Among Enterprise Threats to government, industry and other types of organizations—such as attacks by external adversaries, strategic failures, and problems caused by employees—insider threats[1] are becoming more frequent and costly (Ponemon Institute, 2020, 2022; VentureBeat, 2022). In response, organizations have long embraced the need for better integration of sensor data, services, and training for catching external attackers and malicious insiders. Such integration can be characterized as a “NET” approach to “Neutralizing Enterprise Threat.” Several research-based insights from a companion article (Lang, 2022) suggest there needs to be more attention to the role that human factors play in addressing insider threats, especially for identifying and reducing risky behavior by non-malicious insiders. This requires organizations to also embrace the utility of the security net serving as a “safety net,” i.e., to catch and (when possible) rehabilitate risky insiders who have “slipped” because of negligence or struggles with alcohol, drugs, untreated mental health problems, acute stressors, toxic supervisors, or harmful organizational cultures. This article provides background on PERSEREC research efforts that may be useful in exploring our extant products, as well as planned efforts of the “Threat Lab” to assist practitioners and collaborators across governmental and nongovernmental sectors. In addition, this article calls for a more robust stakeholder network for countering insider threats—specifically more integration, information sharing, and collaboration among organizational leaders, policy-makers, operations managers, social scientists, education and training experts, Human Resource specialists, and security professionals.

Collaboration and the promulgation of best practices are key goals of ODNI’s National Counterintelligence and Security Center (Rohrer, 2022), DoD’s Counter-Insider Threat Program (Millick, 2022), and DoD’s Personnel and Security Research Center “PERSEREC”—the partners who created PERSEREC’s Threat Lab and the new journal Counter-Insider Threat Research and Practice (CITRAP). For example, an objective of CITRAP is to accelerate progress on understanding and countering Insider Threats by sharing reliable, useful, science-based, and freely available analyses, insights, and tools. As the Editor-in-Chief notes (Greitzer, 2022), the articles published in CITRAP’s inaugural issue serve this objective well. With hopes and plans to become the premier journal focused on countering insider threats, CITRAP has the potential to play an increasingly productive role in strengthening the capabilities and connections of the network of stakeholders in this area.

Understanding PERSEREC’s history and plans, especially regarding the Threat Lab will help readers use and integrate extant research and tools, as well as facilitate creative collaborations and problem-solving across the stakeholder network interested in mitigating insider threats. Established in 1986,[2] PERSEREC is a research center dedicated to improving the effectiveness, efficiency, and fairness of personnel suitability, security, reliability, and insider threat policies and programs. We accomplish this by conducting programmatic research (approximately 90% applied vs 10% basic), working closely with stakeholders, users, and other subject matter experts who value science-based policy recommendations and tools. “Applied science” typically involves translating and testing basic research in real-world settings to ensure validity, reliability, and operational integrity. Designing and conducting applied science often involves managing an inextricable braid of three factors: science, politics, and money (Lang, 2007). PERSEREC primarily supports DoD but, because security risks and policies often pertain across government and nongovernment sectors, we routinely consult and collaborate with many non-DoD agencies and key U.S. international partners.

PERSEREC was founded on the premise that programmatic proactive research would yield unique benefits over and above reactive, emergency-coping activities that occupy many government research centers. Consequently, although PERSEREC often addresses problems that suddenly gain prominence (Prina & Rose, 2022), many of our most significant contributions have come from early identification and creative explorations of challenges and opportunities that were likely to (and did) emerge. In several areas PERSEREC initiated research more than 10 years before an emergency captured the attention of leaders in Congress and Executive Departments. For example, PERSEREC scientists recognized the need to better understand extremism risk issues in the military and began working in this area 15 years before the January 6, 2020, White House incident (e.g., Buck et al., 2005). Other examples that led to government implementation include fair and effective innovations in (1) continuous evaluation—started in the 1990s (Herbig et al., 2013), (2) automated clean-case “eAdjudication”—started in the early 2000s (Youpa et al., 2012), and (3) social media assessments of risk—started in the late 2000s (Baweja et al., 2019). Innovations in effectiveness and fairness often go hand-in-hand with time and cost efficiency. In addition to improving quality and efficacy, PERSEREC’s applied research has resulted in government cost-avoidances of hundreds of millions of (U.S.) dollars–for example, implementation of PERSEREC’s empirically based “Phased Periodic Reinvestigation” and “eAdjudication” recommendations resulted in government cost-avoidances of over $300M.[3]

PERSEREC’s early work on the personnel security clearance system—including innovations in background investigations, adjudications and Continuous Vetting—resulted in useful contributions and led government stakeholders to request further actionable research in related personnel risk, HR, and security areas. Consequently, PERSEREC has provided empirically-driven insights and applications in areas such as extremism, suicide and sexual assault, social media, mental health stigma, security awareness, as well as security training, education, and credentialing. This expansion of PERSEREC’s personnel security science into other personnel risk areas made it increasing clear that human behavior is often ambiguous and that initial indicators of potential concern frequently identified individuals with non-malicious intent who could effectively be addressed by HR rather than security staff. Security nets could also serve as safety nets.

