high priority, but leaders and operators should never succumb to the temptation to minimize emergency response and mitigation efforts in order to maintain the illusion that there is nothing to fear.

67. Yoichi Funabashi and Kay Kitazawa, “Fukushima in Review: A Complex Disaster, a Disastrous Response,” Bulletin of the Atomic Scientists 68 (March/April 2012): 13–14. 68. Phred Dvorak and Peter Landers, “Japanese Plant Had Barebones Risk Plan,” Wall Street Journal, March 31, 2011. 69. Consider two striking examples. First, the 2004 statement by then Russian Defense Minister (now chief of staff to Russian President Putin) Sergei Ivanov, referring to weaponsgrade plutonium and HEU, that he could “state with full responsibility that there cannot be any leakage of such materials from Russia,” and that there had never been “even a single example of even one gram” of such material being unaccounted for. This statement was made despite multiple cases of nuclear thieves in Russia being arrested, confessing, and being convicted; less than a year afterward, President Putin and President George W. Bush agreed that nuclear security in Russia required a rapid program of security upgrades, the Bratislava Initiative. See "Nuclear Weapons Should Not Be Used against Terrorists," RIA Novosti, April 7, 2004. In 2015 General Khalid Kidwai, recently retired as the commander of Pakistan’s Strategic Plans Division, in charge of Pakistan’s nuclear forces, said that he could state with “full responsibility” that nuclear security in Pakistan is a “non-issue.” See “A Conversation with General Khalid Kidwai,” Carnegie International Nuclear Policy Conference, March 23, 2015, http://carnegieendowment.org/files/03-230315carnegieKIDWAI. pdf.

170

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

Insider Threats: How Big a Problem? The fundamental question remains: How much of a problem do insider threats pose? In many sectors, from cybersecurity to intelligence, the answer is clear: Insider threats are perhaps the biggest and most difficult part of the security challenge. In the nuclear sector, as we noted in the introduction, the known cases of nuclear theft appear largely to have been perpetrated by insiders or with the help of insiders, as most of them were thefts of bulk material that were never noticed to have been missing until the material was seized and recovered. But the deep dive into the jihadi literature offered by Hegghammer and Dæhli in their chapter makes a convincing case that there are very few cases of jihadis discussing nuclear thefts or attacks and, within those, virtually no cases where the jihadis explored the nuclear insider option—that is, attempting to infiltrate one or more of their people into the staff of a nuclear facility or find ways to coerce or recruit someone on the existing staff. This is reassuring, as it makes clear that insider nuclear operations are not a priority either for those writing jihadi manuals (including those related to nuclear, chemical, biological, and radiological weapons) or for the great mass of extremists posting on jihadi forums. On the other hand, one would not expect that jihadis would post about a secret plan to carry out such an action before it occurred. Had the jihadi forums been equally active before 9/11, for example, there would likely not have been extensive posts about flying large planes into buildings. Moreover, insiders at nuclear facilities may become radicalized without terrorist groups actively seeking to recruit them—as occurred in the nonnuclear Hasan case, and appears to have occurred in the Boughalab case that Hegghammer and Dæhli describe. And nuclear insiders may steal nuclear material and provide it to terrorists for their own reasons— including profit—without jihadis seeking to recruit them. Hegghammer and Dæhli ultimately conclude that while the threat should not be exaggerated, a number of steps should be taken to reduce the risk. Austin Long’s chapter on insider attacks on U.S. forces in Afghanistan offers both disturbing and encouraging lessons for those coping with insider threats. On the one hand, it makes clear that insider threats can surge dramatically from one year to the next. Tomorrow’s threat may not be possible to extrapolate from past experience. On the other hand, Long’s account also makes clear that a focused, sustained effort to reduce insider threats, directed as a high priority by the top leaders of the organization, can drastically reduce the insider danger. In Afghanistan, the counterinsider effort led green-on-blue attacks to decline almost as precipitously as they had risen. Overall, the data are simply not available to assess how big the insider threat to each high-security organization might be. But the cases in this

171

MATTHEW BUNN AND SCOTT D. SAGAN

book strongly suggest that for almost every such organization, it is likely to be one of the larger risks the organization faces.

