Our Clinical Security Solutions team once again attended the 32nd annual Threat Management Conference in Anaheim, California. The TMC, sponsored by the Association of Threat Assessment Professionals (ATAP) is a yearly gathering of multi-disciplinary professionals working in Behavioral Threat Assessment and Management. Our team attended presentations from leading researchers and practitioners of Behavioral Threat Assessment and Management. We also heard from some of the leading voices in employment law and learned much about the rapidly changing legal landscape facing employers today. In this edition of Left of Boom, we will summarize some of these key insights.
Threat Landscape
We remain in a significantly escalated threat posture. The investigation into the assassination attempt on former president Trump is still under way with little specific information released regarding the motivations of the shooter. Early indications do point to a motive a primary motive other than political. This does not diminish the threat of political violence as we continue towards the 2024 presidential election. The ongoing Israeli-Gaza war and related Middle Eastern tensions have also proved to be flashpoints both domestically and internationally. Iran continues to threaten retaliation against Israel for several targeted killings within Iran. The intelligence community assesses an elevated risk for retaliatory terrorism worldwide with a primary threat from individually radicalized lone actors.
Legal Update
As we’ve previously reported, California has implemented one of the most stringent workplace violence prevention laws in the country. This legislation previously known as SB553 is now enshrined in California State law under Labor Code section 6401.9 (LC 6401.9).
This new law took effect on July 1, 2024, and Cal OSHA has already begun inspection and enforcement efforts. In conversations with some of our California-based colleagues it appears that for these initial inspections, Cal OSHA is focusing on policy and record-keeping matters with a special emphasis on the required violent incident log.
We have also spoken with leading employment law attorneys who have offered the opinion that this California law will become a model for the rest of the nation. They are already aware of efforts in several other states to adopt similar requirements. We will continue to track this issue and report on the efforts of any individual states to advance similar legislation.
AI in Business: Great Promise/Great Peril
Artificial Intelligence (AI) is revolutionizing the business landscape by driving operational efficiency, enabling data-driven decision-making, and fostering innovation. From automating routine tasks to delivering personalized customer experiences, AI empowers companies to enhance productivity, reduce costs, and stay competitive in rapidly changing markets.
AI also introduces significant security risks to businesses, as its systems can be targeted by cyber-attacks, manipulated through adversarial techniques, or compromised through data poisoning. These vulnerabilities can lead to data breaches, flawed decision-making, and exploitation by malicious actors, potentially causing severe financial and reputational damage. Moreover, the complexity of current AI models makes it challenging to detect and mitigate these threats, emphasizing the need for robust security measures, regular audits, and ongoing vigilance to safeguard AI-driven business operations.
Relative to our work and threat assessment, AI also offers a specific set of benefits and risks. AI can prove to be a significant benefit in the analysis of large data files such as potential attacker communications such as emails or lengthy written documents. Extensive review of prior targeted violence attacks indicates as many as 90% of these attacks are preceded by leakage of the intent to conduct the attack. A threat assessor could successfully utilize AI to search for specific keywords or potential target names in bulk data capturing potential attackers’ written communications. AI may be able to detect patterns in such communications which may be helpful to our analysis.
That which helps the good guys also helps the bad guys. Intelligence and security officials have already documented the efforts of extremist groups such as ISIS and neo-Nazi extremist groups to utilize AI to spread misinformation in support of their radicalization efforts.
In a recent survey it was determined that 75% of business organizations do not have a comprehensive multidisciplinary AI strategy. Since AI impacts multiple business disciplines a comprehensive and well thought out AI strategy should be the product of a multidisciplinary team consisting of human resources, information security, security and human resources, communications and marketing, and specific operational departments that utilize AI.
