U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. Home
  2. Irmpo

Was this page helpful?

What To Report

What are potential risk indicators (PRI)?

  • Individuals at risk of becoming insider threats, and those who ultimately cause significant harm, often exhibit warning signs, or indicators. PRI include a wide range of individual predispositions, stressors, choices, actions, and behaviors. Some indicators suggest increased vulnerability to insider threat; others may be signs of an imminent and serious threat.

Access Attributes

  • Access is at the heart of understanding and characterizing insider risks. Without access, there is no “insider.” Organizations grant individuals different kinds of access, like physical entry to buildings or virtual access to computer networks. Access may also result from specialized training, acquired skills, and organizational knowledge

Professional Lifecycle and Performance

  • All individuals possess a unique set of characteristics and circumstances that influence their risk of becoming an insider threat. Organizational change, career progression, job performance, and other workplace dynamics can be relevant factors. Human resources personnel and supervisors are often positioned to recognize risk indicators related to professional lifecycle and performance. Some indicators may seem routine or commonplace not everyone gets the promotion; some employees underperform, quit, or are fired but when there is grievance, conflict, or unanticipated duress, such indicators deserve security concern.
  • Examples:
    • Furloughs and lay-offs
    • Separations and terminations 
    • Demotions and reprimands
    • Non-judicial punishments
    • Leaves of absence
    • Unauthorized absence / AWOL
    • Involuntary administrative leave
    • Hardship leave
    • Declining performance ratings
    • Poor performance ratings
    • Human resources complaints
    • Negative characterizations of previous employment or service

Security and Compliance Incidents

  • The proper handling and safeguarding of protected information is crucial to combating many insider threats such as fraud, theft, and espionage. Protected information includes proprietary information, in addition to classified and other sensitive Government information. All individuals with access have a duty to adhere to rules and regulations for protected information. Compliance failures are a security concern whether they are deliberate or not insider risks are frequently the result of negligence. Risk indicators include security and compliance violations, unauthorized use or disclosure, and any inappropriate efforts to view or obtain protected information outside one’s need to know
  • Examples:
    • Violations related to the handling of protected information
    • Negligent or lax physical or information security practices despite counseling
    • Non-compliance with security training requirements
    • Security clearance denial, suspension, or revocation
    • Failure to self-report information required for security clearance eligibility
    • Misuse of information security privileges or credentials
    • Misuse of facilities or work-issued equipment
    • Anomalous or suspicious accessing of facilities or systems during non-work hours

Technical Activity

  • As organizations adopt information technology to improve operations, they also require additional safeguards to prevent insider risks. Information technology comprises an organization’s systems, networks, devices, and associated components such as hardware, software, or firmware. Indicators of the misuse of information technology may also involve the mishandling of protected information.
  • Examples:
    • Unauthorized access or use of any information technology
    • Violations of acceptable use or other automated information system policies
    • Suspicious or improper activity or correspondence on any system
    • Unauthorized modification, destruction, or manipulation of any information technology
    • Unauthorized deletion or modification of electronic records or data
    • Downloading, storing, or transmitting protected information using unauthorized information technology
    • Unauthorized introduction, removal, duplication, or disabling of software on any system
    • Negligent or lax information technology security practices despite counseling

Allegiance to the United States

  • Individuals in the military, Government, or other positions of public trust, are held to a higher standard of conduct compared to the general public. Such individuals may have access to Government facilities, weapons, tactics, training and intelligence all of which require safeguarding. While there is no positive test for it, allegiance may dictate an individual’s willingness to protect classified or sensitive information. Negative indicators are broad and include participation in, or support for, acts against U.S. interests; placing the welfare or interests of another country above those of the U.S.; and active participation in extremist organizations that advance, encourage, or advocate the use of violence.
  • Example:
    • Support or advocacy of any acts of sabotage, espionage, treason, terrorism, or sedition against the U.S.
    • Association or sympathy with persons attempting or committing such acts
    • Association or sympathy with persons or organizations who advocate, threaten, or use violence in an effort to:
      •  Overthrow or influence federal, state, or local Government
      • Prevent Government personnel from performing their official duties
      • Gain retribution for perceived wrongs caused by the Government
      • Prevent others from exercising their constitutional or legal rights
    • Active participation in violent extremist groups may include
      • Fundraising, demonstrating, and rallying
      • Recruiting, training, and organizing
      • Distributing print or online material
      • Knowingly wearing clothing, or having tattoos associated with such groups

Foreign Influence and Preference

  • Foreign associations may exist for a variety of reasons, including familial ties or work duties. Foreign contacts and interests rise to a national security concern when they result in divided or conditional U.S. allegiance. They also pose risk if they create vulnerability to foreign manipulation, coercion, or pressure to act against U.S. interests. Contacts from countries linked to terrorism or known to target U.S. citizens for intelligence operations may be of particular concern. Foreign involvement, such as possessing or seeking foreign citizenship, while not inherently harmful, is a security concern when an individual expresses foreign preference over U.S. interests or attempts to conceal such involvement.
  • Examples:
    • Foreign travel to countries of concern
    • Frequent unofficial foreign travel
    • Foreign, unofficial contact with a known or suspected foreign intelligence entity (FIE)
    • Enabling or facilitating an officer, agent, or member of a FIE
    • Continuing foreign national contact (to include personal contact, telephone, email, social media)
      • Bonds of affection
      • Intimate contact
      • Exchange of personal information
    • Foreign business and political interests
    • Foreign residency or property interests
    • Foreign bank accounts and sources of income
    • Possession of a foreign passport or identity card
    • Voting in a foreign election • Service in a foreign military or government
    • Application for and receipt of foreign citizenship
    • Foreign national cohabitant or roommate