Avoiding Undue Suspicions Most of this book is about avoiding one kind of error: failing to identify insider threats before they carry out damaging acts. But the opposite kind of error—seeing insiders where none exist—can also cause serious damage to an organization, leading to innocent people being unjustly accused or pervasive suspicion of everyone making it difficult for an organization to function. The career of James Jesus Angleton provides perhaps the most compelling lesson of the dangers of undue suspicion.70 Charged with finding spies at the CIA, Angleton became convinced that spies were everywhere, falsely accusing not only CIA officers but people ranging from Henry Kissinger to British Prime Minister Harold Wilson of being Soviet spies. Careers were ruined, and the obsessive hunt for a mole in the CIA created a paralyzing suspicion of everyone that almost brought the recruitment of spies from the Soviet Union to a halt. After Angleton was forced to resign—amid the revelation of Operation CHAOS, the huge domestic spying operation he had helped to oversee, in a search for Soviet control of American political dissent—the reaction to his methods was so intense that counterintelligence efforts were greatly weakened, perhaps contributing to the failure to find Aldrich Ames until he had done an immense amount of damage. The lesson of Angleton’s “worst practices” is clear: In their effort to protect against insiders, organizations must avoid crippling themselves with poorly grounded suspicions and false accusations. Organizations should not assume that every concerning behavior comes from a real insider, that every security rule or counterinsider initiative is worthwhile, or that those accusing people of being insiders are always correct. Of course, organizations have learned a great deal about avoiding these worst practices since Angleton’s heyday. But finding the balance required to adequately protect against real insiders without seeing insiders under every rock remains a difficult challenge. That challenge has to be addressed organization by organization, as each has its own specific needs and circumstances. But there are a few general recommendations that we can offer. First, as discussed earlier, organizations need to establish a process for responding to insider concerns and reports that is seen by employees as sensible, fair, and protecting employees’ rights. For the process to work

70. For a classic account, see David Wise, Molehunt: The Secret Search for Traitors That Shattered the CIA (New York: Random House, 1992).

172

6. A WORST PRACTICES GUIDE TO INSIDER THREATS

effectively, it has to convince employees that insider concerns and reports will be taken seriously, but at the same time will be placed in context and examined carefully, without jumping to conclusions on flimsy evidence. A description of how such issues are handled should be available to all employees. In cases where an investigation results in clearing a person of suspicion, a description of how that conclusion was reached ought to be provided (with the concurrence of the cleared individual). In cases where an insider concern is substantiated, employees should be made aware of the specifics as a cautionary tale as soon as doing so will no longer interfere with the investigation (and within the confines of respecting the rights of the accused). Rumors fly within organizations in such circumstances, and the truth is often the best way to address them. If employees come to believe that their reports are taken seriously and dealt with fairly, they will be far more likely to report. Second, organizations should recognize that effective leadership, trust, openness, and accountability can, in themselves, be powerful factors in reducing the insider threat. Building an organization in which all workers involved believe in the mission, their role in achieving it, and the need to work together to achieve it contributes both to the organization’s mission and to reducing insider risks. As David Franz and James LeDuc have argued, security programs must include steps to foster strong leadership, without which “the other measures become little more than the appearance of security.” “Troubled scientists,” they argue, “have and will come to an enlightened and engaged leader for help, where openness has been built and trust is the currency.”71 Trust in itself is not the problem—it just needs to be tempered with prudence and alertness to signals that suggest trust may no longer be justified in a particular case. Third, organizations need to focus on a comprehensive insider deterrence, detection, and mitigation program—including measures to secure and monitor the items to be protected and any interaction with them that occurs, whether they are bacteria, secrets, or nuclear materials—and not just on a hunt for moles. By reducing the incentives for insider action, such a comprehensive program can, in many cases, prevent insider episodes before they begin, reducing reliance on the hunt for traitors within the organization. The chapter by Bunn and Glynn offers a framework for considering the elements of such a comprehensive program, and illustrations of how such programs are implemented in the pharmaceutical and casino industries. Fourth, insider-protection programs should be integrated with other security efforts and overseen by officials with the authority and responsibility

71. David R. Franz and James W. LeDuc, “Balancing Our Approach to the Insider Threat,” Biosecurity and Bioterrorism 9, no. 3 (2011): 205–206.

