Menu Close
Trump 2020 signs hang in front of the Capitol Building.
Violent protesters, loyal to then-President Donald Trump, storm the U.S. Capitol on Jan. 6, 2021. (AP Photo/John Minchillo)

The Capitol Hill riots expose the problem of identifying insider threats

The U.S. Capitol Hill riots were a shock to many and both the January 6th Committee and the FBI search of Trump’s Mar-a-Lago residence have only reignited these concerns.

Following Jan. 6, 2021 disinformation efforts and support by elected officials have led to fewer Americans assigning blame to Donald Trump, with many of his supporters believing the events reflected a peaceful protest or that the rioters were led by “the left.”

Divisive views of the Jan. 6 rioters demonstrate the problem in identifying who an “insider” is and how deeply complex the problem of threat identification can be.

And the problem runs deeper than a single incident. There are growing concerns in the United States of insiders threatening the integrity of the election process. The National Association of Secretaries of State has identified a number of insider threats including behaviours ranging from unauthorized access to voting machines to a failure to certify counts.

But what is an insider threat? While insider threats have become increasingly concerning, it isn’t clear that we understand them.

Defining and detecting insiders

Who is an insider? An “insider” is determined by how we see ourselves as well as how others see us. People maintain specific social identities that differ in their importance, and come to think of themselves as part of a group or as an outsider.

We also perceive others based on stereotypes and have expectations about how others will feel, think and act. Despite the many social categories and dimensions that are available, humans are inclined to parse the social world in two: in-group or out-group members.

When we discover someone is in our group, we tend to want to cooperate with them, sharing our financial and material resources, and symbolic resources like identity. By sharing resources with insiders, we become vulnerable to their exploitation. This is a major source of the perceived threat.

What constitutes a threat? When placed in groups, people tend to reject those who deviate from a perceived norm. However, cross-cultural differences can be found in terms of whether conformity is believed to be necessary or desirable.

What constitutes a threat can also depend on an organization’s or group’s norms. If values differ based on political orientation, group members with differing values might perceive others as threats.

A lock sits on top of a keyboard
If we treat everyone as a potential insider threat, we might fuel the very problem we are trying to solve. (FLY:D/Unsplash)

How do we detect insider threats? If our starting point is the assumption that insiders’ actions will confirm our expectations, then a general means to identify potential insider threats is to look for anomalies. The anomaly detection approach represents a broad framework seeking to identify employees who deviate from typical behaviours like the physical or information assets they access.

Rather than focusing on the violations themselves, we must consider people’s motivations: Acting for the public good (like a whistleblower) is fundamentally different from acting for personal gain (like a leaker). We must also recognize that people can lack any intentions, with leaks occurring as a result of negligence. Further complicating the matter, people can feel ambivalent and have divided loyalties.

Capitol Hill riots

The Jan. 6 riots at the U.S. Capitol Building provide a clear illustration of the difficulties in identifying insider threats.

While the rioters can be characterized as “deviants,” The Chicago Project on Security and Threats conducted a comparative analysis of information available on the 193 people charged in riots relative to other right-wing extremists (arrested by the FBI between 2015-2020). It found that those arrested were more representative of an “average” citizen.

Similar points can also be made about the “yellow vest” protesters and the so called “freedom convoy.”

When people interpret these events, they might focus on the progressive division in society fanned by foreign interference. However, this ignores the underlying causes of division that can be capitalized on.

A woman wearing a 'team trump' cowboy hat carries an american flag. Behind her rioters confront police wearing riot gear.
Violent protesters loyal to Donald Trump try to break through a police barrier at the Capitol in Washington on Jan. 6, 2021. (AP Photo/John Minchillo)

Responding to threats

Before we can develop detection measures to effectively counter insider threats we must understand what factors motivate insiders. If we treat everyone as a potential insider threat or traitor, we might fuel the very problem we are trying to solve.

Measures like employee surveillance programs can work, but they need to be transparent and participatory. These measures must also be commensurate with the threat, appropriate in their scope and account for cultural differences in privacy norms and surveillance. As Amazon has recently discovered, surveillance can promote distrust by employees and concern in consumers.

Techniques that can purportedly identify malicious insiders must also be designed ethically to avoid employee discrimination. Even if organizations adopt a “better safe than sorry” approach of widespread surveillance, they must consider the social and legal ramifications associated with relying on judgments made by automated systems. Responsibility and accountability ultimately reside with the developers, distributors and adopters of these methods.

There is no single set of indicators that can help us identify threats to an organization or society, especially societies that do not emphasize conformity. Many motivations are possible so understanding these motivations and differentiating between intentional and unintentional threats is the first step.

Greater efforts need to be made to identify and address the underlying issues that cause reduced cohesion within a group. Organizational and social institutions need to be more responsive to the needs of their employees and citizens. This includes promoting critical reflection about the accuracy of information online and empathy directed toward restorative justice.

Want to write?

Write an article and join a growing community of more than 180,900 academics and researchers from 4,919 institutions.

Register now