View
0
Download
0
Embed Size (px)
PREVENTION
Counterintelligence is the Stepchild of the Intelligence Community
Prevention is the Stepchild of Counterintelligence
Detection Gets All the Love
Dr. David L. Charney Psychiatrist
www.NOIR4USA.org
NOIR
THE MISSING LINK For Managing Insider Threat in the Intelligence Community
proposing a National Office for Intelligence Reconciliation
for more information, go to:
NOIR WHITE PAPER PART THREE series on insider threat/counterintelligence/counterespionage
Dr. Charney is the Founder and Medical Director of Roundhouse Square Counseling Center, in Alexandria, Virginia. He specializes in Anxiety and Mood Disorders, Couples and Family Therapy, as well as Attention Deficit Disorder in adults. In addition to his usual practice, he has also treated personnel from within the Intelligence Community. As a result of unusual circumstances, he had the opportunity to join the defense team of his first spy case, Earl Pitts. Subsequently, Plato Cacheris, the attorney of Robert Hanssen, invited Dr. Charney to join his defense team, which added a further dimension to his experience. With the addition of his third spy case, Brian Regan, Dr. Charney further deepened his knowledge of the psychological nuances of captured spies. As a member of their defense teams, Dr. Charney was perceived by these insider spies as an understanding and supportive figure, which lowered their defensive mindsets, and provided a truer picture of their inner lives. Many common assumptions of spy motivation were brought into question by Dr. Charney’s work. Dr. Charney elaborated his findings in Part One of his White Paper, entitled True Psychology of the Insider Spy. Part Two of his White Paper, entitled NOIR, lays out Dr. Charney’s innovative and perhaps controversial recommen- dations for making use of what he learned to better manage the problem of insider spies. To educate and promote these concepts and ideas, he founded NOIR for USA, a non-profit organization. Its website is: NOIR4USA.org.
ABOUT THE AUTHOR David L. Charney, MD
PREVENTION: THE MISSING LINK For Managing Insider Threat in the Intelligence Community
Counterintelligence Is the Stepchild of The Intelligence Community
Prevention Is the Stepchild of Counterintelligence
Detection Gets All the Love
Dr. David L. Charney Psychiatrist
©2018 David L. Charney. Permission is granted to make copies and distribute this White Paper provided acknowledgement is given to the author.
TABLE OF CONTENTS
SECTION A 1
The Problem: The Insider Threat 1
Analyzing Failed Links in Security Chains 1
Missing Links in IC Security Chains: Off-Ramp Exits 1
Disclaimer 1
SECTION B 2
Scope of the Problem 2
Importance of Prevention Despite Its Neglect 2
Overly Focusing on Detection at the Expense of Prevention 2
Great Hopes of the Moment 2
Dirty Little Secret of Counterintelligence (CI) 2
SECTION C 3
The NOIR White Paper Series on Insider Threat, Counterintelligence, and Counterespionage (CE) 3
CHART: Ten Life Stages of the Insider Spy 3
NOIR White Paper Part One 3
NOIR White Paper Part Two 3
NOIR White Paper Part Three 3
The Vision: A Full Spectrum Solution for Managing Insider Threat 4
SECTION D 4
Rethinking Insider Threat 4
External Management of Insider Threat (EMIT) vs. Internal Management of Insider Threat (IMIT) 4
External Management of Insider Threat (EMIT) 4
Internal Management of Insider Threat (IMIT) 4
Human Psychology is Central to IMIT-Based Prevention 5
Situations of Concern 5
Modern Sales Practices Are Key for Achieving “Left of Boom” Interventions 5
CHART: EMIT vs IMIT 6
Not New! IMIT-Based Approaches Already Practiced in Specialized IC Units 6
Behavioral Change Stairway Model 6
Full Spectrum Solution for Managing IC Insider Threat Requires EMIT and IMIT 7
SECTION E 7
Detection: Strengths and Weaknesses 7
Detection: Core Mission of Traditional Law Enforcement 7
Strengths of Detection 7
Weaknesses of Detection 8
Factors Contributing to Detection Weakness 8
Intrinsic Weaknesses 8
Workplace Barriers That Thwart Detection 8
