The Manchurian Responder? How Military and Federal Government Practices Can Help State and Local Public Safety Agencies Prevent Malicious Insider Attacks TACKS



The issue of a malicious insider is one of the greatest concerns to the security of an organization, including public safety agencies; as one expert put it, it is “irrefutably one of the greatest threats to United States national security.”[1] This thesis asks: What lessons can local and state public safety agencies learn from their federal counterparts and the U.S. military about screening and preventing the malicious insider from carrying out an attack? The term “malicious insider” for this study focuses on the person who has privileged access to non-public or proprietary domains and who seeks to do harm to the organization or public in furtherance of a terrorist objective.[2]

Additionally, this thesis argues that the insider threat will evolve and include public safety agencies at both the local and state levels. It is hoped that the lessons presented and learned from federal agencies and the military can be applied at the local and state levels to prevent and deter this type of action.

If a person were to infiltrate an organization or radicalize to an extremist ideology within a local or state public safety agency, that person’s ability to operationalize and carry out an attack, whether against the agency or against the public writ large, would be exacerbated. The public sees police officers and firefighters as people upon whom they can depend for their protection. But the ability to betray that public trust exists, and it is incumbent upon leadership within the public safety disciplines to recognize and mitigate the threat before it becomes a problem.

The primary concern is: How can an organization stop this type of threat? Can the organization catch a potential malicious insider before that person is hired into the department through current pre-employment screening procedures? Currently, this author believes that a determined individual can elude detection, be hired, and carry out an attack. Most agencies depend on standardized psychological evaluations and testing to vet candidates for positions within police or fire departments.[3] These tests focus more on whether or not an applicant is mentally capable of doing the job of a police officer or firefighter, not on whether the applicant may be prone to violence or extremist activity.[4] This oversight opens the door for a person to radicalize while employed by a public safety agency, and later decide to carry out an attack by leveraging his or her status as a trusted public safety official. Background criminal history checks also have their limitations. For example, some background checks do not capture an applicant’s criminal history if the crime occurred over ten years prior, or in another state. This deficiency and others may open the door for extremists and terrorists to infiltrate a public safety department.

Much of the current research into insider threats agrees that individuals are more apt to become lone-wolf actors, who deal with their perceived grievances by themselves, rather than to engage in a larger plot or on behalf of an extremist or terrorist ideology. As a result, there are fewer opportunities within current protocols to detect these insiders before they act. Furthermore, Marleah Blades believes that each new study released on the malicious insider confirms that these individuals pose a major threat to organizations in both the private and public sectors.[5]

There are conflicting views on which type of malicious insider will pose the greatest risk. Nicholas Catrantzos argues that an outside infiltrator poses a greater risk than a disgruntled insider.[6] He believes that the disgruntled insider is potentially unstable and difficult to control, making him or her unreliable; because this type of individual cannot be trusted with a devious plan, he or she is more likely to commit an act of workplace violence than terrorism.[7] In comparison, James Kenny shifts blame from the employee to the organization; he believes that “organizations can produce or facilitate aggressive work climates that may instigate violence by employees, clients or external intruders.”[8] This thesis recognizes the threat from an infiltrator, but contends that the greatest threat comes from the employee already within the ranks.

Currently, public safety agencies conduct psychological evaluations to assess potential new hires’ prospective success in the career field. Therefore, it is important to understand how psychological testing is used to eliminate candidates from employment, and the deficiencies of these exams in identifying potential insider threats. Timothy Roufa suggests that the focus of these exams is to prevent the organization from hiring an individual who does not possess the desired traits for public safety officers.[9] These tests were not initially designed for pre-employment screening, but rather for diagnostic purposes related to psychopathology.[10] Where it relates to preventing the hiring of a terrorist or other extremist, these procedures appear to miss the mark; most terrorists are not linked to mental health problems, according to Clark McCauley.[11] Jeff Victoroff agrees, saying psychopathology is not found in the majority of terrorist actors.[12]

With the current screening models employed in local and state public safety hiring practices, terrorists can gain employment into a department or agency if they are not disqualified for other reasons, granting them access within the agency and a status of trust throughout the community. While much available literature explains the process of radicalization, there is less literature about the process of how an insider threat is created.

