Studies in Conflict & Terrorism

ISSN: 1057-610X (Print) 1521-0731 (Online) Journal homepage: https://www.tandfonline.com/loi/uter20

The Enemy Within? The Connection between

Insider Threat and Terrorism

David BaMaung, David McIlhatton, Murdo MacDonald & Rona Beattie

To cite this article: David BaMaung, David McIlhatton, Murdo MacDonald & Rona Beattie
(2018) The Enemy Within? The Connection between Insider Threat and Terrorism, Studies in
Conflict & Terrorism, 41:2, 133-150, DOI: 10.1080/1057610X.2016.1249776

To link to this article: https://doi.org/10.1080/1057610X.2016.1249776

Published online: 27 Dec 2016.

Submit your article to this journal

Article views: 2662

View related articles

View Crossmark data

Citing articles: 4 View citing articles

Full Terms & Conditions of access and use can be found at

https://www.tandfonline.com/action/journalInformation?journalCode=uter20
STUDIES IN CONFLICT & TERRORISM
2018, VOL. 41, NO. 2, 133–150
https://doi.org/10.1080/1057610X.2016.1249776

The Enemy Within? The Connection between Insider Threat

and Terrorism
David BaMaunga, David McIlhattonb, Murdo MacDonaldb, and Rona Beattiea
a
Glasgow School for Business and Society, Glasgow Caledonian University, Glasgow, Scotland; bCentre for Trust,
Peace and Social Relations, Coventry University, Coventry, England

ABSTRACT
While the threat from terrorism has gained widespread acknowledgment
over the last decade, the infiltration of organizations by “terrorist” insiders
has not, and the potential dangers these individuals present has not been
fully explored. There is a need to understand the wider aspects of insider
threats, including motivations and attack methodologies, and to be able to
demonstrate the potential devastation that could be caused. Organizations
can attempt to mitigate the potential for insider infiltration by both terrorist
and other hostile actors, and if such individuals were within an
organization, there are procedures and strategies that can be employed to
prevent exploitation of existing organizational vulnerabilities and detection
of insiders. This article provides an informed and new approach to the
connection between insider threat and terrorism.

High-profile terrorist attacks and the resultant increase in global terrorist threat levels in
recent years have demonstrated that securing society is a highly complex and dynamic pro-
cess and as a consequence, governments face unprecedented local, national, and global chal-
lenges in achieving this. The intended and unintended consequences of terrorist actions
have impacted significantly on the capacity and capability of society to function in a manner
that attracts investment, promotes socioeconomic well-being, develops social relations and
cohesion, and delivers prosperity. Instead, terrorism has resulted in the instillment of fear,
loss of life, and destruction of property globally. The complex and ever changing nature of
terrorism has been furthered by the rapid evolution of ideology, behavior, and action, cou-
pled with the emergence of new forms of terrorist tactics and technology. It is therefore of
little surprise that research in areas related to terrorism has both evolved and increased sub-
stantially in recent decades with a cultural shift away from Northern Ireland–related terror-
ism toward emerging threats such as lone actors,1 radicalization,2 and cyberterrorism.3 One
area of focus that has not gained significant attention in the terrorism discourse, but poses a
substantial risk, is that of insider threat. While insider threat is interconnected and aligned
with terrorism, the focus of insider threat–related scholarly attention has been mostly
concerned with the development of capabilities for countering insider threat in organizations
through the development of Information technology (IT)–based security mechanisms.

CONTACT David McIlhatton [email protected] Centre for Trust, Peace and Social Relations, Coventry University,
IV5, Innovation Village, Cheetah Road, Coventry, CV12TL, England.
© 2017 Taylor & Francis Group, LLC
134 D. BAMAUNG ET AL.

The rationale for the research presented in this article is derived from the distinct lack of
literature connecting terrorism and insider threat. Most research in the current literature
base has focused on cyber-insider, insider crime/fraud, and the actions of disgruntled
employees, with little reference to the potentiality for adoption as a terrorist tactic. Indeed,
the necessity for research in this area is furthered by an evident lack of critical analysis where
the connection between terrorism and insider threat is made. In these cases, the research
predominantly identifies that terrorism is a motivating factor for insiders, but does not cate-
gorically focus on terrorism and insider threat. Discussion on the terrorist insider threat
typology is also not well advanced despite the significant threat that it poses.
This research therefore develops this rationale and is structured as follows: the second
section explores the insider threat phenomena and discusses the complexity of interpreting
what an “insider” is, as well as their motivations and key behaviors. The third section illus-
trates examples of terrorist insider attacks globally; the fourth section presents a narrative on
mitigating terrorist insider threats; and the fifth section draws conclusions.

The Insider Threat

The defining of insider threat is well established in the current literature base, with signifi-
cant scholarly attention paid to the concept of what constitutes an “Insider” and the threat
that they pose, although variation exists across security critical disciplines and by academic-
practitioner communities. Despite this, no commonly agreed definition exists. In general
terms, an insider has been defined as “someone who is entrusted with authorized access,
who instead of fulfilling assigned responsibilities, manipulates access to a system to exploit
it.”4 In a similar vein, more recent research has agreed that insider threat develops from
someone who has access to privileged resources and exploits those privileges, but is furthered
by those members of an organization who also have knowledge of internal information sys-
tems, may be involved in decision making and who are in positions of authority over critical
operations.5 Indeed, knowledge of internal systems is also critical in definitions that argue
that an insider posing a threat to an organization has developed a strong knowledge about
internal procedures, potential high-value critical targets and points of vulnerability.6 Simi-
larly, research on insider threat within the aviation industry illustrates that insider knowl-
edge allows the perpetrators to exploit vulnerabilities in the nation’s aviation systems with
the intent of causing harm.7 Greitzer et al. go further by stating that insider threat relates to
“harmful acts that trusted individuals might carry out” and that “the insider threat is mani-
fested when human behaviors depart from established policies, regardless of whether it
results from malice or disregard for security policies.”8 Brackney and Anderson refer to an
insider threat as consisting of malevolent actions carried out by an employee who is already
trusted by the organization, and who has access to sensitive information and information
systems.9
From a government perspective, there are also no agreed definitions of insider threat and
as a consequence, numerous examples exist and are usually much advanced on the defini-
tions found within the academic literature base. The National Insider Threat Task Force in
the United States describe insider threat as “a threat posed to U.S. national security by some-
one who misuses or betrays, wittingly or unwittingly, his or her authorized access to any U.S.
government resource.”10 The National Counterintelligence and Security Center builds on
this definition by asserting that those with access to U.S. government resources, including
 STUDIES IN CONFLICT & TERRORISM 135

Figure 1. Key themes emerging from insider threat definitions in the literature.

personnel, facilities, information, equipment, networks, and systems, exploit that access to
harm the security of the United States and that such malicious activity can result in incalcu-
lable damage.11 At the U.K. level, the Centre for the Protection of National Infrastructure
highlights that attacks, including criminal, terrorism, and from those seeking commercial
advantage, may depend on the co-operation of an insider. Indeed, this insider could poten-
tially be an employee or any contract or agency staff who has access to the organizations
premises, who may already work for that organization, or who may have recently joined spe-
cifically to exploit the access to that organization.12
While there are no agreed definitions relating to insider threat, there is a strong emer-
gence of key themes emanating from the literature of what defines an insider (Figure 1).
First, there is general consensus that trust is a core element exploited by those who are
engaged or may engage in insider activity.13 Second, is the notion of accessibility. Most of
the definitions that exist reference access to premises, security critical areas, or systems
within their narrative.14 Third, is the element of knowledge. In many definitions, the threat is
posed when an insider uses their knowledge of the organization and its systems and/or secu-
rity procedures to cause harm.15 The next theme that is evident in the definitional discourse
is that of the exploitation of vulnerabilities.16 The fifth theme is that of intent. In many
instances, there is a requirement that the insider must be exploiting vulnerabilities and secu-
rity protocols for commercial, criminal and/or terrorist gain and/ or to cause harm.17