Workforce Hiring Paradoxes Within the IC 9
Net Result of Detection Weaknesses 9
Detection is Nearly Useless With “Whistleblowers” 9
Problems in Execution 9
False Negatives, False Positives, and Other Confusing or Bad Results 9
Consequences 9
Proposing a New, Comprehensive Strategy to Prevent, Not Detect, Insider Threat in the US Intelligence Community (IC)
Looking Ahead: Excessively Optimistic Claims for New High-Tech Advances 10
Artificial Intelligence (AI), Big Data, Algorithms, and Machine Learning (ML) 10
Algorithm Bias: A Newly Named Concept 11
Paradigm of Home Security Systems 11
Thresholds in the Context of the IC 11
Defining Suspects Based on an Algorithm 11
An Insider Threat Score? 11
Arbitrary Thresholds Tend to Get Turned into Concrete Categories 11
Congratulations! You Identified a Suspect. Now What? 11
High-Tech Indicators: Helpful or Problematic? 11
Parallels the Problem of What to Do with Weather Forecasts 11
Bring in the Big Guns: The FBI Will Solve It! 11
Hassles Managing Suspects 12
Despite the Hype, High Tech Offers Little Relief for Decision Makers 13
Defeating the Newest Detection Technology? “Zero Days” Are Every Day 13
Big Picture Considerations: IMIT Advantages Over EMIT 14
Easier Decisions 14
Cheaper 14
Faster 15
Easier to Manage 15
Rescue vs. Catch 15
SECTION F 15
Prevention: Strengths and Weaknesses 15
Strengths of Current Practices 15
Weaknesses of Current Practices 15
Cultural: Prevention is the Stepchild of Counterintelligence 15
Measuring Success: Prevention’s Biggest Problem 16
Prevention Resources Today Need Strengthening 16
SECTION G 17
Building a New Comprehensive Prevention Program 17
General Considerations 17
IMIT Concepts Will Be Its Guiding Principles 17
Useful Starting Fact: About 90% of Insider Threat Actors Are Male 18
Intervention Windows: When Open and When Closed? 18
Introduction 18
First Open Window: Stage 2 (Stress/Spiral Stage): Before Someone Crosses the Line 19
Intervening During Early and Mid-Stage 2 19
Closed Windows: Stages 3 and 4: The Blackout Periods 19
Open Windows: Stage 5 (Remorse, Morning After Stage); Stage 6 (Active Spy Career Stage); and Stage 7 (Dormancy Stage): The Stages After Someone Crosses the Line 19
Two-Tier Structure Advocated for EAPs 19
First Tier: Existing EAPs Internal to Each IC Agency 19
Second Tier: A Second Level EAP — External to the Home Agency 20
Resources Must Be Real 20
An External EAP Has the Advantages of a Third Party 20
Resources 20
Making the New Prevention Program Work 21
Targeting the Correct Audience 21
Communicating the Right Way with the Target Audience 22
Packaging Offers 22
New Prevention Program Should Be Rolled Out in Phases 22
Phase One: Redefining the Meaning of Spying 22
Phase Two: Proving the Redefined Meaning of Spying 24
Phase Three: Getting the Messages Out 24
Locate Second-Tier Prevention Resources Under the ODNI 26
Best Practices 26
Employees Temporarily Immune to Prevention Messages 27
No Claim This New Prevention Program is a Perfect Solution 28
Legal Hurdles to Be Overcome 28
SECTION H 29
Conclusions 29
Detection is Necessary But Not Sufficient 29
Missing Links: Two Off-Ramp Exits 29
To Move “Left of Boom,” a Full Spectrum Solution is Needed 29
Final Message 29
ENDNOTES 30
PAGE 1NOIR White Paper#3: Prevention: The Missing Link
S E C T I O N A :
THE PROBLEM: INSIDER THREAT
Recent dramatic security breaches have drawn in- creasing attention to the insider threat problem. These breaches have captured headlines and have featured perpetrators such as classic state-sponsored insider spies like the recent Chinese moles as well as so-called whis- tleblowers like Chelsea Manning and Edward Snowden. My previous white paper, NOIR, proposed an off- ramp exit solution, which does not yet exist, for those who have crossed the line. Quoting Sun Tzu: “Always leave your enemy an exit.”1 Extending the logic, why not off-ramp exits, meaning robust prevention mechanisms, for before they cross the line?
ANALYZING FAILED LINKS IN SECURITY CHAINS
