The Right-Wing Extremist Threat in Context: Internal Extremist Actors

Originally published at: https://worldview.stratfor.com/article/right-wing-extremist-threat-context-internal-extremist-actors-stratfor-security-weekly-scott-stewart

HIGHLIGHTS

• Insiders have an advantage over outsiders when planning an attack on a company or organization due to their intimate knowledge of security measures, policies and procedures. 
• But insiders also have a disadvantage in that their co-workers have more contact with them, and can note as they progress through the attack cycle or along the pathway to violence. 
• Educating employees about warning signs and preparatory activities can empower them to help detect and report them.

Editor's Note: This is part two in a two-part series. The first part will discuss outside right-wing extremist actors, while the second will focus on insider extremists.

In last week's On Security column, I discussed the right-wing extremist threat and how companies and organizations can protect themselves from attacks by external extremists. 

This week, I turn my attention to the threat posed by right-wing extremists who are insiders. Just for clarification, I am not talking about the reputational threat to a company or organization when they are found to be employing someone who holds radical or extremist beliefs. For example, an employee of the State Department's Bureau of Energy Resources was suspended after it became known that he was affiliated with the white supremacist movement, and was a prolific poster in online forums. Despite his rhetoric, however, there is no indication that he was planning or preparing for an attack. 

Instead, I want to discuss the threat posed by right-wing extremists who are planning to conduct an act of political violence predicated on their radical beliefs, that is, to commit domestic terrorism. For example, an active-duty U.S. Coast Guard officer was sentenced in January to 13 years in prison after pleading guilty to drug and gun charges. Investigators found that the officer was a long-time skinhead who promoted violence against minorities and "enemies" of the white race. They also uncovered that he had conducted internet searches that demonstrated he was researching potential targets, including media personalities and current and former elected officials. 

While there have been a number of highly publicized cases involving military personnel who were violent right-wing extremists such as the Coast Guard officer above, or the Canadian army reservist arrested in Maryland along with other members of "The Base" in January, the threat is by no means limited to the military. Right-wing extremist insiders also pose a threat to companies and organizations, especially given how past attackers such as the Christchurch mosque attacker and the El Paso Walmart shooter have promoted attacks against business executives and their companies. Let's examine some ways that companies and organizations can protect themselves against extremist insiders. 

Screening

The first thing companies can do is to carefully screen employees before hiring them to ensure that there are no indications of past criminal behavior or association with extremist causes or organizations. As illustrated by the case of the Coast Guard officer, however, even a government-level background investigation for security clearance can miss extremist sympathies if the employee being investigated has made an effort to hide them. Social media searches are unlikely to turn up statements made by prospective employees if they made them pseudonymously. As we've noted before, one of the challenges of vetting new employees is that the official record is often incomplete and unreliable. 

Second, companies can't just rely on a pre-hire background investigation to protect them from problems. People change over time, and a person's past behavior is no guarantee of who they are now — or of who they will become. There are numerous cases of people with clean backgrounds who became radicalized after being hired, and then "broke bad" during their employment. Because of this, it is important to perform periodic update investigations — preferably at random intervals. 

Screening employees' activity with company-issued computers, phones and other devices can also prove helpful. The Coast Guard officer discussed above, for example, brought himself to the attention of investigators by visiting white supremacist websites while at work. 

But beyond formal investigations, perhaps the most effective measure to protect against extremist insiders is to educate the workforce about the behaviors associated with the attack cycle and the pathway to violence, and to provide co-workers, supervisors and others with a confidential and reliable means to report such behavior. 

The Attack Cycle Still Applies, but With Caveats

Insiders have an advantage over other attackers in that they have detailed knowledge of the facility being targeted, as well as an understanding of the general flow of work and people during the day. They also have an intimate knowledge of an organization's security programs, policies and procedures, meaning they will need to do less formal surveillance prior to an attack. Additionally, as an employee, contractor or other insider, they also have natural cover for status and cover for action while they conduct any additional required surveillance — cover an outsider simply does not have. This means that in most cases, it will be much more difficult to pick up on the preoperational surveillance phase of an insider's attack cycle.