Key Motivating Factors of Insider Threat

Understanding the key motivations underpinning insider attacks can in many cases be diffi-
cult to ascertain. Indeed, there may not be one single motivation attributable to such inci-
dents and in many cases, the motivating drivers may be both multiple and highly dynamic,
as well as intentional or unintentional. In turn, this adds considerably to the complexity of
countering the threat, risk and harm associated with actual attacks. While this complexity
exists, the current academic and professional discourse identifies a series of thematic motiva-
tional factors that manifest themselves in the majority of insider attacks, albeit with varying
levels of attention. The most common motivations include espionage (historically analog
136 D. BAMAUNG ET AL.

and more contemporaneously, cyber), disgruntlement (of employees), and criminal intent
(individual and organized criminal gain).
In recent years, there has been a steady rise in instances of insider activity that have been
predominantly driven by espionage.18 Indeed, most of this increase has emerged from
cyber-espionage which has seen nation-states or affiliated organizations utilizing cyberattack
methodologies to obtain military and in most cases, proprietary commercial intellectual
property, in order to counter military capabilities and enhance competitiveness and wealth
of hostile countries. While cyber has been a key strategy, the “turning” of an existing
employee into “a spy,” whether through financial incentive or under duress, has provided
numerous benefits for indirect attackers. First, the external entity does not have to penetrate
security critical sites, which in turn, potentially reduces the risk of detection. Instead, they
are able to recruit, voluntarily or involuntarily, insiders who can compromise and bypass
security measures as trusted members of staff.19 Second, the external entity does not have to
have a comprehensive knowledge and understanding of the physical or information system
location of secret information; instead, they can utilize the insider for this purpose. In a simi-
lar vein, the external attackers can utilize the insider to interpret the content of the informa-
tion that they may obtain and therefore do not need to understand the procedures,
protocols, or encryption of that secret information. In the context of a new employee, the
“insider” may have joined the organization with the express purpose of obtaining access to
information, or compromising that organization’s electronic systems.
A second fundamental motivation of an insider attack is often aligned with an individual’s
disgruntlement with their organization of work and is, in many instances, a result of that
organization’s failure to recognize an individual’s job-related achievements.20 Despite this,
Noonan and Archuleta found that there was no direct correlation between disgruntlement
and insider threat, with their research concluding that the vast majority of disgruntled staff
do not engage in actual attacks.21 Nevertheless, research conducted by Shaw and Fischer
found that 9 out of 10 cases of insider attack studied illustrated significant issues within their
employment and that in nearly all cases, those employees demonstrated signs of disgruntle-
ment and personal problems 1–48 months prior to an attack.22 These findings are furthered
by Greitzer et al. whose research highlights through a survey of professionals that disgruntle-
ment can be identified through understanding the behavior of employees in their workplace.
Indeed, the research identified that where individuals demonstrated anger toward manage-
ment and other co-workers, confrontation, and general negativity were identifiable traits of
potential threats.23 In other research, Charney identified from several in-depth studies of
insider spies that a key factor in turning an employee into a traitor has been an intolerable
sense of personal failure that they feel in relation to themselves. He opined that “how this
intolerable sense of personal failure gets managed” will decide whether a person becomes an
insider threat. Indeed, the same author also acknowledges that injury to male pride and ego
are the cause of many cases of insider threat and espionage.24
Attacks that are inherently concerned with financial gain and sabotage are undoubtedly
the most commonly researched areas in academic and practitioner discourses with many
studies not isolating single motivating factors, but instead illustrating the linkages between
motivating factors. Randazzo et al., through joint research between the U.S. Secret Service
National Threat Assessment Centre and the CERTÒ Coordination Centre, examined known
insider incidents within the banking and financial sectors (2003–2004) and established that
financial gain was the primary motivation of most attackers.25 In 2006, research conducted
 STUDIES IN CONFLICT & TERRORISM 137

by Lynch highlighted numerous examples of criminal intent by insider attackers. In one

example, data broker Acxiom Corporation was the victim of significant data theft that
resulted in losses of $5.8 million. The perpetrator was identified as a contract employee who
was subsequently sentenced to 45 months in prison.26 Indeed, Claycomb et al. illustrate that
an employee of a telecommunication company, when advised to tender their resignation,
intentionally sabotaged the IT systems of the organization, which in turn, disabled their tele-
communications and blocked emergency 911 services in four major cities. In another case of
sabotage, a disgruntled former employee who was overlooked for a full-time position
remotely accessed IT control systems for a sewage treatment plant and facilitated over
200,000 gallons of raw sewage being pumped in to nearby waterways and businesses.27

Terrorist Insider Activity

A less well researched area of insider threat is that which is driven by terrorism. This is
despite the fact that the conclusion of such terrorist insider events, in many cases, can lead
to devastating consequences. Examples of terrorist insider activity support this, such as the
2009 mass shooting that killed 13 people and wounded or injured another 43 at a U.S. Army
Soldier Readiness Processing Center (for troops being deployed in theaters overseas) in Fort
Hood, Texas. The perpetrator was a serving Army Major, Nidal Malik Hasan, who jumped
on a desk and shouted “Allahu Akbar!”—Arabic for “God is great!”—before firing from the
two pistols in his possession.28 Hasan was born in Arlington, Virginia to Palestinian immi-
grant parents and joined the Army against their wishes; however, he rose through the ranks,
pursuing a career in psychiatry. He began to doubt his military commitment due to alleged
harassment in the Army for his Muslim faith29 and had consulted a lawyer while he sought
discharge as a conscientious objector, a process that intensified after he was told that he was
to deploy to Afghanistan himself.30 During the lead-in time to his attack, he was described
by colleagues as a ticking time bomb due to his radical views on Islam, and he wrote several
papers defending Osama bin Laden. Despite the outrage of his colleagues, such behavior was
interpreted by line managers as having a keen interest in Islamic culture and Hasan was sub-
sequently promoted.31
Looking more closely at the background of Hasan, evidence suggests that he was relatively
introverted and isolated in his personal life.32 This intensified with the deaths of his parents
in 1998 and 2001 and he began a stricter practice of Islam.33 In 2001, he attended the Dar
al-Hijrah mosque in Falls Church, Virginia where Anwar al-Awlaki was Imam and two of
the 9/11 hijackers also attended.34 While the extent of the relationship at that time, if any,
between the two is unclear, al-Awlaki was not at that point viewed publicly as the inspiration
to many young English-speaking Salafi-jihadist supporters in the West,35 radicalization
leader,36 indirect enabler of terrorism,37 or the new and improved version of Osama bin
Laden,38 that he is now. This was due to al-Awlaki’s relocation to Yemen and subsequent
leadership of Al-Qaeda in the Arabian Peninsula (AQAP) and their launch in 2010 of Inspire
magazine, an AQAP-branded, English-language publication inciting and providing practical
guidance for attacks on the West.
In addition to Hasan’s clearly outspoken views, a further example of observable digital
traces or weak signals39 in his pre attack behavior is the e-mail contact that attracted the
attention of the Federal Bureau of Investigation (FBI) between Hasan and al-Awlaki from
December 1998 to June 1999.40 Hasan e-mailed al-Awlaki sixteen times, which generated
138 D. BAMAUNG ET AL.

