ECSP

[William Kelly]

http://www.treas.gov/usss/ntac.shtml

NATIONAL THREAT ASSESSMENT CENTER

As part of its protective responsibilities, the United States Secret Service has long held the view that the best protective strategy is prevention. The goal of the Secret Service's threat assessment efforts is to identify, assess and manage persons who have the interest and ability to mount attacks against Secret Service protectees.

In 1998, the Secret Service created the National Threat Assessment Center (NTAC). The mission of NTAC is to provide guidance on threat assessment both within the Secret Service and to its law enforcement and public safety partners. Through the Presidential Protection Act of 2000, Congress formally authorized NTAC to provide assistance to federal, state and local law enforcement, as well as others with protective responsibilities in the following functional areas:

• Research on threat assessment and various types of targeted violence
  
• Training on threat assessment and targeted violence to law enforcement officials and others with protective and public safety responsibilities
  
• Information-sharing among agencies with protective and/or public safety responsibilities
  
• Programs to promote the standardization of federal, state, and local threat assessment and investigations involving threats
  

As a result of NTAC's research into attacks on public officials, public figures and in schools, the Secret Service has provided relevant information and advice to law enforcement and other professionals who are charged with investigating and/or preventing targeted violence. NTAC also has collaborated with experts in the fields of stalking, domestic violence and targeted workplace violence. The Secret Service provides this information nationwide through threat assessment seminars, formal presentations and several publications, and offers assistance to organizations interested in developing threat assessment programs. NTAC continuously reviews new areas of research.

Major Research Projects

Exceptional Case Study Project

The Exceptional Case Study Project (ECSP) is an operational analysis of the thinking and behavior of individuals who have assassinated, attacked or approached to attack a prominent person of public status in the United States. It employs an incident-focused, behaviorally-based analytical approach consisting of a systematic analysis of investigative reports, criminal justice records, medical records and other source documents, as well as in-depth interviews with subjects.

The initial phase of the ECSP, which was completed in 1998, identified and analyzed 83 persons known to have engaged in 73 incidents of assassination, attack, and near-attack behaviors from 1949 to 1995. The initial findings revealed that assassination is an often discernable process of thinking and behavior. Assassins and attackers plan their attacks and are motivated by a wide range of issues. They consider several targets before acting but rarely direct threats either to the target or to law enforcement. The findings also suggested that mental illness is not critical to determining dangerousness; the ability and capacity to develop and execute a plan is much more significant. Most importantly, the findings indicated that there is no "profile" of the assassin, but rather, identified a common set of "attack related behaviors" exhibited by the subjects.

Based on the findings of the initial phase of the ECSP, the Secret Service implemented significant policy changes in protective intelligence investigations. NTAC developed key investigative questions and training materials which provide a framework for law enforcement to utilize in conducting threat assessment investigations at the federal, state and local levels.

NTAC is presently engaged in the second phase of the ECSP. The purpose of this phase is to conduct ongoing incident analysis and to ensure that protective research is current and vital in order to assist the Secret Service in identifying, assessing and managing subjects who may pose a threat to protected persons. The following reports are products derived from the ECSP:

Assassination in the United States: An Operational Study of Recent Assassins, Attackers, and Near Lethal Approaches

(5.7M)

Threat Assessment: An Approach to Prevent Targeted Violence

(243K)

Threat Assessment: Defining an Approach for Evaluating Risk of Targeted Violence

(3.2M)

Annals of the American Academy of Political and Social Sciences Preventing Targeted Violence Against Judicial Officials and Courts

Of note, this publication applies the principles and findings of the ECSP to the prevention of targeted violence against judicial officials. A separate study specifically examining judicial cases has not yet been conducted by NTAC.

Additional Materials

Law enforcement officials conducting threat assessment investigations may contact NTAC via email at

ntac@secretservice.gov

for a copy of a guide to conducting threat assessment investigations designed for state and local law enforcement.

The Safe School Initiative

In 2002, the Secret Service completed the Safe School Initiative (SSI), a study of school shootings and other school-based attacks. Conducted in collaboration with the U.S. Department of Education, the study examined school shootings in the United States as far back as 1974, through the end of the 2000 school year, analyzing a total of 37 incidents involving 41 student attackers. The study involved extensive review of police records, school records, court documents and other source materials, and included interviews with 10 school shooters. The focus of the study was on developing information about the school shooters' pre-attack behaviors and communications. The goal was to identify information about school shootings that may be identifiable or noticeable before such shootings occur, to help inform efforts to prevent school-based attacks.