Insider Threat and Workplace Violence: Two Sides of the Same Coin
Insider threats and workplace violence are closely linked, as both involve individuals within an organization who may pose a risk to the safety and security of the workplace. We’ve previous previously discussed the similarities between an individual on the pathway to violence planning a workplace attack with an individual planning a nonviolent cyber based attack on an organization. Both individuals start with a grievance and make the decision that violence or an attack on the organization’s data and information systems is the only way to resolve the grievance.
Combating insider threat involves detailed knowledge of an organization’s information systems and vulnerabilities and as best addressed by specialized teams well versed in the principles of information security. All too often these teams focus on technical vulnerabilities and countermeasures well paying less attention to the behavioral components of a potential cyber attacker. Traditional workplace violence prevention threat management teams can provide insight into the behaviors of a potential cyber threat actor. We urge insider threat teams to maintain close coordination with workplace violence prevention threat management teams when addressing a potential cyber threat matter. Likewise threat management teams should engage insider threat teams early in their assessment of potential violent threats to determine if there is also a cyber risk present.
Social Media/Open Source Intelligence (OSINT)
Social media continues to be a primary means of radicalization for many individuals. Any comprehensive threat assessment should include a review of the online activity of a person of concern, including social media postings. Open-source intelligence such as this can provide vital insight into potential attackers’ motivations and intentions. While overtly threatening statements are obviously of concern, other postings that do not contain overt threats may also be of significant investigative interest. Meaningful analysis of open-source intelligence and social media requires a high level of cultural awareness and competency specifically for the demographic representing the person of concern. I can confess as a white male firmly entrenched in middle age my cultural references would be completely different from that of a high school aged person of concern. Popular culture (in particular online culture) is fast moving with trends and topics emerging quickly in popularity. What may seem to be an innocuous pop culture reference may in fact have a more ominous meaning to a person of concern or radicalized group. For example, the popular music group Foster the People is well known for a hit song “Pumped Up Kicks.” This song details the mental anguish of a high school student with homicidal thoughts. Lyrics from this song have been observed in the postings of several school shooters as well as students who were planning a mass attack but failed to carry one out.
The emergence of memes in popular culture and in online communities has also been extensively utilized by radicalized communities to spread their message. The Christchurch New Zealand shooter Brandon Tarrant encouraged other radicalized individuals by specifically calling out in his manifesto for others to “Create memes, post memes, and spread memes.” The darker corners of the Internet that are frequented by radicalized individuals and groups are literally awash in memes. Some of these explicitly endorse violence, racist ideology or other radicalized thoughts. Other memes may seem innocuous but upon closer examination a trained assessor will be able to detect telltale signs of radicalization such as neo-Nazi symbols or references to other acts of violence or radicalized content.
Multidisciplinary, multicultural, and multigenerational threat management team is best able to review postings for images or messages of concern.
Recommendations
Cross-pollinate your Threat Management Teams and your Insider Threat Teams.
While we recognize that insider threat matters are particularly sensitive and require high level of technical expertise to address traditional threat management teams can also provide critical support in the assessment and analysis of the behaviors of a suspected insider threat actor.
If your organization does not have an AI strategy develop one now.
An effective AI strategy should:
- Articulate guidelines for ethical AI practices.
- Ensure compliance with data protection laws and implement data security measures.
- Address potential biases in any AI models utilized.
- Implement safeguards to protect personal and sensitive data.
- Protect AI systems from cyber-attacks and data breaches.
Ethical Challenges: The implementation of AI raises ethical questions related to privacy, bias, and transparency. Businesses must navigate these challenges by establishing clear ethical guidelines and ensuring that AI systems are used responsibly.
Regulatory Compliance: As governments introduce regulations around AI and data usage, businesses must ensure compliance with these laws to avoid legal and reputational risks.
Don’t Just Look for Explicit Threats when reviewing Social Media
When reviewing social media or other open-source intelligence sources for a person of concern pay particular attention to memes or other pop culture references. Open-source intelligence analysis should look at the totality of postings by a person of concern and not focus exclusively on a search for overt threats. Threatening or troubling communications may be hidden within pop culture references or memes.