two responses from al-Awlaki. Alarmingly in the first e-mail, he asked al-Awlaki if Hasan
Akbar would have been a martyr if he had died during his attack.41 Hasan Akbar was a U.S.
Army Sergeant who killed two U.S. Army officers and wounded fourteen others in a shoot-
ing and grenade attack at Camp Pennsylvania in Kuwait, 25 miles from the border with
Iraq. The attack was two days prior to the 2003 invasion of Iraq and at his subsequent court
martial, Akbar’s attorney argued that Akbar was concerned that the invasion of Iraq would
result in the deaths of Muslims and that U.S. soldiers would rape Iraqi women.42 Further
e-mails to al-Awlaki show that Hasan plainly expressed the view that Western forces were at
war with Islam and he sought counsel from al-Awlaki on questions such as whether suicide
bombings were acceptable, and if collateral damage was permissible in the course of a suicide
attack.43
Two years after the Hasan attack on Fort Hood, a serving Private First Class in the U.S.
Army named Naser Jason Abdo was arrested and subsequently convicted of planning a
bomb and firearms attack on a restaurant frequented by military personnel based at Fort
Hood.44 In a similar manner to Hasan, he previously sought conscientious objector status
due to his Muslim beliefs prior to deployment to Afghanistan although at the time of his
arrest, he had been reported Absent Without Leave (AWOL) and was awaiting a military
trial on charges of possession of child pornography.45 Interestingly, at one of his court
appearances Abdo shouted, “Nidal Hasan, Fort Hood, 2009,”46 which could be interpreted
as a form of contagion.47 While Abdo was linked to al-Awlaki only through possession of
the “Make a Bomb in the Kitchen of Your Mom” article from Inspire edition 1,48 the reach
of al-Awlaki expands into wider examples of insider attacks for terrorist purposes.
In 2010, a British Airways (BA) employee named Rajib Karim was arrested after it was
discovered that he had been in contact with al-Awlaki and was actively using his position
within the organization to carry out a terrorist attack on behalf of Al Qaeda (AQ).49 Karim
was an IT employee with BA and was found guilty in 2011 of plotting to blow up an aircraft,
sharing information of use to al-Awlaki and offering to help financial or disruptive attacks
on BA. In a somewhat opportunist element to his attack methodology, Karim volunteered to
join BA cabin crew during a period in time when regular cabin crew were on strike, but
failed because of a technicality.50 Within the aviation sector, vulnerabilities to terrorist forms
of insider attack can extend beyond employees of individual airlines to the wider group of
airport staff who have privileged airside access. This access can be indirectly, as was the 2006
instance where the AQ-linked individual Sohail Anjum Qureshi was in contact with a female
who was employed as a retail assistant working airside at London’s Heathrow Airport. While
the two appear to have been in e-mail contact only, Qureshi was able to obtain information
about the security searching regime from her.51 In a more direct manner, this can be seen in
the case of Terry Loewen, a 58-year-old Wichita, Kansas airport avionics technician who
claimed that Osama bin Laden and Anwar al-Awlaki were his inspiration for engaging in
violent jihad.52 He was arrested during an FBI-led operation where he believed that he was
driving a vehicle laden with explosives into the secure area of the airport to detonate the
vehicle between the airport’s two terminals at the early morning peak passenger time.53
The emergence of the self-declared Islamic State (IS) has brought the issue of insider ter-
rorist attacks in the aviation industry to a worldwide audience with the October 2015 sus-
pected bombing of Metrojet Flight 9268 shortly after departing Sharm el-Sheikh
International Airport in Egypt. It has been reported that the aircraft was destroyed by a
homemade explosive device equivalent in power to up to 1 kg of trinitrotoluene (TNT).
 STUDIES IN CONFLICT & TERRORISM 139

Although initial claims that two Egyptian baggage handlers had been arrested in connection
to the incident have since been refuted,54 it has been described in testimony to the U.S. Sen-
ate Committee on Homeland Security and Governmental Affairs that the bomb was almost
certainly smuggled aboard the Metrojet flight by an insider at Sharm el-Sheikh airport.55 IS
claimed responsibility for the bombing and subsequent reporting has indicated that the
insider may be an EgyptAir mechanic who is the cousin of an IS fighter in Syria.56 This was
followed in February 2016 with the explosion on board Daallo Airlines Flight 159 shortly
after leaving Aden Adde International Airport in Mogadishu, Somalia. The attack was
claimed by the AQ-affiliated Al-Shabaab and it has been reported that the suspected bomber
was passed a laptop-like device after having passed through security by two males, at least
one of which was an airport employee.57 While both incidents are still subject of live investi-
gations at the time of writing and further facts will emerge in due course, they serve to high-
light a potential shift in post 9/11 attacks against aviation from outsmarting screening
technologies (2001 shoe-bomb plot; 2006 liquid-bomb plot; 2009 underpants-bomb plot;
and the 2010 cargo-bomb plot) to using insider knowledge or access.58
This risk of terrorist insiders to the aviation industry can also be seen in a 2015 U.S. audit
that compared the Transport Security Agency’s (TSA) aviation worker data against informa-
tion on individuals who were known to the Intelligence Community. Specifically, the
National Counterterrorism Center (NCTC) performed a data match of over 900,000 airport
workers with access to secure areas against the NCTC’s Terrorist Identities Datamart Envi-
ronment (TIDE) and 73 individuals with terrorism-related category codes were identified.59
While the nature of these traces is not in the public domain, this figure is of concern in an
operating environment where Miami and Orlando are the only airports in the United States
that subject workers with airside access to the same security screening regime as that of pas-
sengers,60 despite such screening being in place in the United Kingdom since the early 1990s
and within the European Union since 2004.61 Following on from the January 2015 terrorist
attacks in Paris, similar concerns were raised in relation to 57 workers with airside access
who were on an intelligence watchlist as potential Islamist extremists62 which resulted in 10
airside electronic pass-key fobs for Paris Charles de Gaulle Airport having been removed
from employees and 50 employees refused access to the key.63
The anti-Western rhetoric of IS with multilevel calls for attacks in the West64 can be seen
in an insider context outwith the aviation industry, when we again look to the military. John
T. Booker, Jr. (also known as Mohammed Abdullah Hassan) was arrested in 2015 in an FBI-
led case similar to that of Terry Loewen, in that he was driving a van that he believed con-
tained a large quantity of explosives with the intention of attacking a U.S. military base.65 In
2014, he was denied entry to the U.S. Army less than a month before he was scheduled to
report for basic training due to an FBI investigation into publically available content of con-
cern on his Facebook account around him preparing to be killed in jihad. During an inter-
view, he admitted that he enlisted in the army with the intent to commit an insider attack
against American soldiers like Major Nidal Hassan had done at Fort Hood and stated that if
he went overseas and was told to kill a fellow Muslim, he would rather turn around and
shoot the person giving orders.66 Shannon Maureen Conley was arrested in 2014 while
attempting to travel to Turkey on a one-way ticket with the intention of marrying a Tunisian
IS fighter in Syria. In a move away from using her position as an insider for direct targeting
purposes such as Hasan, Abdo, and Booker, Conley had become a U.S. Army explorer to
learn American combat tactics that she could then teach to IS fighters in Syria.67 This
140 D. BAMAUNG ET AL.

exploitation of sensitive techniques and tactics can also be seen with the desertion of a ser-
geant in the Netherlands Royal Air Force who is believed to have joined IS.68 He had access
to information on the computer systems of the Apache attack helicopters, causing the Minis-
try of Defence to immediately encrypt the information on the helicopter systems to prevent
him from accessing the data anymore.69
However, the union of insider threat and terrorism is not limited to the post-9/11 Islamic
extremism examples above. The wider connection of insider threat and terrorism in contem-
porary times ranges from the assassination of Indira Gandhi in 1984 by two of her Sikh
bodyguards (in apparent retaliation for the Indian military storming of the Golden Temple
in Amritsar),70 to the 2004 Northern Bank robbery in Belfast in which suspicions were raised
by the media and the security forces about the possibility of Provisional Irish Republican
Army (PIRA) involvement.71 The insider aspect to this last example was actually due to the
tiger-kidnap style hostage taking of two families to coerce two senior executives to bypass
the security systems of the bank and facilitate the robbery.72 Such examples are by no means
exhaustive and serve to highlight the diverse range of insider threat aspects that can appear
as terrorist attack methodologies.