173

MATTHEW BUNN AND SCOTT D. SAGAN

to make responsible trade-offs among productivity, morale, and security. The Angletons of the world must be balanced and overseen by officials with a broader view.

The Path Forward This book demonstrates that insider threats come in diverse and complex forms, that the individuals involved can have multiple complex motives, and that common, though understandable, organizational imperfections make insider threats a difficult problem to address adequately. Many leaders and managers in organizations that need to deal with these dangers appear to underestimate both the scale of the insider threat and the difficulty of addressing it. Serious insider threats may well be rare in the organizations that we have created to provide national security, but given the scale of the potential consequences, it is crucial to do everything reasonably practical to address them. A final lesson from all these cases is this one: Do not assume, always assess— and assess (and test) as realistically as possible. Unfortunately, realistic testing of how well insider protections work in practice is very difficult; genuinely realistic tests could compromise safety or put testers at risk, while tests that security personnel and other staff know are taking place do not genuinely test the performance of the system. Nevertheless, security managers need to establish programs for assessment and testing that are as creative and realistic as practicable—and to reward the employees involved for finding vulnerabilities and proposing ways to fix them, rather than marginalizing people who complain about security vulnerabilities. Complacency—the belief that the threat is modest and the measures already in place are adequate—is the principal enemy of action. Hence, a better understanding of the reality of the threat is critical to getting leaders and managers in countries around the world to put stronger protections in place. We hope that this book will encourage both further research and more sharing of analyses of past insider-threat incidents and lessons learned. There continues to be a need for in-depth, empirically grounded research on insider threats in many security arenas and on what works best in protecting against them. The case studies in this volume provide a novel glimpse into the dark world of insider threats. They also shed some light on bad practices to avoid and better practices to promote. However, we do not believe that simply implementing practices already identified—either in this book or by the broader community of security professionals—will be sufficient to address the insider threats that high-security organizations face. Rather, what is needed is constant and creative vigilance, building a culture of continual improvement in the face of evolving threats and always looking for the next vulnerability to be addressed.

174

Index

2083—A European Declaration of Independence (Breivik), 19–21 9/11 Commission, 46 Abdeslam, Salah, 36–37 Abdo, Jason Naser, 43 Aboobakr Ismail, “Rashid,” 29 active pharmaceutical ingredient (API). See pharmaceutical industry: protected items Afghanistan Afghan National Security Forces (ANSF), 103 aid workers and journalist attacks, 118–19 assassination of Ahmed Wali Karzai, 148 green-on-blue attacks, 8, 18, 103–20 Afghanistan, decline of threats “guardian angel” policy, 8, 116–18, 119 insider-threat mitigation working group, 114, 116 troop withdrawal and, 118 Afghanistan, sources of threats dissatisfaction, response by soldiers, 106–8 insurgent ties and, 109–10 motives, strategic or personal, 105, 110 Pashtun role, 110 rage, expression of, 110 Taliban influence, 112 Afghan National Army (ANA), vetting procedures, 114–15

