Insider threats often ignored


CISAC's Scott Sagan writes in a new book that organizations tend to ignore the many red flags typically associated with insider threats.
Photo credit: 
xijian/Getty Images

Whether it’s WikiLeaks and CIA documents or nuclear thieves, the danger from insiders in high-security organizations is escalating in our Internet age.

But many threats from within go unrecognized or misunderstood, according to Stanford professor Scott Sagan, who co-edited a new book Insider Threats with Matthew Bunn, a professor of practice at Harvard University. Their work analyzes the challenges that high-security organizations face in protecting themselves from employees who might betray them. Sagan, a core faculty member in Stanford's Center for International Security and Cooperation, and Bunn recently participated in an online discussion of the book’s key arguments. They will hold a talk and book signing at 3:30 p.m. on May 16 in the CISAC Central Conference Room.

Sagan and Bunn wrote, “Perhaps the most striking lesson we learned in working with scholars and officials who have dealt with this problem was the sheer scale of the red flags – from explicit statements of support for Osama bin Laden to behavior leading other staff to fear for their lives – that organizations are able to ignore.”

They found that organizations tend to have biases that cause them to downplay insider threats. In particular, organizations with high-security needs face significant risks from trusted employees with access to sensitive information, facilities, and materials. 

The researchers highlight "worst practices" from these past mistakes, suggesting lessons and insights that could improve the security situations at many workplaces. Amy Zegart, co-director of CISAC, has a chapter in Insider Threats that provides a detailed account of the organizational dysfunction that allowed Nidal Hasan to carry out his massacre at Fort Hood.

Other chapters include the following topics and authors:

  • An analysis of the similar problems that led Bruce Ivins, who probably carried out the anthrax attacks in 2001, to continue to have access to deadly pathogens (by Jessica Stern, then of Harvard and now at Boston University, and Ron Schouten, of Massachusetts General Hospital and Harvard Medical School);
  • An analysis of the rapid rise and subsequent fall of “green-on-blue” attacks in Afghanistan – that is, Afghan soldiers and police officers attacking Americans there to help them (by Austin Long of Columbia University); and 
  • An assessment of how casinos and pharmaceutical plants, with a profit incentive to protect against insiders, cope with the problem (by Bunn and Kathryn Glynn, then of IBM Global Business Services and now at the National Nuclear Security Administration). 

Another chapter examines the potential terrorist use of nuclear insiders, offering new data that shows that jihadist writings and postings contain only a modest emphasis on possible nuclear plots, and essentially no mention of the possibility of using nuclear insiders. However, the authors warn this is no reason for complacency – insiders have been largely responsible for past nuclear theft incidents.


Scott Sagan, Center for International Security and Cooperation: (650) 725-2715,

Clifton B. Parker, Center for International Security and Cooperation: (650) 725-6488,