That said, insiders also have a big disadvantage due to their frequent contact with colleagues, supervisors and others that provides many opportunities to be observed (and caught) as they progress through their attack cycle. This is especially true if colleagues notice a sudden keen interest in guns or other weapons as the would-be attackers go through the weapons acquisition phase, or exhibit odd behavior as they rehearse an attack or begin to deploy prior to launching an attack. This gives the concept of the attack cycle relevance to internal attackers, too.

Another huge disadvantage for insiders is that people they are in contact with in the workplace are often in a position to observe changes in their behavior or other warning signs that precede behaviors associated with the attack cycle — something that is rarely the case with outside threat actors. This is where the concept of the "Pathway to Violence" developed by Frederick Calhoun and Steve Weston comes in.

As we've written for many years now, people don't just snap and conduct a terrorist attack or other mass public attack. Attacks are the result of a discernable process, one that Calhoun and Weston divided into six steps. 

According to this model, the pathway leading to an attack begins with a grievance. In the case of a right-wing extremist, the grievance could be anti-Semitic, anti-immigrant, anti-minority, anti-government, etc. This grievance can be exhibited by hostile, sarcastic or bitter speech directed toward the person's perceived "out-group(s)," inappropriate jokes, sketches and drawings, writings, and the types of books read and even the websites visited. Hard looks and other nonverbal body language and demeanor cues toward members of the out-group(s) can also indicate a grievance. Extremists may also attempt to recruit other members of their "in-group" to embrace their ideology. Such recruitment attempts can be either subtle or very in-your-face depending on the person. Whether verbal or behavioral, most attackers exhibit evidence of their grievance long before an attack, so having contact with them allows the grievances to be discovered and reported well before the persons even progress to the attack planning stage. 

The second step in the pathway to violence is violent ideation, or where a grievance begins to move toward thoughts or fantasies of hurting or killing members of the out-group(s). For example, a right-wing extremist may hold the belief that the white race is being replaced. This is a grievance. When he begins to think about hurting or killing immigrants, minorities or those he holds responsible for the perceived replacement efforts, he has moved on to the ideation phase. Sometimes this ideation may not be direct at first, e.g., "someone should kill them all," and then can later progress to "maybe I should kill them — or him." It is not unusual for such ideation to be shared with friends, colleagues or in online forums. When a person shares these feelings, thoughts, fantasies, attitudes, or intentions that may signal an impending violent act, it is called "leakage." Leakage can occur in many forms, including conversations, utterances, threats, letters, emails, voice mails, manifestos, diaries, videos, etc. 

The pathway to violence is not always set and continuous. Some people may harbor deep grievances and yet never progress to the ideation stage. Others may fantasize about conducting an attack and yet never go on to plan one. Not every person who holds a grievance or who even begins to have violent ideation will become an attacker. But it is nevertheless important to train the entire workforce about these concepts, and then establish a mechanism for reporting employees with deeply held extremist (or other) grievances, or who have exhibited leakage. This will then allow for the commencement of a formal threat assessment process to determine if the subject really does pose a threat so that action can be taken to address it. 

Once a potential attacker goes beyond mere ideation and makes a decision to act, the pathway to violence then begins to intersect with the activities and behaviors associated with the attack cycle, as referenced above. 

The pathway to violence concept is not limited by ideology. It applies to an array of insider workplace and even school threats. Because of this, it is an important component of an insider threat program. Threat assessment teams can avail themselves of useful tools to help guide them through the process of evaluating insider threat actors, such as the Workplace Assessment of Violence Risk (WAVR 21) by Stephen G. White and J. Reid Meloy; Calhoun and Weston's Threat Assessment and Management Strategies; or Meloy's Terrorist Radicalization Assessment Protocol (TRAP-18.)