Afghan National Security Forces (ANSF) counterintelligence in, 114–15, 119 dissatisfaction in, 109 African National Congress (ANC), 25, 28–30 al-Adnani, Abu Muhammad, 14, 18 al-Awlaqi, Anwar, 18, 69 Hasan and, 37, 45, 50–51, 65–66, 69 Hasan and e-mail, 43, 60–61, 63 Karim and, 38 Mobley and, 31–32 al-Baghdadi, Abu Bakr, 14 al-Fahd, Nasir, 13 fatwa on CBRN weapons, 14 al-Jazeera (network), 15 Allen, John, 103 al-Qaida assassination attempts on Musharraf, 147–48 insider in U.S. nuclear plants, 30–32 interest in nuclear facilities, 15–16 and nuclear weapons, 13–14 al-Qaida in the Arabian Peninsula (AQAP), 32 al-Qaida in the Islamic Maghreb (AQIM), 34, 37 al-Suri, Abu Mus‘ab, 13, 18 al-Wuhayshi, Nasir, 14 al-Zawahiri, Ayman, 15, 18, 33 American Pharmacists Association (APA), 133 Amerithrax case, 76 See also anthrax attacks; Ivins, Bruce Ames, Aldrich, 2, 150, 172

175

INDEX

Angleton, James Jesus, 172 Annan, Kofi, 6 ANSF. See Afghan National Security Forces (ANSF) anthrax analyses and reviews Expert Behavioral Analysis Panel (EBAP), 78, 89, 94 multiagency team investigation, 75–76 National Research Council (NRC), 77–78 security failures post anthrax attacks, 95–96 anthrax attacks, 1, 6, 8, 74–102, 153, 161, 167–68 vaccine safety and research funding, 83 API, active pharmaceutical ingredient. See pharmaceutical industry: protected items Ardolino, Bill, 113 Argonne National Laboratory, Vulnerability Assessment Team, 163 Aryan Republican Army, RN weapon and, 20 Aum Shinrikyo, 21–22 background checks, 4 Army security clearance, 85–87, 89 Biological Personnel Reliability Program, 92–94 casino industry, 123–24, 129–30 corporate security, 123–24 “disbarred list,” 136 high-containment laboratories, 101 “permanently ejected” individuals, 129 pharmaceutical industry, 136 problems with, 149–51 security risk assessment (SRA), 91–94 Bakkali, Mohamed, 36 Barot, Dhiren, 38 insider, interest in, 17–18 Bazerman, Max H., 88 Bell, Michael, 100 Berger, Sandy, 168 bin Laden, Osama, 13, 13n7, 33 Abbottabad documents, 15 and nuclear facilities, 14 and unconventional weapons, 14 biological select agents and toxins (BSAT) access by Ivins, 82, 86 Bioterrorism Act limits on access, 91–92 hiring and employment practices criteria proposed by NSABB, 92–94 increased number of labs and risks, 98–99 Bioterrorism Act, 90–92 Bismarck, Otto von, 146 Booz Allen Hamilton, 148 Boughalab, Ilyass, 35–36 radicalization of, 150 Breivik, Anders Behring, 19–21, 38

176

Breivik’s manifesto. See 2083—A European Declaration of Independence (Breivik) Brickhill, Jeremy, 28 British Airways/Rajib Karim case, 37 BSAT. See biological select agents and toxins (BSAT) Bunn, Matthew, 8, 88, 156, 157 Cameron, Gavin, 39 Capelli, Dawn M., 160 Carson, Brad, 47 casino industry, 8, 127–32 assessment, 131–32 background checks, 129–30 internal and external threats, 128–29 protected items, 127, 131 security staff and surveillance team, 129 security weaknesses, 132 training and morale, 130 trustworthiness of employees, 129, 132, 146–47 CBRN weapons. See chemical, biological, radiological, and nuclear (CBRN) weapons Centers for Disease Control (CDC) needed policies and procedures, 101–2 security failures post anthrax attacks, 95–98 Central Intelligence Agency (CIA), 2, 33, 46 lie detector test failure, 150 mission to coordinate intelligence, 46n21 undue suspicion, 172 Challenger space shuttle accident, 47 Chechen rebels coercion by kidnapping, 151 plot to hijack a nuclear submarine, 25 threats to Russian nuclear facilities, 15 chemical, biological, radiological, and nuclear (CBRN) weapons, 13–14 and right-wing extremists, 19 Chernobyl, comparisons to, 19, 21 Christian fundamentalists, 17 Christie, Renfrew Leslie, 28 Clapper, James, 148, 163 Clinton Correctional Facility escape, 167 coercion Chechen rebels kidnapping, 151 IS monitoring of a nuclear insider, 36–37 Northern Bank kidnapping, 150 Conspiracies of insiders, 156–57 controlled substance team (CST). See pharmaceutical industry: protected items Cooke, Christopher M., 2 coordination and communication FBI technology and training, 65n118 increased need, 72–73 secrecy and limitations of, 146 See also Central Intelligence Agency (CIA)

