The U.S. military is increasingly concerned that extremists—from far-right Proud Boys to far-left Antifa—are infiltrating its ranks. According to a 17-page briefing from the Department of Defense (DOD) Insider Threat Management and Analysis Center, “There are members of the [Department of Defense] who belong to extremist groups or actively participate in efforts to further extremist ideologies.”

The report, obtained by POLITICO, continued: “Be aware of symbols of far right, far left, Islamist, or single issue ideologies,” and the briefing emphasized that members of the military and civilian personnel have “a duty and responsibility” to report extremist behavior or activity.

While the presence of extremists in the DOD appears small (the 222,000-strong Marine Corps kicked out only four members in 2020 for extremist activity, POLITICO reported) the Pentagon is cracking down after dozens of ex-service members were arrested for their roles in the 6 January attack on the U.S. Capitol.

Internal training materials from the Pentagon say flags from the left-wing Antifa movement, depictions of Pepe the Frog and iconography from the far-right Proud Boys are all signs that extremists could be infiltrating the military https://t.co/dPSGrHr1hH

— POLITICO (@politico) March 27, 2021

In February, U.S. Defense Secretary Lloyd Austin ordered a force-wide stand down, requiring all units to discuss the threat of extremism within 60 days, and the department published broad guidance for commanders to address extremism, focusing on military members’ oaths to defend the U.S. Constitution and the need to be guided by a “professional ethic that prioritizes the team, the mission, and the Nation.”

The guidance outlines prohibited activities, including “actively advocating supremacist, extremist, or criminal gang doctrine, ideology, and causes,” and warns that extremist organizations often target current or former military members or DOD civilian employees for recruitment to take advantage of their unique military skills, knowledge, and abilities.

According to the briefing—a required training document compiled by the Defense Advanced Research Projects Agency (DARPA) copied verbatim from DOD materials—there are three key homegrown violent extremism movements of concern:

• “Patriot/Militia” Extremism. Members of these groups (Sovereign Citizens, Oath Keepers, Boogaloo Boys, Proud Boys) believe that the U.S. government has become corrupt or has overstepped its constitutional boundaries. Some do not believe they are subject to U.S. laws, and some have formed militias and openly advocate for the overthrow of the current government.
• Anarchist Extremism. This ideology is opposed to government in all forms, as well as capitalism and corporations. These groups (Antifa, the Occupy Movement, the Worker’s Solidarity Alliance) primarily target symbols, structures and personnel associated with government or capitalism.
• Ethnic/Racial Supremacy. These groups (Identity Evropa, Atomwaffen Division, Aryan Nations, Ku Klux Klan) advocate for “ethnic or racial purity through the separation, expulsion, or elimination of other ethnic or racial groups. These ideologies frequently accuse the U.S. government of forcing race mixing on the people, often with the goal of destroying the purity of the country or the way of life of certain races,” the DARPA training document said.

Other areas of concern include religious extremism (advocating for religious purity by subjugation, forced conversion, or elimination of other religions), anti-feminism (also called Incels, considering men as the dominant gender, openly calling for the attack, raping, and killing of women), and environmental and animal rights (disrupting or destroying any industry that exploits animals or pollutes the environment).

The document outlined symbols of extremism, which psychosocial vulnerabilities are most frequently exploited by extremist groups, and steps for DOD personnel to take if they notice potential signs of extremism in colleagues.

At its core, QAnon is a militant and anti-establishment ideology focused on destroying the existing corrupt world order and accelerating the arrival of a new Golden Age. When true believers turn violent, workplaces and employees are at risk. https://t.co/6zacROV6i8

— Security Management (@SecMgmtMag) January 13, 2021

According to a statement from Secretary Austin in the DARPA document, “We need your help. (I’m talking of course about) extremism and extremist ideology—views and conduct that run counter to everything that we believe in and which can actually tear at the fabric of who we are as an institution… We can’t afford actions and behavior that are at odds with our values and that undermine good order and discipline, that harm and harass and otherwise violate the oath that we share the bonds of trust upon which we all rely.”

Insider threat issues are nothing new, either to the military or the private sector, but the growing awareness around homegrown extremist activity has shone a spotlight on detection and mitigation measures. Security Management connected with Val LeTellier of the ASIS Defense and Intelligence Community’s Insider Threat Working Group to discuss the DOD guidance and what steps private organizations can do to address these threats.

How can employees’ extremist views turn into insider threat risks?

LeTellier. Using the “insider threat kill chain” (the path an insider takes toward an attack), one can see the relevancy of extremist views to insider risk. Extremist views can affect an individual’s inner nature or temperament, adding to an insider’s tendency toward self-destruction instead of self-healing, pushing a personality towards incidents like insider attacks. Extremist personalities are also more susceptible to events or certain stressors triggering an emotional shift, like a personal or professional crisis.

Extremist views can easily lead to conflict, where the insider becomes dissatisfied with a superior, coworker, or perhaps even entire organizations. Finally, there is determination, where the insider becomes singularly opposed to perceived enemies; not an unusual situation for those holding extremist views. 

What warning signs could security personnel and other employees watch for?

LeTellier. Generally, insider incidents are not impulsive in nature. The insider takes considerable time before acting (regardless of the motivation) and progresses deliberately from idea to action. This means they almost always expose observable changes in attitude and behavior.

And as minor reactions can foretell major ones, an employee’s response to small issues can be hugely instructive as to how they will react to big ones. This allows an organization to understand how an employee may react to a major event in their life. 

In terms of warning signs, disengagement is a common first sign of a growing problem. Decreased engagement or withdrawal from interaction with colleagues, managers, and clients is often an early warning of a growing preoccupation with matters besides work. Emotional outbursts, bullying, difficulty taking criticism, boundary violations, violent threats, physical altercations are other warning signs.

Specific to extremism, common warning signs are an unusual preoccupation with select issues, aggressive efforts to convince others to share their beliefs, and an intolerance for the personal views of others.

The coronavirus pandemic prompted many organizations to quickly implement remote work programs. The move could lead to security events—including insider attacks or vulnerabilities—not fully considered in organizations’ haste to launch these programs. https://t.co/WwfaXz3lLA

— Security Management (@SecMgmtMag) May 1, 2020

The DOD training documents include an interesting note: “When DOD employees fail to report concerning behaviors, they remove an opportunity for the Department to help an employee, and place themselves, the Department, and others at risk.” How can organizations alerted to potentially extremist beliefs or behaviors intervene to help that employee before he or she becomes a risk? 

LeTellier. By meeting early warning signs of significant emotional, financial, or legal stress with understanding and assistance, employees can be converted from liabilities to examples of a positive and caring security culture, creating examples which will resonate throughout the organization and result in increased job satisfaction, retention, and productivity. 

How can or should organizations navigate the divide between personal beliefs and free speech (especially online) and workplace risk when assessing extremism and insider threats?

LeTellier. Balancing insider risk mitigation and employee free speech, privacy, and morale is challenging. Firms must determine whether they feel the use of public data is merited and appropriate for their insider threat program, and then come to a decision that fits their legal interpretations and corporate culture. This decision making is individualistic, often based upon a cost–benefit analysis comparing the value of expected insider threat detection and deterrence versus the impact on employee morale and attrition.

Importantly, organizations must predetermine lines that, if crossed, require further action. They must maintain an objective perspective of the situation—start with the presumption of innocence, use observation as a starting point for further information collection, and predetermine status that, if achieved, will end an investigation. Organizations should focus on employee safety and welfare to enhance morale and positively reinforce stakeholder buy-in and coworker reporting.