For the purpose of this study, two models are used to outline the basics of how persons are radicalized: Mohammed Hafez and Creighton Mullins’s “radicalization puzzle,” and Fathali Moghaddam’s “staircase to terrorism.” Hafez and Mullins postulate that those who radicalize to an ideology are influenced by four factors that lead to extremism: grievances, networks, ideologies, and enabling structures.[13] This framework was chosen for this thesis because it is flexible enough to be applied to the wide swaths of extremist and terrorist ideologies, and for its simplicity. This is compared to Moghaddam’s staircase to terrorism model, which has its merits, but focuses more on the psychological aspects of radicalization.[14] Both theories agree that individuals who turn to terrorism are seeking to correct a grievance or feeling of deprivation.[15] Additionally, they both agree that group and network building is a major part of radicalization; groups help the individual feel like a part of something greater, and fill an empty space in his or her life.[16]

As there have been no cases to date of local or state public safety officials conducting a domestic terrorist attack, it is necessary to look to examples of radicalization among government employees in the United States as well as overseas. Of the four cases explored in this thesis, two involved persons in the United States—one a soldier and the other a public employee. The third case comes from overseas, while the fourth case examines a local police officer who did not carry out a violent attack, but was in a position to do so after radicalizing.[17] These cases help us understand the risk that a violent insider represents, and also indicate the types of behaviors and precursors to an attack that such individuals may demonstrate. The cases discussed are as follows:

Major Nidal Hasan perpetrated attacks in Fort Hood, Texas, in November 2009, killing thirteen people and injuring thirty-one. Hasan entered a soldier readiness center where he worked, and began shooting soldiers who were deploying to or returning from conflicts overseas.

Syed Farook, a public health inspector for the San Bernardino County Department of Public Health—with his wife, Tashfeen Malik—shot and killed fourteen people and severely wounded twenty-two at a holiday party at the Inland Regional Center on December 2, 2015.

On October 23, 2016, Mevlut Mert Altintas, an Ankara police officer, assassinated Andrey Karlov, the Russian Ambassador to Turkey, at an art exposition. Altintas, who was off duty that day, used his police credentials to obtain access to the event and to side-step metal detectors and other security measures, which allowed him close access to the ambassador.[18]

Finally, Nicholas Young, a Washington, DC, transit officer was arrested and convicted of providing support to a foreign terrorist group. Though Young never carried out an attack within the United States, he represents the potential threat that exists if a public safety officer radicalizes to a terrorist ideology.

The commonality that ties these individuals together, making the insider threat such an issue, is that they all had access. These men were already a part of the organization they attacked, and had become part of the group. Once inside, they were free to carry out any mission they chose, including murder.

In all of these cases, the individuals had communicated with a foreign terrorist organization; in the cases involving an actual attack, the perpetrators conducted pre-attack reconnaissance of the target area. This is important because it illustrates the effectiveness of an individual exploiting his or her position as a first responder to carry out an attack, and how devastating this tactic can be.

Public safety agencies should understand that anyone can commit an act of violence, and that radicalized individuals generally do not advertise their plots. In the case of terrorism, it may be a specific ideology rather than a specific event that is driving the individual. The most important finding of this thesis is that public safety agencies that screen applicants will most likely not detect a determined infiltrator. Public safety organizations must understand this finding; recognizing an infiltrator once he or she is within the agency should become the priority. This is not very different from recognizing the employee who is in the process of radicalizing. However, because the organization is now dealing with a person who has already ascended the “staircase to terrorism,” that person is a greater acute threat than the radicalizing responder.

Current pre-employment screening procedures were never intended to evaluate applicants for the threat of terrorism, which is ideologically driven; they screen for potential criminality, which is psychologically driven. Further, because having a terrorist ideology is not a mental health disorder, tests designed to screen for mental health problems are unlikely to identify radicalizing individuals. It is important for local and state public safety agencies to recognize this deficiency, and perhaps establish procedures to eliminate potential malicious radicals from infiltrating their departments via the pre-employment hiring processes.

Having dealt with violent attacks by service members who have radicalized, the U.S. military and federal law enforcement agencies have had to respond and develop strategies to prevent future attacks. The two main methods discussed are prevention and deterrence, and information sharing. The three primary models used for prevention and deterrence are the Record of Arrest and Prosecution Background (or Rap Back, used by federal law enforcement), threat management units, and a model developed by the Asymmetric Warfare Group to recognize radicalization and prevent an individual’s movement to violence. Information sharing among agencies is also discussed, along with how looping all parties together to share information can be critical to avoiding violence in the future.