Mitigating Terrorist Insider Threat

In order to mitigate insider activity of this nature, it is important to understand, develop, and
employ appropriate policies and procedures within organizations. Given the complexity
involved in terrorist insider threat and the disparate motivations and consequences that are
experienced, it is essential that any mitigation measures transcend high-level organizational
policy and are delivered operationally in a holistic manner. As previously discussed, the
motivation or “drivers” of insider attacks can be many and varied. Irrespective of what they
are, there is an urgency and fundamental need to understand, counter, and mitigate such
activities. This research proffers that the most effective way to achieve this is through a holis-
tic approach to security within the organization, which is centered on the concept of inte-
grated security management connecting personnel (people) security, physical security, and
cybersecurity. The rationale behind a holistic approach is due to the interdependencies that
exist between these three security strands. Essentially, if one of these fails, the others may
become compromised. The connection point between each of these is the development of
procedures that can be applied across all three of these security strands. Failure to comply
with security procedures may compromise an organization despite strong security processes
in other areas. Research has found that many organizations do not have a cohesive link
between these three areas, and the resultant disjointed approach presents the identification
of organizational weaknesses that may lead to opportunities for exploitation.73 Indeed, many
of these opportunities relate to issues connected with human resource management and
organizational culture.
From a personnel (people) security perspective, there are a number of countermeasures to
insider attack that can be employed. An insider threat can come from a number of stages in
an employee’s working life cycle and it is therefore fundamental that such stages are rou-
tinely managed. Identifying signs of disgruntlement or changed behavior patterns among
the workforce could be important indicators of potential threats by individual employees
and should be acted on at an early stage. This process should commence as early as the first
day of employment and continue to an employee’s dismissal, resignation, or retirement.74 It
 STUDIES IN CONFLICT & TERRORISM 141

could be opined that the process should even commence before the first day of employment
and potentially from the day a job application is received, and research of that potential can-
didate commences. There are certain predisposed traits exhibited by potential insiders that
can be impacted by situational stressors within an organization, and the general organiza-
tional environment. By screening potential employees for these traits and rejecting those
who show strong indications of them, it may be possible to reduce the overall risk from
insider attack.75 There are several personality tests and assessments available, which can be
used from the initial recruitment stage, through to the final stages of employment, to flag
potential or actual issues of concern with employees.76 If an organization was being deliber-
ately targeted by a terrorist group, the threat group may attempt to infiltrate an “insider”
into the targeted organization. Such an attack form carries many risks for the terrorists. The
“insider” must undergo some form of recruitment process, where candidates will be screened
in an attempt to mitigate some of the infiltration techniques that can be used during recruit-
ment. These include the provision of exaggerated experience/skillsets, false qualifications/
certification being presented, or the provision of false references.
The deterrence process to prevent recruitment of an employee that may pose a
potential insider threat, particularly for security-critical jobs, can start at the job adver-
tisement stage. By introducing awareness that full security screening would be required
for successful applicants, it can serve as a filter for ‘problem individuals.”77 It may
therefore be possible to screen out some individuals who would see the risk of under-
going the full recruitment and vetting process as too great. There should also be some
form of background check carried out, and for organizations that work within a high
security sector, these checks could be comprehensive and intrusive. Properly conducted
background checks may reveal inconsistencies in the job applicant’s story and provide
a warning to the recruiters. Nevertheless, some groups may spend considerable time
and effort attempting to subvert the recruitment process and therefore checks must go
beyond an individual’s background, and focus on aspects such as an individual’s char-
acter. While it may seem rudimentary, threat mitigation measures must involve the rig-
orous checking of a job applicant’s referees and previous employers. In practice,
however, many organizations do not carry out proper confirmatory checks in relation
to this and as a consequence may leave themselves open to attack. These checks should
be well structured and capture the information that the potential employer seeks to
understand in a manner that ensures factual information is provided.
Document verification is another area where significant accuracy must be achieved.
Training in the identification of fraudulent documentation must be delivered to all staff
responsible for document verification. Despite this, research has shown that many organiza-
tions do not train front line staff sufficiently to identify discrepancies in key documents.78
Research carried out by BaMaung and Beattie (2014) found that in many cases the responsi-
bility for checking documentation of job applicants (e.g., birth certificates, qualifications,
driving licenses, passports) was usually delegated to a junior member of staff. These mem-
bers of staff were rarely trained in document verification and identifying fraudulent docu-
ments, and a job applicant could potentially join an organization using fraudulent means.79
Even if this individual had no initial wish to compromise the organization, they could be left
vulnerable by this fraudulent activity and open to blackmail or compromise in the future,
should someone find out. Until an encrypted message standard is achieved across sectors
whereby methods such as steganography are adopted by those issuing documentation, the
142 D. BAMAUNG ET AL.

creation and utilization of fraudulent documents will continue to enhance vulnerability, par-
ticularly in cases where it is difficult to efficiently and effectively check documents.
Measures discussed so far may be of assistance to respond to a threat from terrorist or
other hostile individuals if they attempted to join an organization. However, if the threat is
already present within existing staff, there must be a means for suspicions by colleagues to
be voiced. Genuine whistle-blowers may face significant issues when speaking out against
their organizations practices, or activities by work colleagues. Indeed, the punishment for
this can be severe. Jeffrey Wigand exposed highly questionable practices within the tobacco
industry and his actions cost him his job, his family, and left him in relative poverty.80 This
demonstrates clearly that there is a distinct need to safeguard those who express genuine
concerns about individuals and occurrences within organizations. While this example is not
terrorist focused, the need to protect colleagues or other individuals who are concerned
about an employee’s behaviors, which may have a terrorist motive and impact, is fundamen-
tal. In order to provide an opportunity for legitimate worker concerns to be expressed, many
organizations have introduced anonymous staff reporting systems and this is considered a
necessary mechanism in the views of this research. While it is important to have such a sys-
tem, there must also be controls in place to ensure that misuse is minimised.
Indeed, it is also important to train staff to understand behaviors of concern in order to
protect themselves, and work toward addressing potential vulnerabilities of those who may
be possible insiders at some point in the future. There are certain predisposed traits exhibited
by potential insiders that can be impacted on by situational stressors within an organization,
and the general organizational environment. By screening potential employees for these
traits and rejecting and/or better managing those who show strong indications of them, it
may be possible to reduce the overall risk from insider attack.81 There are several personality
tests and assessments available that can be used from the initial recruitment stage, through
to the final stages of employment in order to flag potential or actual issues of concern with
employees.82
Moving beyond recruitment and human resource management related mitigation meth-
ods, a key factor in “target hardening” the working environment against terrorist or hostile
attack relates to the culture within that organization. If the organization has a weak security
culture, poor security practices may be accepted as being normal. This could allow a hostile
individual, be they terrorist, criminal, or disaffected employee, to better avoid detection of
potential aberrant behavior. Research has been carried out into organizational culture but
the ability to change poor or weak security culture and wider organizational culture is
extremely difficult and may only be achieved over years or decades rather than weeks or
months.83 The simple matter of raising awareness at an executive level of the danger from
insider attack or infiltration is not being achieved in many organizations. Relating the poten-
tial for insider threat to affect an organization’s “bottom line” is a message that is not getting
across to many senior managers. Research conducted by Lacey suggested that business
objectives and security cultures need to be aligned as, in many cases, they are actually incom-
patible.84 Indeed, an insider attack could potentially impact on intellectual or physical prop-
erty within an organization; however, the motivations of the insider may influence the type
of organization selected and the manner of attack.
Insider attack for financial gain may be more aligned to a criminal venture by an
employee, organized crime group. or a disgruntled employee. However, a terrorist-related
motivation involving some form of financial crime cannot be totally ruled out, as pre-attack
 STUDIES IN CONFLICT & TERRORISM 143