INDEX

Cran-Gevrier military base (France), 34 CST, controlled substance team. See pharmaceutical industry: protected items Culp, Derrin, 98 culture Afghan and Western differences, 110–13, 116 biological facilities and, 94–101 FBI, DOD and security agencies, 47–48, 53, 67–71 importance of, 144, 158–61 Y-12 intrusion and, 159 cybersecurity, 6n10, 12, 142, 155, 162, 171 mitigation and, 169 Dabiq (Islamic State magazine), 14 Dæhli, Andreas Hoelstad, 7, 171 Dar al-Hadith Dammaj Institute, a Salafist school, 31 Dark Web Forum Portal (DWFP), interest in nuclear facilities, 15–17 Debchi, Mustapha, 34 defense contractors, insider plot against, 25 Defense Criminal Investigative Service (DCIS), 61–63 Defense Department antiquated personnel system post-9/11, 46–48 counterterrorism or counterintelligence in, 43, 61 “force protection” and internal or future threats, 52, 71 Islamic extremism and, 53n67 mental health forms, 59n90 officer evaluation reports (OER), 56–60 security clearance, 59 See also Hasan, Nidal Malik Defense Department (DOD) laboratory. See anthrax attacks Defense Department, leadership in disciplinary system, failure of leadership, 53 organizational incentives, 54–55 religion and, 55–56 Defense Intelligence Agency, 2 Department of Energy (DOE), 158 facility false alarms, 159 security measures ignored, 164–65 violation records, 23 Department of Health and Human Services, 135 Department of Justice, anthrax investigation, 75–78 Deutch, John, 168 disease, 6 See also anthrax attacks

Doel Unit 4 nuclear reactor (Belgium), 5, 35–36, 150 Drug Enforcement Administration (DEA), regulations, 135 Dual Use Research of Concern (DURC), 99 DWFP. See Dark Web Forum Portal (DWFP) EBAP. See anthrax analyses and reviews Ebright, Richard, 98 Egyptian Islamic Jihad (EIJ), 37 el-Bakraoui, Ibrahim and Khalid, 36 Ellul, Jacques, 106 employees, trustworthiness and loyalty casino industry, 129, 132, 146–47 disgruntled, results of, 160 halo effect, 132, 139, 142, 149 mental health problems and security, 161 NIMO (Not in My Organization) biases, 89, 147–49 pharmaceutical industry, 136 ETA, Basque Nationalist group, 39 ethnicity and religion Koran burning, 112–13 Pashtuns, 109–11 European Center for Nuclear Research (CERN), 34 Exit, Voice, and Loyalty (Hirschman), 106 Expert Behavioral Analysis Panel (EBAP). See anthrax analyses and reviews Federal Bureau of Investigation (FBI) analysts role, 62, 68–70 coordination with Defense Department, 70 Counterterrorism Division, 66–67 counterterrorism or counterintelligence in, 50, 64 Data Warehouse System-Electronic Surveillance Data Management System (DWS-EDMS), 65–66 decentralization and communication, 64–65, 67 intelligence gathering in, 47 law enforcement orientation post 9/11, 48 mission change to proactive prevention of domestic terrorism threats, 64, 67–69 National Joint Terrorism Task Force, 66–67 profile of anthrax perpetrator, 76–77 Webster Commission investigation, 51 See also Hasan, Nidal Malik; Joint Terrorism Task Force (JTTF) Ferguson, Charles D., 39 Feynman, Richard, 164–65 Food and Drug Administration (FDA), 136 Fort Hood shootings. See Hasan, Nidal Malik Fort Knox, 125–26 Franz, David, 99

