Behavioral Economics and Insider Threats: A Critical Review of Comprehensive Mitigation and the Case for a New Framework

CHDS Theses: Executive Summaries, Outstanding Thesis Award Winners / / Leave a Comment

By David Siegmund

David Siegmund's thesis

Behavioral Economics and Insider Threats: A Critical Review of Comprehensive Mitigation and the Case for a New Framework

– Executive Summary

The escalating challenge of insider threats, referred to herein as adversarial insider personnel (AIP) within critical infrastructure, where trusted personnel might exploit their legitimate access to cause harm, remains significant to critical infrastructure protection (CIP). This thesis explores this problem within the aviation industry, specifically at airports. This issue has led to substantial economic losses and billions spent annually on mitigation efforts. Traditional security measures, rooted in economic and utilitarian theories, often fail to address the unique characteristics of AIP, who possess insider knowledge and adaptability. Case studies and data show the increasing sophistication of such threats, with incidents involving smuggling, bypassing security measures, and collaboration with external actors. The problem is compounded by fragmented mitigation strategies, insufficient coordination among stakeholders, and resistance to implementing advanced security measures due to cost and operational constraints. These gaps underscore the need for multidisciplinary approaches, integrating behavioral economics, game theory, and psychological insights to develop adaptive and dynamic strategies for reducing insider threats in critical infrastructure environments​​​.

Insider threats are among the most challenging risks to mitigate due to their inherent complexity. AIP leverage privileged access to bypass traditional security measures, exploiting procedural gaps and trusted status. This challenge is exacerbated by the increasing financial and operational costs associated with countering such threats. For instance, the 2022 Ponemon report estimates that organizations spend an average of $15 million annually on insider threat mitigation.[1] In aviation, critical infrastructure invests significantly in insider threat programs that seek to mitigate various aspects of insider threats and their lifecycle, the importance of which has been the repeated call of existing research.[2] The aviation industry’s reliance on trust, exemplified by systems such as unescorted access authority and the Known Crewmember (KCM) program, creates vulnerabilities that adversaries exploit. High-profile incidents, such as smuggling operations at Dallas/​Fort Worth International Airport (DFW) and the bombing of Daallo Airlines Flight 159, highlight the limitations of static security measures and underscore the need for dynamic, adaptive countermeasures. This thesis attempts to answer the following research questions:

  1. Primarily, to what extent can the principles of behavioral economics, classical economics, and other prominent psychological theories be applied to insider threat models and countermeasures, and what novel decision-making (or resource allocation) insights might such application offer?
  2. Secondarily, and in relation to behavioral economics, when considering the perspectives of agents within critical infrastructure systems, what barriers and factors contribute to investment decisions and, as an extension, the formation of AIP mitigation strategies and the deployment of countermeasures at airports and other critical infrastructure?
  3. Additionally, are common AIP countermeasures consistent with expectations derived from economic models and other significant psychological theories?

This research employs a multidisciplinary approach, integrating behavioral economics, game theory, and psychological theories to analyze the dynamics presented by the AIP problem. Key methodologies include:

  • Case Study Analysis: High-profile incidents are examined to identify patterns in AIP behavior, vulnerabilities exploited, and the effectiveness of mitigation strategies.
  • Counterfactual Analysis and Thought Experiment: Trends and insights from the case analysis are used to consider the value of various tactics and countermeasures qualitatively.
  • Game Theory and Mechanism Design Theory (MDT): Used for both airport security investment decisions in competition with other airports and adversarial decision-making in reaction to the deployment decisions of security agents.
  • Behavioral Economics and Psychological Frameworks: Self and Social Control Theory, Social Identity Theory, Rational Choice Theory, and Prospect Theory are applied to understand the cognitive and social drivers of adversarial behavior and develop a new frame through which AIP countermeasures may be evaluated.

The research reveals several important insights.