Between the author’s experience within public safety and the research conducted, this thesis proposes the following four general recommendations to prevent a malicious insider within a public safety organization. First, organizations should make themselves difficult to infiltrate. Next, first responders need to be aware that the threat exists and be familiar with signs of radicalization; this is the awareness and education piece to the solution. Third, procedures should be established that give responders a clean, “fast track” reporting mechanism for suspicions about fellow responders. As part of this third recommendation, internal procedures should be developed so any report from a concerned member of staff is dealt with appropriately before a fellow responder fully radicalizes and carries out a violent attack. This aligns with the final recommendation: there should be a strong investigation and mitigation strategy to handle reports of potential first responder radicalization.

This thesis shows that by properly acknowledging the threat and instituting training for employees and leadership that mirrors U.S. military and federal law enforcement agencies, state and local first responder agencies can be safer and can prevent the deaths of Americans. The threat of terrorism continues to evolve and tactics continue to change; state and local first responders must evolve with that threat, and must safeguard their agencies against a malicious insider’s act of terrorism.




[1] Caitlin Squire Hall, “The Trusted Shadow and Trojan Horse of the United States Government: Human Behavior and the Insider Threat,” Small Wars Journal, March 20, 2014, www.smallwarsjou

[2] Jeffrey Hunker and Christian W. Probst, “Insiders and Insider Threats,” Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications 2. no. 1 (2011): 5,

[3] Peter A. Weiss and William U. Weiss, “Criterion-Related Validity in Police Psychological Evaluations,” in Handbook of Police Psychology, ed. Jack Kitaeff (New York: Routledge, 2011), 126; Louis Laguna, Joseph Agliotta, and Stephanie Mannon, “Pre-employment Screening of Police Officers: Limitations of the Mmpi-2 K-Scale as a Useful Predictor of Performance,” Journal of Police and Criminal Psychology 30, no. 1 (2015): 1,

[4] “The Minnesota Multiphasic Personality Inventory-2 (MMPI-2) in Career Development,” Career Research, March 12, 2015, 4,

[5] Marleah Blades, “The Insider Threat,” Security Technology Executive (November/December 2010): 32.

[6] Blades, 43.

[7] Blades, 42.

[8] James F. Kenny, “Threats in the Workplace: The Thunder before the Storm?,” Security Journal 18, no. 3 (May 2005): 45–56,

[9] Timothy Roufa, “Should Police Have Psychological Tests?,” The Balance, accessed October 23, 2016,

[10] Weiss and Weiss, “Criterion-Related Validity,” 125.

[11] Clark McCauley, “Psychological Issues in Understanding Terrorism and the Response to Terrorism,” in Psychology of Terrorism, ed. Chris E. Strout (New York: Oxford University Press), 5,

[12] Jeff Victoroff, “The Mind of the Terrorist: A Review and Critique of Psychological Approaches,” Journal of Conflict Resolution 49, no. 1 (2005): 3–42,

[13] Mohammed Hafez and Creighton Mullins, “The Radicalization Puzzle: A Theoretical Synthesis of Empirical Approaches to Homegrown Extremism,” Studies in Conflict & Terrorism 38, no. 11 (November 2, 2015): 961,

[14] Fathali M. Moghaddam, “The Staircase to Terrorism: A Psychological Exploration,” American Psychologist 60, no. 2 (February 2005): 161–69,

[15] Hafez and Mullins, “Radicalization Puzzle,” 963; Moghaddam, “Staircase to Terrorism,”162.

[16] Hafez and Mullins, “Radicalization Puzzle,” 965; Moghaddam, “Staircase to Terrorism,” 165.

[17] Another example is the 1984 assassination of Indira Gandhi by two of her Sikh bodyguards, Satwant Singh and Beant Singh. The Gandhi case highlights the ability of an individual trusted and trained with weapons to get close to an important person and carry out an attack such as an assassination. However, because that case is based on revenge and not attributed to radicalization, it is not discussed further.

[18] Laura Pitel and Roland Oliphant, “Mevlut Mert Altintas: Boy from a Small Town on Aegean Coast Who Became a Murderer,” Telegraph, December 21, 2016,

No Comments

Post a Comment