177

INDEX

Fukushima Daiichi accident, 169–70 Funabashi, Yoichi, 169 Galvani, Alison P., 98 Gandhi, Indira, security staff of, 147 Global Terrorism Database, 26 Glynn, Kathryn M., 8, 156 Gonzalez, Jarod, 90 Goodson, Barry, 107 Government Accountability Office (GAO), on security failures post anthrax attacks, 95, 97 Gray, Heather, 28–30 “guardian angel” policy, 116–20 Habiger, Eugene, 158 halo effect. See employees, trustworthiness and loyalty Hanssen, Robert, 2 insider advantage, 162 Hasan, Nidal Malik, 8, 18, 37, 42 and Anwar al-Awlaqi, 50–51, 60–61, 63–66, 68–69 Defense Department review of, 51–52 officer evaluation reports (OER), 49, 56 poor work performance, 49–50 radicalization of, 48–49, 52, 55, 150, 151 reasons for failure to prevent, 44–45, 71–73, 161 Hatfill, Steven, 77 Health Insurance Portability and Accountability Act (HIPAA) of 1996, 135–36 Hegghammer, Thomas, 7, 171 Heller, Naomi, 79 Hicheur, Adlène, 26, 34 high-containment laboratories. See anthrax attacks Hirschman, Albert O., 106–8 Ignalina Nuclear Power Plant, 168 individual jihad, 18 INSF. See International Security Assistance Force (ISAF) insider definition of, 3–4 guards as, 4 insider plotting on the side, 34 likelihood of threats, 171 malicious or nonmalicious acts, 167–68 passive, active or violent, 4 reactive adversary circumventing security systems, 162–63 self-motivated, recruited, infiltrated, inadvertent, coerced, 4, 40 insider, autonomous action of, 12 Fort Hood shootings, 37 Hicheur case, 37

178

insider, insertion of, 12, 37, 40 Ali Mohamed case, 37 insider, outreach of, 12 British Airways/Rajib Karim case, 37 Mobley, Sharif, 37 Wilkinson case, 37 insider, recruitment of, 12 radicalized while working, 35 reasons for and against, 39 See also Boughalab, Ilyass; Mobley, Sharif insider protection programs, steps in deterrence of threats, 172–74 Inspire (jihadi magazine), 18, 51 intelligence structures, decentralized, 46 International Atomic Energy Agency (IAEA), best practices guide and recommendations, 146, 166–67, 169 International Security Assistance Force (ISAF), insider threats, 103–4 Islamic State (IS), 7 monitoring of a nuclear insider, 36–37 potential interest in radiological or nuclear weapons, 14 Islamist terrorist insider. See Boughalab, Ilyass; Hasan, Nidal Malik; Hicheur, Adlène; Mobley, Sharif Ivins, Bruce, 8, 75–90 and Ames strain of anthrax, 77, 83 Army security clearance, 84–86 background of, 78–80 biological select agents and toxins (BSAT) and, 82 e-mails of, 80–81 intention of, 168 mental health therapists of, 79–80, 82, 86–87 response to investigation, 83–84 warning signs ignored, 84–90, 100, 161 See also anthrax attacks jihadi groups nuclear-related plots, 25–26 See also al-Qaida; Chechen rebels; Islamic State (IS); Sharia4Belgium Johnston, Roger, 163 Joint Terrorism Task Force (JTTF), 50–51 DCIS personnel and current dangers, 62–63 failure of information sharing, 70–71 lack of red flags on Hasan, 56, 59 organizational failure in Hasan case, 60–61 Washington branch and, 65 Jülich Research Centre (Belgium), 37 Kappa Kappa Gamma sorority (KKG), 78–79 Karim, Rajib, 37–38 Karzai, Ahmed Wali, 148 Kaufman, Sean G., 96–97