planning and preparation prior to terrorist attacks requires funding. This funding can either
be provided by those sympathetic to the terrorist cause, or through the commission of crime
(including theft and fraud). The U.S. Department of the Treasury has undertaken a detailed
examination of potential funding opportunities that can be exploited by terrorist groups to
support their activities. These can vary from kidnapping for ransom, extortion, drug traffick-
ing, and other criminal activity, through to private donations and misuse of charitable
organizations.85
Should an employee be identified by a colleague or other person as presenting “behaviors
of concern” it is critical that an integrated approach be taken to review the matter and that
all relevant stakeholders are involved in this (e.g., line managers, human resources, Informa-
tion Security, legal, and Information Technology). An integrated approach to security would
then ensure that an insider threat was mitigated against by ensuring appropriate physical
security measures, such as access control, are in place to hinder or disrupt behavior by the
insider. This can be augmented by a cybersecurity response involving the analysis of infor-
mation accessed by the individual, prevention of data lifting/destruction, back-up data pro-
cedures, and monitoring of an individual’s use of systems.
The importance of procedures within an organization is critical to any integrated
approach. This would include issues such as enforcement of a clear desk policy, prevention
of tailgating through particular areas, password control and management, as well as operat-
ing a need-to-know approach for the most sensitive documents and systems. In 2015, the
Centre for the Protection of National Infrastructure (CPNI) published their findings in rela-
tion to poor workplace practices and behaviors (CPNI, 2015). This identified seven key secu-
rity culture issues in the workplace that enhance vulnerability to insider attack86:
 Staff not wearing their pass while in the office or forgetting to take it off when they leave
work;
 Computers left unlocked when staff are away from their desks;
 Staff continuing sensitive discussions outside the meeting room;
 Sensitive documents being left out for anyone passing by to see;
 Sensitive materials being destroyed inappropriately, such as not using a shredder;
 Staff ignoring company security policies and measures; and
 Letting visitors walk around the office unescorted or without a pass.
At a more strategic level a clear link was identified by CPNI between an insider act taking
place and exploitable weaknesses in an employer’s protective security and management pro-
cesses. The organizational-level factors identified87 relate to:
 Poor management practices;
 Poor use of auditing functions;
 Lack of protective security controls;
 Poor security culture;
 Lack of adequate, role-based, personnel security risk assessment;
 Poor pre-employment screening;
 Poor communication between business areas;
 Lack of awareness of people risk at a senior level; and
 Inadequate corporate governance.
If these simple security procedures were complied with by everyone within the organiza-
tion, the opportunities available to the “insider” would be greatly reduced. An important
strand to a mitigation strategy should be the acknowledgment of the potential impact of
144 D. BAMAUNG ET AL.

insider threat and inclusion of this threat within the organization’s risk register. Only by
acknowledging the risk, assigning a strategic risk owner, and developing a risk mitigation
strategy, will the issue begin to be addressed in a cohesive manner. When calculating the
level of risk and mitigation measures required, it may be necessary to consider the different
types of insider threats and calculate both the likelihood of such an attack happening and
the impact of such an attack. Another consideration to be factored in is the potential reputa-
tional damage if a terrorist insider attack occurs.
Finally, the need to have clear procedures regarding departing employees cannot be over-
emphasized. It is essential that access to sensitive information is withdrawn, along with pass-
word access and dial-in numbers.88 Approaches in organizations vary considerably. Some
refuse, with immediate effect, to allow access to employees who have been suspended or
fired. Others allow employees to continue accessing systems once they have been advised of
the termination of their employment. While this article does not provide a definitive list of
all actions that could/should be taken by an organization if they find themselves in the
unfortunate position of having an insider present, it should provide a wider understanding
of the dangers presented by potential terrorist insiders. Once this danger is recognized and
acknowledged, it is then possible to develop an appropriate mitigation strategy.

Conclusions
While the causes and impacts of terrorism are widely researched, there has been very little
research conducted in the area of insider threats to organizations, motivated by terrorist individu-
als and ideologies. The impact a terrorist insider could have, if located within a critical infrastruc-
ture or key organization, could be immense and there is a need to explore this topic further.
Examples are already available of individuals who have been within organizations and have been
motivated by terrorist ideologies, to attack their organization and colleagues, and there is informa-
tion available that can be used to mitigate the opportunities for this type of threat to develop to
attack stage in the future. In order to successfully combat insider threat, there is a need for strategic
engagement and support within organizations in the development of insider threat mitigation
strategies, and this must involve a holistic security approach to the threat, with engagement of the
whole workforce. Without this strategic drive and widespread engagement with staff, any
attempts to mitigate the threat from insider attack will be limited in impact.

Notes
1. See Paul Gill, Lone Actor Terrorists: A Behavioral Analysis (London: Routledge, 2015) and Paul
Gill, John Horgan, and Paige Deckert, “Bombing Alone: Tracing the Motivations and Antecedent
Behaviors of Lone-Actor Terrorists,” Journal of Forensic Science 59 (2014), pp. 425–435.
2. See Andrew Silke, “Holy Warriors: Exploring the Psychological Processes of Jihadi Radicalisa-
tion,” European Journal of Criminology 5 (2008), pp. 99–123; John Horgan, “From Profiles to
Pathways and Roots to Routes: Perspectives from Psychology on Radicalization into Terrorism,”
The Annals of the American Academy of Political and Social Science 618 (2008), pp. 80–94;
Michael King and Donald M. Taylor King, “The Radicalization of Homegrown Jihadists: A
Review of Theoretical Models and Social Psychological Evidence,” Terrorism and Political Vio-
lence 23 (2011), pp. 602–622.
3. See James A. Lewis, “Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber
Threats,” Center for Strategic & International Studies (2002). Available at http://csis.org/files/
 STUDIES IN CONFLICT & TERRORISM 145

media/csis/pubs/021101_risks_of_cyberterror.pdf (accessed 4 May 2003); Jonathan Matusitz,

“Social Network Theory: A Comparative Analysis of the Jewish Revolt in Antiquity and the Cyber
Terrorism Incident over Kosovo,” Information Security Journal: A Global Perspective 20 (2011),
pp. 34–44.
4. Nathan Einwechter, “Preventing and Detecting Insider Attacks Using IDS.” Available at http://
www.symantec.com/connect/articles/preventing-and-detecting-insider-attacks-using-ids
(accessed 15 September 2010).
5. D. Shalini Punithavathani, K. Sujatha, and J. Mark Jain, “Surveillance of Anomaly and Misuse in
Critical Networks to Counter Insider Threats Using Computational Intelligence,” Cluster Com-
puting 18 (2015), pp. 435–451.
6. Christian W. Probst, Ren
e Rydhof Hansen, and Flemming Nielson, “Where Can an Insider
Attack?” in Theo Dimitrakos, Fabio Martinelli, Peter Y. A. Ryan, and Steve Schneider, eds., For-
mal Aspects in Security and Trust (Berlin and Heidelberg: Springer, 2007), pp. 127–142.
7. Jon M. Loffi and Ryan J. Wallace, “The Unmitigated Insider Threat to Aviation (Part 1): A Quali-
tative Analysis of Risks,” Journal of Transportation Security 7 (2014), pp. 289–305.
8. Frank L. Greitzer, Lars J. Kangas, Christine F. Noonan, Angela C. Dalton, and Ryan E. Hohimer, “Iden-
tifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats,” 45th
Hawaii International Conference on System Science (2012), pp. 2392–2401. Available at http://www.
computer.org/csdl/proceedings/hicss/2012/4525/00/4525c392.pdf (accessed 22 December 2015).
9. Richard C. Brackney and Robert H. Anderson, “Understanding the Insider Threat. Proceedings of
a March 2004 Workshop,” RAND Corporation (2004). Available at http://www.rand.org/content/
dam/rand/pubs/conf_proceedings/2005/RAND_CF196.pdf (accessed 15 December 2015).
10. National Insider Threat Task Force, “Mission Fact Sheet.” Available at http://www.dni.gov/files/
ONCIX/National_Insider_Threat_Task_Force_Fact_Sheet.pdf (accessed 10 July 2015).
11. National Counterintelligence and Security Center, “Insider Threat.” Available at http://www.ncsc.
gov/issues/ithreat/ (accessed 11 August 2015).
12. CPNI, “Insider Threats.” Available at http://www.cpni.gov.uk/advice/personnel-security1/insider-
threats (accessed 5 May 2015).
13. See Einwechter, “Preventing and Detecting Insider Attacks Using IDS”; Matt Bishop, “Position:
‘Insider’ is Relative,” Proceedings of the 2005 workshop on New Security Paradigms (2005),
pp. 77–78; Brackney and Anderson, “Understanding the Insider Threat. Proceedings of a March
2004 Workshop”; Greitzer et al., “Identifying At-Risk Employees”; and Probst et al., “Where Can
an Insider Attack?”
14. See CPNI, “Insider Threats”; Thomas Noonan and Edmund Archuleta, “The National Infrastruc-
ture Advisory Council Final Report and Recommendations on the Insider Threat to Critical
Infrastructures,” US National Infrastructure Advisory Council (2008). Available at https://www.
dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_critical_infrastructures_study.pdf (accessed
15 May 2015); National Insider Threat Task Force, “Mission Fact Sheet”; Greitzer et al., “Identify-
ing At-Risk Employees”; Office of Inspector General “Transportation Security Administration
Has Taken Steps to Address the Insider Threat but Challenges Remain,” Department of Home-
land Security (2012). Available at http://www.oig.dhs.gov/assets/Mgmt/2012/OIGr_12-
120_Sep12.pdf (accessed 15 July 2015); Loffi and Wallace, “The Unmitigated Insider Threat to
Aviation (Part 1)”; Brackney and Anderson, “Understanding the Insider Threat;” Einwechter,
“Preventing and Detecting Insider Attacks Using IDS”; Punithavathani et al., “Surveillance of
Anomaly and Misuse in Critical Networks to Counter Insider Threats Using Computational
Intelligence”; Probst et al., “Where Can an Insider Attack?”
15. Kevin Mitnick and William Simon, The Art of Deception (New York: Wiley, 2002); Bruce Schne-
ier, Secrets and Lies: Digital Security in a Networked World (New York: Wiley, 2000); Punithava-
thani et al., “Surveillance of Anomaly and Misuse in Critical Networks to Counter Insider
Threats Using Computational Intelligence”; and Loffi and Wallace, “The Unmitigated Insider
Threat to Aviation (Part 1).”
16. Office of Inspector General, “Transportation Security Administration has Taken Steps to Address
the Insider Threat but Challenges Remain,” Department of Homeland Security (2012). Available
at http://www.oig.dhs.gov/assets/Mgmt/2012/OIGr_12-120_Sep12.pdf (accessed 15 February
146 D. BAMAUNG ET AL.

