Terrorism as a global phenomenon is winding down. According to the Global Terrorism Index (GTI), the number of worldwide terror attacks has been on the decline since 2014. But now, U.S policymakers are turning their attention to the rise of “domestic terrorism” incidents around the country, which could lead us into a new era of counterterrorism efforts.
On June 15, 2021, the White House released the first strategy document specifically developed to address domestic terrorist threats, and the Pentagon has refined its definition of “extremism” with the same goal. Prominent federal officials have also expressed concerns about domestic terrorism, including Department of Homeland Security (DHS) secretary Alejandro Mayorkas and Federal Bureau of Investigations (FBI) director Christopher Wray.
What About FSOs?
Amidst all this talk, it is reasonable to ask where Facility Security Officers (FSOs) fit into this conversation, if at all. While they are rarely discussed before Congress, FSOs are on the front line of America’s national security efforts: they safeguard classified information within the Defense Industrial Base (DIB) and control access to a variety of sensitive locations, from military contractors to weapons manufacturers.
Given the potential strategic importance of an FSO’s workplace, it is not inconceivable that terrorist threats – both foreign and domestic – will one day become a greater concern for FSOs than they are now. But before we can ask what they should do about that, we have to ask a more fundamental question: what does terrorism actually look like in the context of cleared facilities?
Terrorists With Security Clearances
When government contractors talk about terrorism, they also talk about insider threats – and often enough, they are the same thing. Going back to national policy during the Obama era, “insider threat” has been a category that encompasses espionage, terrorism, and classified information theft all at once. Consequently, there is a justified tendency to assume that any terrorist activity occurring within a cleared organization arises from an insider threat.
The Cybersecurity and Infrastructure Security Agency (CISA) helps us by defining insider-threats-as-terrorists. The first part of its definition is familiar: “the unlawful use of force and violence” by employees of an organization “to promote a political or social objective.” The second part clarifies the potential scope of terrorist activities: “insiders will use their familiarity with an organization’s structure, security, building layout and other knowledge.”
As it turns out, history is replete with examples of insider threats who exploited their knowledge and trust within a cleared organization to “maximize casualties” and “sabotage systems,” which is why the post-9/11 aviation industry is so worried about them. Importantly, they don’t always do the dirty work themselves: sometimes they act as a liaison for other actors intent on the same goal.
In September of 2013, 34-year old Aaron Alexis entered a Navy Yard in Washington D.C with the help of a secret-level security clearance and proceeded to shoot facility employees with a sawn-off shotgun. Alexis racked up twelve deaths and three casualties before his spree came to an end.
In 2002, senior analyst for the Defense Intelligence Agency (DIA) Ana Belén Montes was charged with conspiracy to commit espionage against the United States for the government of Cuba. Her clandestine activities were ultimately held responsible for an attack on U.S Army forces in El Salvador which led to the death of a U.S Military Advisor.
Going back half a century, the United States was the only nation who knew how to construct a nuclear weapon in the 1940s. How did that change? While some of the details are still shrouded in mystery, it is known that an unidentified physicist from Los Alamos laboratory – one of the most secretive locations in World War II – gave plans for the bomb to soviet spy Morris Cohen.
We have often explained that a majority of insider threats are the result of non-malicious error, but the events described here are an exception to the rule. Domestic terrorists hiding in cleared organizations are not the unwitting victims of outsiders: they are malicious agents acting from the inside for ideological reasons, with diverse tactics and modus operandi.
What FSOs Need to Know
Due to the existential threat posed by compromise to nuclear facilities, the nuclear industry has paid more attention to the problem of insider threats than almost anyone else, and a recent publication from the Global Nuclear Future Initiative provides three insights that FSOs can apply within cleared organizations:
- Loyalty is not absolute – over time, FSOs will develop trust-based relationships with certain employees which can create dangerous blind spots. Not all insider threats start out with bad intentions: “ideologies, shifting allegiances or personal incentives” can corrupt them as the years go by.
- Background checks are not infallible – FSOs should bear in mind that every cleared individual who has ever gone rogue was subjected to the same rigorous security evaluations as employees who didn’t. Even during the era of continuous evaluation (CE), dangerous individuals can and will slip through the cracks.
- Rules do not enforce themselves – cleared facilities are subject to increasingly strict federal regulations, procedures and security controls. But overreliance on rules can weaken an organization’s ability to think strategically, and worse, they will often go unfollowed. This can lead to a culture “in which people follow security rules only when they find it convenient.”
While all of the above are obstacles for detecting would be domestic terrorists in a cleared organization, they are not insurmountable. In a new era of counterterrorism, FSOs will have to rely on all the resources at their disposal to identify insider threats before they act and prevent them from accessing cleared facilities in the first place.
Fighting Terrorism: FSOs As Generals
Ultimately, many FSOs are already doing everything they can to prevent insider threats, from running an effective insider threat program (ITP) to following NISPOM guidelines in a scrupulous way. But just like a general can’t win a war without soldiers, FSOs cannot prevent threat incidents without the help of their organization. For this very reason, the Defense Counterintelligence and Security Agency (DCSA) has emphasized self-reporting as a vital component of counterintelligence. It will be a vital component of counterterrorism as well.
In the past, we have written about all the reasons employees don’t report insider threats: in short, they don’t think it can happen, or it’s too inconvenient. In response, FSOs have an obligation to make their team aware of the risk that malicious insiders pose to themselves, and to their organization. They should be hyper-aware of potential targets and exercise vigilance in protecting them – the future of national security may depend on it.
Security Suite for Comprehensive Reporting
Over the past decade, the number of threats facing government organizations has increased. MathCraft’s software solutions are designed to give FSOs, CSOs and other security professionals everything they need to run a successful security program, comply with federal regulations like the National Industrial Security Program Operating Manual (NISPOM), and effectively manage contract requirements. Request a demo today!