We invite readers to access additional details on PERSEREC’s history, areas of research, and contributions, as well as selected open source research reports and tools (available for download) from https://www.dhra.mil/PERSEREC/, https://www.OPA.mil/, and https://opa.mil/research-analysis/personnel-security/insider-threat/.

As outlined in the box below (and the resources available from the web links within the box), the Threat Lab was designed to draw on relevant social and behavioral science to strengthening the three critical nets for countering Insider Threats—the security net, safety net, and stakeholder net. The Threat Lab is now at the forefront of developing innovative, science-based, and practical tools to counter Insider Threats.

PERSEREC’s Threat Lab

One of DoD’s Counter-Insider Threat (C-Int) Program goals was to establish Social and Behavioral Science (SBS) as a foundational pillar of DoD’s C-Int Program in each of DoD’s 45 component organizations as well as at the DoD “enterprise” (cross-component) level. PERSEREC established the Threat Lab in 2018 to build that SBS foundation (Millick, 2022) and to be a global leader in creating and sharing SBS knowledge to counter insider threats.

Threat Lab Sponsors include (1) DoD C-InT Program (within the Office of the Undersecretary of Defense, Intelligence & Security, (2) National Counterintelligence and Security Center (NCSC), and (3) National Insider Threat Task Force. NCSC and the National Insider Threat Task Force, as well as related component Enterprise Threat-Mitigation Directorate, are within the Office of the Director of National Intelligence (ODNI).

Threat Lab Partners include government stakeholders, industry experts, academia, and university-affiliated research centers. As we work on standing up a centralized Threat Lab website (expected in 2023), dozens of extant resources, research reports, tools, and videos can be found at https://www.cdse.edu/Training/Toolkits/Insider-Threat-Toolkit/ (click on the “Research” rectangle). Examples of available resources include

  • Intellectual Property (IP) Theft & Workplace Violence – Case Studies
  • Insider Threat Organizational Culture (Ecosystem), Risk Communication – Playbooks
  • Critical Thinking, Dangerous Disclosures – Graphic Novels
  • Professionalization Road Map & Professionalization Judgment Tools – Guides & Explainer Videos; Certified C-InT Professional Program
  • Educating the Next Generation – Exportable Curriculum, Needs Assessment & Student Symposium
  • Increasing Workforce Commitment & Loyalty in the 21st Century – Research Note

The Threat Lab also hosts online forums such as the Annual Social & Behavioral Sciences Summit, held each September since 2020 in conjunction with National Insider Threat Awareness Month (NITAM). The C-InT SBS Summit was designed to deploy and share knowledge, strengthen relationships across the global C-InT stakeholders and Communities of Practice, and integrate research into operations through delivery of relevant artifacts. This unique, virtual C-InT SBS Summit offers meaningful matchups among many stakeholders, including psychologists, analysts, researchers, law enforcement professionals, lawyers, HR personnel, and C-InT program managers (2022, https://sbssummit.com/)

In summary, managing the variety and increasing frequency of insider threats will require a network approach (1) within organizations, and (2) across stakeholder communities. Within organizations, this is best accomplished by a team that integrates knowledge and skills in “HR, security, clinical psychology (or behavioral analytics), and, preferably, an insider threat specialist” (Lang, 2022). As has been shown in similar areas, such as Threat Assessment and Management (T.A.M.), an integrated approach serves as both a security net and a safety net: “T.A.M. seems like an unusual type of [security] intervention, in that one of its most measurable consequences—increased support for [insiders] who need it—may be good in itself” (Hutson, 2022).

Networking across counter-insider threat stakeholder communities will require concerted and strategic collaborations among individuals in government agencies, industry, and academe, especially those with expertise in social/behavioral science, security, HR, insider threat, program management, clinical techniques, education and training, policy-making, and leadership. For such a network to be successful “building trust and mutual commitment among stakeholders” (Beneda et al., 2022) must be active goals. Organizational and national security are at stake. Participation is key. Please accept the CITRAP, Threat Lab, and this article as invitations to get involved.

  1. “Insider threat” is an umbrella term covering the potential for “any person who has or had authorized access to, or knowledge of, an organization’s assets and resources, to use their authorized access, wittingly or unwittingly, to bring harm to the organization’s mission, resources, personnel, facilities, information, equipment, networks, or systems” (U.S. Cybersecurity & Infrastructure Security Agency, n.d.).

  2. PERSEREC is a U.S. DoD entity in OPA, which is a component of the Defense Human Resources Activity under the Office of the Undersecretary of Defense (Personnel and Readiness). PERSEREC was established in response to a recommendation in the 1985 report from the Commission to Review DoD Security Policy and Practices (typically referred to as the Stilwell Commission) that was convened in response to several devastating espionage incidents such as John Walker.

  3. The Phased Periodic Reinvestigation (PPR) was an investigative option from 2005-2016.