2015) and Loffi and Wallace “The Unmitigated Insider Threat to Aviation (Part 1): A Qualitative
Analysis of Risks.”
17. See Einwechter, “Preventing and Detecting Insider Attacks Using IDS;” Office of Inspector Gen-
eral, “Transportation Security Administration Has Taken Steps to Address the Insider Threat but
Challenges Remain,” Department of Homeland Security (2012) Available at http://www.oig.dhs.
gov/assets/Mgmt/2012/OIGr_12-120_Sep12.pdf (accessed 19 August 2014); Loffi and Wallace,
“The Unmitigated Insider Threat to Aviation (Part 1)”; Probst et al., “Where Can an Insider
Attack?” Mitnick and Simon, “The Art of Deception”; Bruce Schneier, Secrets and Lies: Digital
Security in a networked world (New York: Wiley, 2000).
18. Aron Laszka, Benjamin Johnson, Pascal Sch€ottle, Jens Grossklags, and Rainer B€ohme, “Secure
Team Composition to Thwart Insider Threats and Cyber-Espionage,” ACM Transactions on
Internet Technology 14 (2014), pp. 1–22.
19. Ibid.
20. See Michelle Keeney, Eileen Kowalski, Dawn Cappelli, Andrew Moore, Timothy Shimeall, and Stepha-
nie Rogers, “Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors,” U.S
Secret Service and CERT Coordination Center/SEI (2005). Available at http://resources.sei.cmu.edu/
asset_files/SpecialReport/2005_003_001_51946.pdf (accessed 18 September 2010) and Eileen Kowalski,
Tara Conway, Susan Keverline, Megan Williams, Dawn Cappelli, Bradford Willke, and Andrew Moore,
“Insider Threat Study: Illicit Cyber Activity in the Government Sector,” U.S Secret Service and CERT
Coordination Center/SEI (2008). Available at http://resources.sei.cmu.edu/asset_files/WhitePaper/
2008_019_001_52247.pdf (accessed 14 March 2015).
21. Noonan and Archuleta, “The National Infrastructure Advisory Council Final Report and Recom-
mendations on the Insider Threat to Critical Infrastructures” (2008). On behalf of DHS and the
Secretary of the Department of Homeland Security.
22. Eric D. Shaw and Lynn F. Fischer, “Ten Tales of Betrayal: The Threat to Corporate Infrastructure
by Information Technology Insiders Analysis and Observations,” Defense Personnel Security
Research Center (2005). Available at http://www.dhra.mil/perserec/reports/tr05-13.pdf (accessed
7 October 2015).
23. Greitzer et al., “Identifying At-Risk Employees.”
24. David Charney, “True Psychology of the Insider Spy,” Intelligencer: Journal of US Intelligence
Studies 18 (2010), pp. 47–54.
25. Marisa Reddy Randazzo, Michelle Keeney, Eileen Kowalski, Dawn Cappelli, and Andrew Moore
Randazzo, “Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector,” U.S
Secret Service and CERT Coordination Center/SEI (2004). Available at http://resources.sei.cmu.
edu/asset_files/TechnicalReport/2005_005_001_14420.pdf (accessed 9 May 2015).
26. David M. Lynch, “Securing Against Insider Attacks,” Information Security and Risk Management
15 (2006), pp. 39–47.
27. William R. Claycomb, Carly L. Huth, Lori Flynn, David M. McIntire, and Todd B. Lewellen,
“Chronological Examination of Insider Threat Sabotage: Preliminary Observations,” Journal of
Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 3(2012),
pp. 4–20.
28. William H. Webster, Douglas E. Winter, Adrian L. Steel Jr., William M. Baker, Russell J.
Bruemmer, and Kenneth L. Wainstein, “Final Report of the William H. Webster Commission on
The Federal Bureau of Investigation, Counterterrorism Intelligence, and the Events at Fort Hood,
Texas, on November 5, 2009,” Federal Bureau of Investigation (2012). Available at https://www.
fbi.gov/news/pressrel/press-releases/final-report-of-the-william-h.-webster-commission (accessed
15 April 2015).
29. Brian Ross, Joseph Rhee, Anna Schecter, Avni Patel, Ethan Nelson, and Desiree Adib, “Nidal
Malik Hasan, Suspected Fort Hood Shooter, Was Called ‘Camel Jockey.’” Available at http://abc
news.go.com/Blotter/nidal-malik-hasan-wanted-army-family/story?idD9008184 (accessed 15
January 2015).
30. See Jeremy G. Carter and David L. Carter, “Law Enforcement Intelligence: Implications for Self-
Radicalized Terrorism,” Police Practice and Research 13 (2011), pp. 138–154 and Jerrold M. Post,
Cody McGinnis, and Kristen Moody, “The Changing Face of Terrorism in the 21st Century: The
 STUDIES IN CONFLICT & TERRORISM 147