  • Motivations: AIP are driven by diverse motivations, including financial gain, ideological conflict, personal grievances, psychological disturbances, and power dynamics. These motivations interact dynamically with the environment, enabling AIP to adapt to security measures.
  • Adaptability: AIP learn and evolve in response to security protocols. For example, conspirators in the DFW smuggling operation used procedural knowledge and collaborative planning to subvert security measures.
  • Visibility and Knowability: Current strategies rely heavily on static and visible security measures, such as physical screening and access controls to presumably deter and detect AIP. Insights from analysis of the cases, games and socio-economic frames indicate that the extent to which security measures can be observed and known inhibits the security value of tactics from an adversarial perspective. Additionally, existing recommendations for insider threat programs cannot dynamically assess the effect of this observation.
  • Behavioral economics reveal that AIP often engage in risk-seeking behavior, driven by cognitive biases and heuristics. Prospect Theory explains how loss aversion and perceived gains influence adversarial decision-making. These insights suggest that traditional deterrence models assume rational behavior and may fail to account for the psychological factors driving insider activity.[3]
  • Security Investment: Mechanism Design Theory (MDT) economic games highlight the strategic interactions between defenders and adversaries, revealing critical vulnerabilities in current security systems. MDT demonstrates that airports face conflicting incentives when investing in security measures, with economic and operational considerations often outweighing collective security benefits.
  • The proposed Decision Control Framework (DCF) synthesizes insights from behavioral economics, game theory, and psychology to provide a structured approach for evaluating and selecting countermeasures. The framework emphasizes:
    • Unpredictability: Countermeasures should be dynamic and challenging for adversaries to adapt to or predict.
    • Layered Security: A multilayered approach reduces reliance on any single measure and increases the complexity of adversarial planning.
    • Cultural and Social Interventions: Enhancing organizational culture and social bonds can reduce the likelihood of adversarial behavior.
    • Visibility and Adaptation: Balancing visible and invisible countermeasures to deter AIP without revealing system vulnerabilities.

The threat posed by AIP is a complex, evolving challenge that demands a multidisciplinary response. This thesis highlights the limitations of current mitigation strategies and proposes the DCF to guide the development of adaptive, layered, and socially informed countermeasures. By integrating insights from behavioral economics, game theory, and psychology, this research provides a roadmap for enhancing the resilience of critical infrastructure against insider threats. The findings underscore the need for collaborative efforts among regulators, industry stakeholders, and researchers to address the systemic vulnerabilities exploited by AIP. Future research should focus on refining and validating theoretical models, evaluating innovative countermeasures, and fostering interdisciplinary collaboration to create a more secure aviation environment.

[1] Ponemon Institute, Ponemon Insider Threats Global Report – 2022 (Traverse City, MI: Ponemon Institute, 2023), 4, https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-the-cost-of-insider-threats-ponemon-report.pdf.

[2] Mohd Nazer Apau, Muliati Sedek, and Rabiah Ahmad, “Inclination of Insider Threats’ Mitigation and Implementation: Concurrence View from Malaysian Employees,” in Knowledge Management in Organizations, ed. Lorna Uden, Branislav Hadzima, and I-Hsien Ting, vol. 877, Communications in Computer and Information Science (Springer International Publishing, 2018), 49, https://doi.org/10.1007/978-3-319-95204-8_29; Brian S. Bean, “Mitigating Insider Threats in the Domestic Aviation System: Policy Options for the Transportation Security Administration” (master’s thesis, Naval Postgraduate School, 2017), 71, https://hdl.handle.net/10945/56861; Nick Catrantzos, “Insider Threat: Applying No Dark Corners Defenses” (master’s thesis, Naval Postgraduate School, 2018), 63–64, https://hdl.handle.net/10945/4656.

[3] Daniel Kahneman and Amos Tversky, “Prospect Theory: An Analysis of Decision Under Risk,” Econometrica 47, no. 2 (March 1979): 17–18, https://doi.org/10.2307/1914185.

Views: 346

Find all CHDS Theses

Homeland Security Digital Library's Thesis Repository

More Articles

Leave a Comment

Your email address will not be published. Required fields are marked *

CHDS logo

 

Scroll to Top