Insider Threat Psycho-social Indicator Research: Project Slammer Dataset Analysis
Project Slammer was a U.S. Intelligence Community endeavor conducted between 1985 and 1998 in which psychologists, psychiatrists, federal agents, security professionals, and intelligence research specialists from eight federal agencies interviewed 45 convicted U.S. spies. The interviews were extensive (average 14 hours) and focused on the espionage activities and psychosocial history of these malicious insiders, in addition to questions about their interactions with foreign handlers. Moreover, 38 “significant others” of 26 subjects (e.g., family members, co-workers, etc.) were interviewed and the Project Slammer “Significant Other” dataset was created. The FBI is the owner of the Project Slammer dataset, and in 2010 released the raw data for research by approved researchers.
In 2013, the DARPA Anomaly Detection At Multiple Scales (ADAMS) program funded MITRE to hand annotate and structure these unique data into an analyzable dataset. In 2014, a MITRE sponsored research program funded initial analyses, in which the dataset was cleaned and condensed from 2006 to 679 quality variables covering childhood, family, marriage, health, education, military history, employment history, psychological history, espionage activities, and more. MITRE conducted rigorous statistical analyses of the annotated Project Slammer Dataset to evaluate multiple “community hypotheses” about potential behavioral characteristics of espionage, previously based on singular anecdotal/case study evidence. With sponsor funding, MITRE conducted additional analyses on the dataset and created 8 analytic reports. The analyses allowed MITRE to develop a revised insider threat subject psychosocial interview protocol, usable for future government interviews with recently convicted malicious insiders. MITRE finalized analyses and completed reports examining characteristics of the spies in Project Slammer statistically compared to U.S. National Averages. There is still work to be done, however, more funding is needed to complete the final phase of collecting baseline, “assumed good” data to compare to the “known bad” dataset, to validate the first set of data-driven espionage indicators in 2016.