INDEX

Kennan, George, 73 Kitazawa, Kay, 169 Koeberg Nuclear Power Station, 28–30 Lipsitch, Marc, 98 Long, Austin, 8, 171 Long War Journal, 111 Lucas Heights nuclear research facility, 26 Maharaj, Mac, 28 Mahmood, Sultan Bashir-ud-Din, 32–34 Majeed, Chaudiri Abdul, 32–34 Manning, Chelsea (Bradley), 2, 5, 155, 160–61 access to sensitive diplomatic cables, 169 mental health professionals and mental health, 88 Bruce Ivins and, 79–80, 82, 86–87 “normalization of deviance,” 88 PTSD and, 54–55 microbial forensics, 77 Minbar al-Tawhid wa’l-Jihad (online archive), 15 Mirage Man (Willman), 78 Mitchell, Joyce, 167 Mobley, Sharif, 17, 26, 30–32, 154 Mohamed, Ali, 37, 43 Mohammed, Khalid Sheikh, 15 Moore, Andrew P., 160 Moroccan Salafia Jihadia group, 26 Mueller, Robert, 64, 67 Mullen, Sarah H., 23 Musharraf, Pervez, 147–48 National Biodefense Analysis and Countermeasures Center (NBACC), Personnel Reliability Program (PRP), 93–94 National Enquirer, 76 National Insider Threat Policy, 155–56 National Institutes of Health (NIH), smallpox virus handling error, 95–97 National Research Council (NRC), anthrax analysis, 77–78 National Science Advisory Board for Biosecurity (NSABB), recommended hiring and employment practices criteria, 93 National Security Agency (NSA), 2, 5, 155 Navy and NCIS, 62n102 NBACC, Select Agent Rule regulations, 93 neo-Nazi, 19 NIMO (Not in My Organization) bias, 89, 146–49 See also employees, trustworthiness and loyalty “normalization of deviance,” 88 Northrop Grumman employee, plot to murder Republican Party officials, 25

NSA. See National Security Agency (NSA) NSABB. See National Science Advisory Board for Biosecurity (NSABB) nuclear facilities attack consideration, 20 few plots found in literature, 38–39 insider incidents, 7, 10, 25, 27–37, 145, 150, 154, 157, 168 insider incidents, published and unpublished information, 12 myth of absolute safety, 169–70 portal-monitors in, 157, 159 recommendations for protecting, 40–41, 140–44 sabotage, 5, 21, 36, 39 targeted plots, 25–26 nuclear materials highly enriched uranium (HEU) thefts, 121, 150 portal-monitor failures, 157 protection measures, 121–22 separated plutonium thefts, 121 Nuclear Regulatory Commission (NRC), study of acts of sabotage, 23 nuclear weapons, 6–7, 13–14, 171 Obama, Barack, 5 Order (terrorist group), 19 Padilla, José, 14 Pakistan al-Qaida meeting with nuclear scientists, 32–34 assassination attempts on Musharraf, 148 lack of data from, 12 Pakistan Atomic Energy Commission (PAEC), 33 Pakistan Institute of Nuclear Science and Technology, 33 Palmer, Gene, 167 Pearl Harbor attack, 45 Pelindaba nuclear facility assault, 25 Perrow, Charles, 46 pharmaceutical industry, 8, 133–39 assessment, 138–39 controlled substance teams (CST), 134, 137 insider theft, 133 investigation processes, 138 protected items, 133f Quality assurance (QA) checks, 135, 136, 137 security and surveillance, 134 security weaknesses, 139–40 staff licensing, 133 tamper-indicating devices (TIDs) failures, 158 training and morale, 136 trustworthiness of employees, 136 vaults, 138