Outside Activities

  • An individual who engages in outside employment or services, whether on a volunteer or paid basis, does not represent an inherent threat. However, outside activities are a security concern if they pose a conflict of interest with an individual’s security responsibilities. Any involvement in outside activities that increases the risk of unauthorized disclosure of protected information is of particular concern. While potential risk indicators may have foreign considerations, they also include outside activities with U.S. organizations or persons, especially when it involves matters of national security or sensitive technology. Failure to fully disclosure outside activities when required is also cause for concern.
  • Examples:
    • Foreign employment or service
      • Government of a foreign country
      • Any foreign national or organization
      • Representative of any foreign interest
    • Any employment or service involving analysis, discussion, or publication of
      • Intelligence
      • National defense
      • Foreign Affairs
      • Protected Technology
    • Concealment or failure to fully disclose outside activities

Financial Considerations

  • Personal finances and finance-related activities may have substantial bearing on an individual’s suitability for holding sensitive positions and safeguarding protected information. It is not uncommon for individuals to experience financial loss or hardship. However, financial distress is a security concern when indicates poor judgement or self-control; or it impairs an individual’s ability or willingness to adhere to rules and regulations. Financial distress may also arise because of, and thus indicate, other security concerns such as gambling and substance addictions. Unexplained affluence is pertinent to the extent it may result from criminal activity, including espionage.
  • Examples:
    • Inability or unwillingness to satisfy debts
    • History of unmet financial obligations
      • Pay garnishment
      • Loan defaults
      • Liens or judgements
      • Bankruptcy
    • Evidence of frivolous or irresponsible spending
      • Excessive debt
      • Significant negative cash flow
      • Late payments or non-payments
    • Deceptive or illegal financial practices
      • Embezzlement
      • Employee theft
      • Check or expense account fraud
      • Mortgage or tax fraud
      • Intentional financial misstatements
    • Failure to file or pay income taxes
    • Significant transactions, debts, losses or conflicts due to gambling
    • Unexplained affluence
      • Lifestyle or standard of living
      • Increases in net worth or cash flow

Substance Abuse

  • The illegal use of controlled substances demonstrates an individual’s inability or unwillingness to comply with laws, rules, and regulations. Substance misuse further raises concerns about an individual’s reliability and trustworthiness because such behavior may also result in physical or psychological impairment. Alcohol, while not illegal, can similarly increase the risk of insider threat when it is consumed inappropriately, excessively, or abusively. Alcohol-related incidents may be security concerns whether they occur at, or away from, the workplace.
  • Examples:
    • Illegal drug use while granted access to classified information or holding a sensitive position
    • Illegal possession of a controlled substance, including drug paraphernalia • Misuse of prescription and non-prescription drugs
    • Drug test failures or refusals • Qualified diagnosis of substance use disorder
    • Alcohol-related incidents away from work (e.g. drinking and driving, disturbing the peace, spouse or child abuse)
    • Alcohol-related incidents at work (e.g. reporting for duty intoxicated, drinking on the job)
    • Habitual or binge drinking to the point of impaired judgement
    • Voluntary or involuntary treatment for drug or alcohol abuse
    • Failure to follow court orders regarding drug or alcohol education, evaluation, treatment, or abstinence

Personal Conduct

  • Any personal conduct that undermines an individual’s trustworthiness and reliability; or, if known, could damage one’s personal, professional, or community standing is a pertinent security concern.
  • Examples
    • Disruptive, violent, bizarre, or other inappropriate behavior
    • Family conflict and domestic abuse
    • Compulsive, self-destructive, or high-risk behaviors
    • Sexual behavior that causes vulnerability to coercion, exploitation, or duress
    • Emotional or mental instability
    • Self-harm, harm to others, or suicidal ideation
    • Voluntary or involuntary inpatient hospitalization
    • A pattern of dishonesty, falsifying information, or rule violations
    • Association with persons involved in criminal activity

Criminal Conduct

  • Criminal conduct raises doubts about an individual’s reliability and trustworthiness to hold sensitive positions and safeguard protected information. On its face, it demonstrates the inability or unwillingness to comply with laws, rules, and regulations. Potential risk indicators of a criminal nature do not require formal criminal charges or prosecution; credible allegations or admissions are sufficient. Minor offenses (certain traffic offenses, for example) are unlikely indicators of insider threat, unless they contribute to a pattern or combination of offenses that causes concern about an individual’s trustworthiness, reliability, or judgement.
  • Examples: 
    • Criminal violent behavior
    • Sexual assault and domestic violence
    • Weapons-related crimes
    • Parole or probation or violation thereof
    • Failure to follow court orders
    • Credible allegations or reports of criminal activity
    • Admissions of criminal activity
    • A pattern or combination of minor criminal offenses
    • Military discharge or dismissal for reasons less than “Honorable”

NOTE: Exhibiting PRIs does not necessarily mean someone is a risk. However, most insider risks exhibit one or more PRIs.