Communications Revolution and the Virtual Community of Hatred,” Behavioral Sciences & the
Law 32 (2014) pp. 306–334.
31. Michael T. McCaul, “Lessons from Fort Hood: Improving Our Ability to Connect the Dots,”
Hearing before the Subcommittee on Oversight, Investigations, and Management of the Committee
on Homeland Security House of Representatives (2012). Available at http://www.gpo.gov/fdsys/
pkg/CHRG-112hhrg81127/html/CHRG-112hhrg81127.htm (accessed 10 May 2013).
32. Adrian Blomfield, “Fort Hood Shooter is Deeply Sensitive Introvert, Say Palestinian Relatives.”
Available at http://www.telegraph.co.uk/news/worldnews/northamerica/usa/6521037/Fort-Hood-
shooter-is-deeply-sensitive-introvert-say-Palestinian-relatives.html (accessed 5 December 2015).
33. Howard Schneider, “Fort Hood Suspect became more Devout after Mother’s Death, Cousin Says.”
Available at http://www.washingtonpost.com/wp-dyn/content/article/2009/11/07/AR2009110701688.
html (accessed 5 December 2015).
34. Post et al., “The Changing Face of Terrorism in the 21st Century.”
35. Jack Barclay, “Challenging the Influence of Anwar Al-Awlaki,” International Centre for the Study
of Radicalisation and Political Violence (2010). Available at http://icsr.info/wp-content/uploads/
2012/10/1283965345ICSR_ChallengingtheInfluenceofAnwarAlAwlaki.pdf (accessed 10 February
2014).
36. Webster et al. “Final Report of the William H. Webster Commission on The Federal Bureau of
Investigation, Counterterrorism Intelligence, and the Events at Fort Hood, Texas, on November
5, 2009.”
37. Ram
on Spaaij and Mark S. Hamm, “Key Issues and Research Agendas in Lone Wolf Terrorism,”
Studies in Conflict & Terrorism 38 (2015), pp. 167–178.
38. Jarret M. Brachman and Alix N. Levine, “You Too Can Be Awlaki,” The Fletcher Forum of World
Affairs 35 (2011), pp. 25–46.

39. See Joel Brynielsson, Andreas Horndahl, Fredrik Johansson, Lisa Kaati, Christian Martenson, and
Pontus Svenson, ‘‘Harvesting and Analysis of Weak Signals for Detecting Lone Wolf Terrorists,’’
Security Informatics 2 (2013), pp. 1–15 and Katie Cohen, Fredrik Johansson, Lisa Kaati, and Jonas
Clausen Mork, “Detecting Linguistic Markers for Radical Violence in Social Media,” Terrorism
and Political Violence 26 (2013), pp. 246–256.
40. J. M. Berger, “Anwar Awlaki E-Mail Exchange with Fort Hood Shooter Nidal Hasan.” Available at
http://news.intelwire.com/2012/07/the-following-e-mails-between-maj.html (accessed 7 August
2014); J. M. Berger, “The Content and Context of Anwar Awlaki’s E-mails with Fort Hood
Shooter Nidal Hasan.” Available at http://news.intelwire.com/2012/08/the-content-and-context-
of-anwar.html (accessed 7 August 2012); Webster et al., “Final Report of the William H. Webster
Commission on The Federal Bureau of Investigation, Counterterrorism Intelligence, and the
Events at Fort Hood, Texas, on November 5, 2009.”
41. Daveed Gartenstein-Ross and Lauren Morgan, “Nidal Hasan’s ‘Fairly Benign’ Correspondence
with Anwar al Awlaki.” Available at http://www.daveedgr.com/news/nidal-hasans-fairly-benign-
correspondence-with-anwar-al-awlaki/ (accessed 8 August 2014).
42. Jerome P. Bjelopera and Mark A. Randol, “American Jihadist Terrorism: Combating a Complex
Threat,” Congressional Research Service (2010). Available at https://www.fas.org/sgp/crs/terror/
R41416.pdf (accessed 5 February 2011).
43. Gartenstein-Ross and Morgan, “Nidal Hasan’s ‘Fairly Benign’ Correspondence with Anwar al
Awlaki.”
44. Alleen Brown, “Judge Won’t Toss Confession in Fort Hood Bomb Plot.” Available at http://www.
twincities.com/ci_20445118/judge-wont-toss-confession-fort-hood-bomb-plot (accessed 29 April
2012).
45. Kevin Johnson, “AWOL Soldier Charged in Bombing Plan on Texas Post.” Available at http://usa
today30.usatoday.com/news/military/2011-07-28-awol-soldier-targets-fort-hood_n.htm
(accessed 5 January 2012).
46. Susan Currie Sivek, “Packaging Inspiration: Al Qaeda’s Digital Magazine Inspire in the Self-Radi-
calization Process,” International Journal of Communication 7 (2013), pp. 584–606.
47. See Manus I. Midlarsky, Martha Crenshaw and Fumihiko Yoshida, “Why Violence Spreads: The
Contagion of International Terrorism,” International Studies Quarterly 24 (1980), pp. 262–298;
148 D. BAMAUNG ET AL.

Martha Crenshaw, Explaining Terrorism (Abingdon: Routledge, 2011); Petter Nesser, “Research
Note: Single Actor Terrorism: Scope, Characteristics and Explanations,” Perspectives on Terrorism
6 (2012), pp. 61–73; Brigitte L. Nacos, “Revisiting the Contagion Hypothesis: Terrorism, News
Coverage, and Copycat Attacks,” Perspectives on Terrorism 3 (2013), pp. 3–13.
48. Anthony F. Lemieux, Jarret M. Brachman, Jason Levitt, and Jay Wood, “Inspire Magazine: A Crit-
ical Analysis of its Significance and Potential Impact through the Lens of the Information, Moti-
vation, and Behavioral Skills Model,” Terrorism and Political Violence 26 (2014), pp. 354–371.
49. Loffi and Wallace, “The Unmitigated Insider Threat to Aviation (Part 1).”
50. Vikram Dodd, “British Airways Worker Rajib Karim Convicted of Terrorist Plot.” Available at
http://www.theguardian.com/uk/2011/feb/28/british-airways-bomb-guilty-karim (accessed 2
March 2011).
51. Dominic Casciani, “The Terrorist and the Shop Girl.” Available at http://news.bbc.co.uk/1/hi/uk/
7177702.stm (accessed 10 January 2008).
52. Eliott C. McLaughlin, “Local Man Planned Suicide Attack at Wichita, Kansas, Airport, Feds Say.”
Available at http://edition.cnn.com/2013/12/13/justice/wichita-terrorism-arrest/ (accessed 18
December 2013).
53. Loffi and Wallace, “The Unmitigated Insider Threat to Aviation (Part 1).”
54. Kathrin Hille, Daniel Dombey, and Erika Solomon, “Russia Says Terrorist Bomb Brought Down
Metrojet Aircraft.” Available at http://www.ft.com/cms/s/0/3cf20204-8d06-11e5-a549-b89a1dfe
de9b.html#axzz3tYTTSYtd (accessed 8 January 2016).
55. Peter Bergen, “The Impact of ISIS on the Homeland and Refugee Resettlement,” Testimony presented to
the U.S. Senate Committee on Homeland Security and Governmental Affairs (2015). Available at https://
www.google.co.uk/#qD%E2%80%9CTheCImpactCofCISISConCtheCHomelandCandCRefugeeC
Resettlement%2C%E2%80%9DCTestimonyCpresentedCtoCtheCU.S.CSenateCCommitteeConC
HomelandCSecurityCandCGovernmentalCAffairsC%282015%29 (accessed 15 January 2016).
56. REUTERS, “Exclusive: EgyptAir Mechanic Suspected in Russian Plane Crash.” Available at http://www.
reuters.com/article/us-egypt-crash-suspects-idUSKCN0V712V (accessed 10 February 2016).
57. Associated Press, “Somalia Plane Blast: Airport Worker ‘Handed Device to Bombing Suspect.’”
Available at http://www.theguardian.com/world/2016/feb/08/somalia-plane-blast-airport-
worker-handed-device-to-bombing-suspect (accessed 10 February 2016).
58. The Economist, “The Troubling Case of the Bomb on a Flight from Mogadishu.” Available at
http://www.economist.com/blogs/gulliver/2016/02/more-african-problem?fsrcDscn/tw/te/bl/ed/
morethananafricanproblemthetroublingcaseofthebombonaflightfrommogadishu (accessed 20
February 2016).
59. John Roth, “TSA: Security Gaps,” Statement of John Roth Inspector General Department of Home-
land Security Before the Committee on Oversight and Government Reform, U.S. House of Represen-
tatives (2015). Available at https://oversight.house.gov/wp-content/uploads/2015/11/11-3-2015-
Committee-Hearing-on-TSA-Roth-DHS-OIG-Testimony.pdf (accessed 17 January 2016).
60. Tom Costello and Tom Winter, “‘The Insider Threat Is Real’: Gaps in Airport Security
Highlighted in New Video.” Available at http://www.nbcnews.com/news/us-news/insider-threat-
real-gaps-airport-security-highlighted-new-video-n469701 (accessed 30 November 2015).
61. Justin Parkinson, “Russian Plane Crash: How has Airport Security Changed?” Available at http://
www.bbc.co.uk/news/magazine-34731146 (accessed 12 December 2015).
62. Matthew Campbell and Bojan Pancevski, “French Panic over Islamists with Runway Clearance.”
Available at http://www.thesundaytimes.co.uk/sto/news/world_news/Europe/article1638737.ece
(accessed 3 December 2015).
63. Margot Haddad and Tim Lister, “France Has Been Investigating Radicalized Public Transit
Workers, Source Says.” Available at http://edition.cnn.com/2015/11/24/europe/airport-public-
transit-employees-paris-investigation/index.html (accessed 30 November 2015).
64. Thomas Hegghammer and Petter Nesser, “Assessing the Islamic State’s Commitment to Attack-
ing the West,” Perspectives on Terrorism 9 (2015), pp. 14–30.
65. Abha Shankar, “Would-Be Suicide Bomber Targeted Kansas Army Base.” Available at http://
www.investigativeproject.org/4822/would-be-suicide-bomber-targeted-kansas-army-base#
(accessed 15 May 2015).
 STUDIES IN CONFLICT & TERRORISM 149