179

INDEX

Pharmaceutical Security Institute (PSI), 138 Phineas Priesthood, 19n27 Pierce, William, 19 Pillai, H. D., 147 Potter, William C., 39 predictable surprise, 88, 102 Provisional Irish Republican Army kidnapping, 150 Public Health Security and Bioterrorism Preparedness and Response Act of 2002. See Bioterrorism Act radiological and nuclear (RN) weapons, 13–14, 20 radiological dispersion device (RDD), 33 red flags Hasan case, 44, 56–59, 150–53 ignored, 46, 100, 151–52, 154–55 Ivins case, 75, 89–90, 100, 153 Wilkinson case, 30 Riedel, Bruce, 69 right-wing extremists. See Christian fundamentalists; neo-Nazi; Phineas Priesthood RN weapons. See radiological and nuclear (RN) weapons Russia, 4, 15, 22, 25, 120, 125, 149, 157, 159, 164, 170n69 limited data from, 7, 12 Saathoff, Gregory, 91 Sagan, Scott D., 46, 88 Salerno, Ren, 97 Sandia National Laboratories, 2, 97, 157 Savchuk, Oleg, 168 Schedule II narcotic, 133, 135, 139 Schouten, Ronald, 8, 78, 91, 153, 161, 167 Schrader, Ralph, 148 security, corporate, 122–23 access to protected items, 126 background checks, 123–24 critical knowledge, definition of, 123 investigation processes, 126 protected items, 125 security systems assessment, 127 training and morale, 124 security clearance Army clearance for Hasan, 59 Army clearance for Ivins, 84–85, 88, 89 DOD procedures for, 85–86 worst practices, 88, 102 See also Hasan, Nidal Malik security measures buy-in and corporate commitment, 142, 172–73 cheating for financial reasons, 165

180

database and incident sharing, 142–43 ignored, 163–64 regulators and, 142 remove unneeded rules, 166 splitting security and surveillance, 142 two-person rule, 99–100, 120–21, 126, 131, 137, 140–41, 156 video surveillance, 36, 140 Sharia4Belgium, 35 Shoko Asahara, 21 Slovo, Joe, 28–29 Smirnov, Leonid, 150 Snook, Scott A., 47 Snowden, Edward, 2, 5, 148, 155–56 access to sensitive intelligence operations, 169 insider advantage, 162 security measures ignored, 164 trusted employee, 148 social shirking, 47, 66 South Africa, Pelindaba nuclear facility assault, 25 South African Amnesty Committee, 30 Stern, Jessica, 8, 153, 161, 167 Stevens, Robert, 76 Stockton, Paul, 44, 52 Stormfront (website), 20 Sutton, Victoria, 23, 90 Taketloune, Elias, 35–36 Taliban, 8, 109–13 green on blue attacks, 18 suicide bombers or self-sacrifice, 105 unconventional weapons and, 33 Tenet, George, 33 Trzeciak, Randall F., 160 The Turner Diaries (Pierce), 19–20, 39 two-person rule, 99–100, 120–21, 126, 131, 137, 141, 156 Ummah Tameer-e-Nau (UTN), 32–33 USAMRIID. See U.S. Army Medical Research Institute of Infectious Disease (USAMRIID) U.S. Army Medical Research Institute of Infectious Disease (USAMRIID), 75–76, 78–92, 99–100 Biological Personnel Reliability Program (BPRP), 92 Competent Medical Authority (CMA) evaluation, 92 Guidance Messages for work with biological agents, 92 Ivins’s lack of mental health information when hired, 89–90 NIMO (Not in My Organization) bias, 89

INDEX

Vaughan, Diane, 47, 88 vaults active pharmaceutical ingredient, 137, 138 Fort Knox, 125 nuclear material, 122, 140 Vietnam, parallels to Afghanistan, 106–7 Wackenhut Corporation, 165 Walker, John Anthony, 2 Watkins, Michael D., 88 weapons of mass destruction (WMD) crimes, United States, 22–23

crimes, worldwide, 23–25 interest in using, 13, 22 whistle-blowers, protection for, 90 WikiLeaks, 2, 5, 160 Wilkinson, Rodney, 25, 28–30 Willman, David, 78, 89 Wohlstetter, Roberta, 45 World Institute for Nuclear Security (WINS), best practices guide, 146 Zegart, Amy B., 8, 46–47, 150–53, 161 Zimbabwe African People’s Union, 28

181