NATIONAL THREAT ASSESSMENT CENTER
As part of its protective responsibilities, the United States Secret Service has long held the view that the best protective strategy is prevention. The goal of the Secret Service's threat assessment efforts is to identify, assess, and manage persons who have the interest and ability to mount attacks against Secret Service protectees. After the completion of the Secret Service's first operationally-relevant study on assassins and near-assassins (i.e., the Exceptional Case Study Project) in 1998, the agency created the National Threat Assessment Center (NTAC).
The mission of NTAC is to provide guidance on threat assessment, both within the Secret Service and to its law enforcement and public safety partners. Through the Presidential Threat Protection Act of 2000, Congress formally authorized NTAC to provide assistance in the following functional areas:
NTAC will lead the development of evidence-based threat assessment techniques to prevent rare, non-random violent acts that impact both local and international communities. Conducting a unique blend of cutting-edge behavior-based research, practical training, and operational guidance, NTAC will serve as the leading international resource on ways to assess threats and identify indicators of targeted violence.Research and Publications
In addition to internal research conducted to support the protective mission of the Secret Service, NTAC publishes research to advance the field of threat assessment more generally. These projects are described below.
To view these documents you must have Adobe Acrobat Reader 5.0. If you do not already have the software, please follow this link to get the free download.Exceptional Case Study Project
The Exceptional Case Study Project (ECSP) led to the creation of NTAC. The ECSP was a five-year operational analysis of the thinking and behavior of individuals who assassinated, attacked or approached to attack a prominent person of public status in the United States. It employed an incident-focused, behaviorally-based approach consisting of a systematic analysis of investigative reports, criminal justice records, medical records, and other source documents, as well as in-depth interviews with subjects.
Completed in 1998, the ECSP identified and analyzed 83 persons known to have engaged in 73 incidents of assassination, attack, and near-attack behaviors from 1949 to 1995. The findings indicated that there is no "profile" of an assassin; however, subjects exhibited a common set of "attack-related behaviors." They further revealed that assassination is an often discernable process of thinking and behavior. Assassins and attackers plan their attacks and are motivated by a wide range of issues. They consider several targets before acting but rarely direct threats either to the target or to law enforcement.
Based on these findings, the Secret Service implemented significant policy changes in protective intelligence investigations. The agency also developed key investigative questions and training materials which provide a framework for law enforcement to utilize in conducting threat assessment investigations at the federal, state, and local levels. The following reports are products derived from the ECSP:
Assassination in the United States: An Operational Study of Recent Assassins, Attackers, and Near Lethal Approaches (5.7M .pdf)
Targeted Violence Affecting Institutions of Higher Education
In response to the Virginia Tech shooting on April 16, 2007, former Cabinet Secretaries Michael Leavitt and Margaret Spellings, and former Attorney General Alberto Gonzales submitted a Report to the President on Issues Raised by the Virginia Tech Tragedy dated June 13, 2007. The report included a recommendation that the U.S. Secret Service, U.S. Department of Education, and the Federal Bureau of Investigation explore the issue of violence at institutions of higher education. Accordingly, the three agencies initiated a collaborative effort, the goal of which was to understand the scope of the problem of targeted violence at these institutions in the United States.
In total, 272 incidents were identified through a comprehensive search of open-source reporting from 1900 to 2008. The incidents studied include various forms of targeted violence, ranging from domestic violence to mass murder. The findings should be useful for campus safety professionals charged with identifying, assessing, and managing violence risk at institutions of higher education. The following report was released in April 2010:
The Safe School Initiative
In 2002, NTAC completed the Safe School Initiative (SSI), a study of attacks at K-12 schools. Conducted in collaboration with the U.S. Department of Education, the study examined incidents in the United States from 1974 through May 2000, analyzing a total of 37 incidents involving 41 student attackers. The study involved extensive review of police records, school records, court documents, and other source materials, and included interviews with 10 school shooters. The focus of the study was on developing information about pre-attack behaviors and communications to identify information that may be identifiable or noticeable before such incidents occur.
The SSI found that school-based attacks are rarely impulsive acts. Rather, they are typically thought out and planned in advance. Almost every attacker had engaged in behavior before the shooting that seriously concerned at least one adult - and for many had concerned three or more adults. In addition, prior to most of the incidents, other students knew the attack was to occur but did not alert an adult. Rarely did the attackers direct threats to their targets before the attack. The study's findings also revealed that there is no "profile" of a school-based attacker; instead, the students who carried out the attacks differed from one another in numerous ways.
The findings from the study suggest that some school-based attacks may be preventable, and that students can play an important role in prevention efforts. Using the study's findings, the Secret Service and U.S. Department of Education modified the Secret Service's threat assessment approach for use in schools in order to give school and law enforcement professionals tools for investigating threats in schools, managing situations of concern, and creating safe school climates.
At the completion of the SSI, the Secret Service and U.S. Department of Education published two reports that detail the study's findings and lay out a process for threat assessment in schools:
The Final Report and Findings of the Safe School Initiative: Implications for the Prevention of School Attacks in the United States (271K .pdf)
This study served as a follow-up to the Safe School Initiative (SSI). One of the most significant findings from the SSI is that prior to most school-based attacks, other children knew what was going to happen. In collaboration with the U.S. Department of Education and McLean Hospital (a Harvard Medical School affiliate), NTAC interviewed friends, classmates, siblings, and others in whom school attackers confided their ideas and plans prior to their incidents. Other interviews included students who came forward with information regarding a planned school-based attack, and are believed to have prevented an attack from happening. The goal of the study was to provide information to school administrators and educators regarding possible barriers that may prevent children who have information about a potential incident from reporting that information to a responsible adult. The following report details the findings of the study:
Prior Knowledge of Potential School-Based Violence: Information Students Learn May Prevent a Targeted Attack (1.36M .pdf)
The Insider Threat Study
In 2002, NTAC partnered with Carnegie Mellon University's Computer Emergency Response Team (CERT) Program to conduct the Insider Threat Study (ITS), which also received financial support from the Department of Homeland Security's Science and Technology Directorate.
The Secret Service and CERT have a longstanding relationship dedicated to addressing cyber security issues that have implications for the nation's critical infrastructure sectors or national security. Incidents of illicit insider cyber activity are of concern to the Secret Service as they often involve criminal activity the agency investigates including financial fraud, computer fraud, electronic crimes, identity theft, and computer-based attacks on the nation's financial, banking and telecommunications infrastructures. Insider incidents may impact not only the targeted organization but also industries, critical infrastructure sectors, and national security.
The ITS examined organizational insiders - current, former or contract employees - who perpetrated harm to their organizations via a computer or system/network for purposes of intellectual property theft, fraud, and acts of sabotage. The study identified and analyzed insiders' behaviors (physical, social, and online) that may be detectable prior to an incident. The goal was to develop information to help private industry, government, and law enforcement better understand, detect, and ultimately prevent harmful insider activity by enhancing their threat assessment processes.
Analyzed from both behavioral and technical perspectives, the incidents included in the study involved companies/organizations, within various critical infrastructure sectors, that took place between 1996 and 2002. Findings from the ITS underscore the importance of organizations' technology, policies, and procedures in securing their networks against insider threats. The four project reports listed below detail these findings:
Copyright © 2014 United States Secret Service. All rights reserved.