The SSI study found that school shootings are rarely impulsive acts. Rather, they are typically thought out and planned in advance. In addition, prior to most of the shootings examined, other students knew the shooting was to occur but did not alert an adult. Very few of the attackers, however, ever directed threats to their targets before the attack. The study's findings also revealed that there is no "profile" of a school shooter; instead, the students who carried out the attacks differed from one another in numerous ways. However, almost every attacker had engaged in behavior before the shooting that seriously concerned at least one adult - and for many had concerned three or more adults.

The findings from the study suggest that some school attacks may be preventable, and that students can play an important role in prevention efforts. Using the study's findings, the Secret Service and Department of Education have modified the Secret Service's threat assessment approach for use in schools in order to give school and law enforcement professionals tools for investigating threats in schools, managing situations of concern and creating safe school climates.

At the completion of the Safe School Initiative, the Secret Service and Department of Education published two reports that detail the study findings and lay out a process for threat assessment in schools:

The Final Report and Findings of the Safe School Initiative:

Implications for the Prevention of School Attacks in the United States

(271K)

Threat Assessment in Schools: A Guide to Managing Threatening Situations and Creating Safe School Climates

(185K)

Press Release: U.S. Secret Serviceand U.S. Department of Education release CD-Rom based on the Safe School Initiative

(84K)

Additional Materials

Evaluating Risk for Targeted Violence in Schools

(80K)

The Insider Threat Study

In 2002, NTAC partnered with Carnegie Mellon University's Computer Emergency Response Team (CERT) Program to conduct the Insider Threat Study (ITS), which also received financial support from the Department of Homeland Security's Science and Technology Directorate. The ITS examined organizational insiders - current, former or contract employees - who perpetrated harm to their organizations via a computer or system/network for purposes of intellectual property theft, fraud and acts of sabotage. The focus of the study was to identify and analyze insiders' behaviors (physical, social and online) that may be detectable prior to an incident. The goal was to develop information to help private industry, government, and law enforcement better understand, detect and ultimately prevent harmful insider activity by enhancing their threat assessment processes.

Analyzed from both behavioral and technical perspectives, the incidents included in the study involved companies/organizations within various critical infrastructure sectors and took place between 1996 and 2002. The study was conducted in four phases:

• The initial phase of the study focused on 23 incidents in the banking and finance sector where insiders perpetrated acts to include fraud, theft of intellectual property and sabotage against financial service institutions. The report, Insider Threat Study, Illicit Cyber Activity in the Banking and Finance Sector, was released in August 2004.
  
• The second phase of the study focused on 49 cases of sabotage that were identified across all critical infrastructure sectors where the primary goal of the insider was to sabotage some aspect of an organization or direct specific harm toward an individual. This second report, Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors, was released in June 2005.
  

The Secret Service and CERT have a longstanding relationship dedicated to addressing cyber security issues that have implications for the nation's critical infrastructure sectors or national security. Incidents of illicit insider cyber activity are of concern to the Secret Service because they often involve criminal activity the agency investigates to include financial fraud, computer fraud, electronic crimes, identity theft and computer-based attacks on the nation's financial, banking and telecommunications infrastructure. Insider incidents may impact not only the targeted organization but also industries, critical infrastructure sectors and national security. Findings from the ITS underscore the importance of organizations' technology, policies and procedures in securing their networks against insider threats.

• Report 1
  Illicit Cyber Activity in the Banking and Finance Sector
  pdf - 107 Kb
  - Press Release
  
• Report 2
  Computer System Sabotage in Critical Infrastructure Sectors
  pdf - 164 Kb
  - Press Release
  - Executive Summaryww.treas.gov/usss/ntac.shtml
  

[William Kelly]

When it comes down to why it is necessary to solve the assassination of President Kennedy to a legal and moral certainty, there is no better reason than to understand what occurred so it can be prevented from happening again.

That's the approach of this study, which fails to consider covert operational and programed personalities. It's still an important study, despite the flaws, and should be reviewed by anyone interested in political assassination.

Assassination in the United States: An Operational Study of Recent Assassins, Attackers, and Near Lethal Approaches (5.7M)

While it seems people have strong opinions on gun control, the single-bullet theory, resembalance of suspects to Dealey Plaza spectators and liberals, leftists and economic theories, nobody wants to study or discuss the assassination of JFK in a way that will lead to solving it.

BK