66. United States District Court for the District of Kansas, “United States of America V. John T.
Booker JR. a/k/a “Mohammed Abdullah Hassan,” Criminal Complaint (2015). Available at http://
www.justice.gov/sites/default/files/opa/press-releases/attachments/2015/04/10/booker_complaint.
pdf (accessed 15 December 2015).
67. Lorenzo Vidino and Seamus Hughes, “ISIS in America: From Retweets to Raqqa,” Program on
Extremism. (2015). Available at https://cchs.gwu.edu/sites/cchs.gwu.edu/files/downloads/
ISIS%20in%20America%20-%20Full%20Report.pdf (accessed 10 January 2016).
68. Louisa Loveluck, “Dutch Air Force Sergeant Joins Islamic State in First Such Desertion.” Available
at http://www.telegraph.co.uk/news/worldnews/islamic-state/11842370/Dutch-sergeant-joins-
Isil-in-first-such-desertion.html (accessed 8 October 2015).
69. Nicolai Sennels, “Holland: Dutch Soldier Who Defected to Islamic State is of Turkish Descent.”
Available at http://10news.dk/?pD1898 (accessed 10 November 2015).
70. George J. Bryjak, “The Economics of Assassination: The Punjab Crisis and the Death of Indira
Gandhi,” Asian Affairs: An American Review 12 (1985) pp. 25–39.
71. Fidelma Ashe, “The McCartney Sisters’ Search for Justice: Gender and Political Protest in North-
ern Ireland,” Politics 26 (2006), pp. 161–167.
72. Mohd Kassim Noor-Mohamed, “The Definitional Ambiguities of Kidnapping and Abduction,
and its Categorisation: The Case for a More Inclusive Typology,” The Howard Journal of Criminal
Justice 53 (2014), pp. 83–100.
73. Rona Beattie and David BaMaung, “Mind the Gap: HRD’s Role in Keeping Organization’s Safe,”
16th International Conference on Human Resource Development Research and Practice across
Europe (2015). Available at http://www.ufhrd.co.uk/wordpress/wp-content/uploads/2015/10/
MIND-THE-GAP-HRD%E2%80%99S-ROLE-IN-KEEPING-ORGANIZATIONS-SAFE.docx
(accessed 16 January 2016).
74. Michael Hanley, Andrew P. Moore, Dawn Cappelli, and Randall F. Trzeciak, “Spotlight on: Mali-
cious Insiders with Ties to the Internet Underground Community,” Software Engineering Institute
and CyLab (2009). Available at http://resources.sei.cmu.edu/asset_files/CERTResearchReport/
2009_013_001_52354.pdf (accessed 12 March 2012).
75. Eric D. Shaw, Kevin G. Ruby, and Jerrold M. Post, The Insider Threat to Information Systems—
The Psychology of the Dangerous Insider (1998). Reprinted from Security Awareness Bulletin, No
2–98. Available at http://www.pol-psych.com/sab.pdf (accessed 25 May 2015).
76. See Adrian Furnham and John Taylor, Bad Apples—Identify, Prevent & Manage Negative
Behaviour at Work (London: Palgrave MacMillan, 2011), Philip E. Vernon, Personality Tests and
Assessments (Oxford: Methuen & Co., 1953), Anne Anastasi, Psychological Testing (3rd Ed.)
(Oxford: Macmillan, 1968); Ronald J. Cohen, Mark Swerdlik, and Edward Sturman, Psychological
Testing and Assessment: An Introduction to Tests and Measurement (5th Ed.) (New York:
McGraw-Hill 2002).
77. Norman Mortell, “Screening Job Applicants,” Lab Animal 35 (2006), p. 46.
78. David BaMaung and Rona Beattie, “HRM THE MISSING LINK: Is Personnel Security a Critical
Gap in Organizational and National Security?” International Research Society for Public Manage-
ment Conference XVIII (2014); Beattie and BaMaung, “Mind the Gap: HRM/D’s Role in Keeping
Organization’s Safe.” A paper presented at the 16th International Conference on Human Resource
Development Research and Practice across Europe towards Evidence Based HRD Practice: Bridging
the Gap. 3–5 June 2015. University of Cork, Cork, Ireland.
79. David BaMaung and Rona Beattie, “HRM THE MISSING LINK: Is Personnel Security a Critical
Gap in Organizational and National Security?” International Research Society for Public Manage-
ment Conference XVIII (2014).
80. Rick Lyman, “A Tobacco Whistle-Blower’s Life Is Transformed.” Available at http://www.
nytimes.com/1999/10/15/us/a-tobacco-whistle-blower-s-life-is-transformed.html (accessed 30
October 1999).
81. Shaw et al., The Insider Threat to Information Systems.
82. See Furnham and Taylor, “Bad Apples;” Vernon, “Personality Tests and Assessments”; Anastasi,
“Psychological Testing”; and Cohen et al., “Psychological Testing and Assessment: An Introduc-
tion to Tests and Measurement.”
150 D. BAMAUNG ET AL.

83. See Gary M. Jackson, Predicting Malicious Behaviour—Tools and Techniques for Ensuring Global
Security (Indianapolis: John Wiley & Sons, 2012), David Lacey, Managing the Human Factor in
Information Security (Chichester, England: John Wiley and Sons, 2009); Glenn R. Smith and
Brian H. Kleiner, “Differences in Corporate Cultures and their Relationship to Organizational
Effectiveness,” Leadership and Organizational Development Journal 8 (1987), pp. 10–12.
84. David Lacey, Managing the Human Factor in Information Security: How to Win Over Staff and
Influence Business Managers (Chichester, England: John Wiley & Sons, 2009).
85. U.S. Department of the Treasury, “National Terrorist Financing Risk Assessment 2015.” Available at
https://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Terrorist%
20Financing%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf (accessed 21 March 2016).
86. CPNI, “Workplace Behaviours Campaign.” Available at https://www.cpni.gov.uk/advice/Person
nel-security1/Workplace-behavior-campaign/ (accessed 10 December 2015).
87. CPNI, “CPNI Insider Data Collection Study—Report of Main Findings,” Centre for the Protection
of National Infrastructure (2013). Available at https://www.cpni.gov.uk/Documents/Publications/
2013/2013003-insider_data_collection_study.pdf (accessed 12 February 2015).
88. Mitnick and Simon, “The Art of Deception.”