By Bob Norton

On our Food Defense website, you’ll find an article I wrote for Food Safety magazine called Food Defense in the Age of Domestic Terrorism. In it, I point out that San Bernardino terrorist Syed Rizwan Farook in a sense held the “keys to the kingdom” in that he worked for the San Bernardino County Public Health Department as a food facilities inspector. In that role, he had access to critical infrastructure, and he could have done a lot of additional damage if he had not been identified and stopped.

I went on to highlight concerns about sabotage from the inside of a company, and outlined steps that should be taken. Now, Stratfor Enterprises, a publisher and security intelligence company, has published an article that echoes the same theme and gives exactly the same advice. Calling them “grassroots jihadists,” the author reels off a list of incidents where individuals have already used inside connections to facilitate terror.

map and the shadow of hand, concept of terrorism

Since most of these incidents occurred overseas, they’ve escaped the awareness of the American public—and American companies. For example, did you know:

  • Nidal Ayyad, a chemical engineer with AlliedSignal, used company letterhead to place orders for the large quantities of chemicals needed to manufacture the explosives for the truck bomb used to attack the World Trade Center in 1993. Getting the chemicals would have been difficult without his help.
  • In June 2015, Yassin Salhi, a truck driver in Lyon, France, working for the U.S.-owned Air Products decapitated his manager before ramming a vehicle into the factory in what he told police was an attempt to cause a massive explosion.
  • Three of the gunmen involved in the May 2004 armed assault against ABB Lummus Global’s petrochemical facility in Yanbu, Saudi Arabia, worked there. Their security badges and familiarity with the layout of the facility were key to launching the attack.
  • The January 2013 assault against the Tigantourine natural gas facility near Ain Amenas, Algeria, which reportedly involved more than 30 attackers, appears to have relied on information from inside regarding the plant’s layout and transportation arrangements for expatriate employees.
  • An employee of a florist with stores in the JW Marriott and Radisson hotels in Jakarta smuggled bombs inside that were later used in the July 2009 suicide attacks against them.

So what is a company executive to do? Stratfor notes that it is exceedingly rare for any case of workplace violence (jihadist or otherwise) to happen without the shooter conveying warning signs of the impending attack, yet such warning signs were downplayed or ignored.

“Probably the most telling signs of impending violence are talk about suicide or martyrdom and issuing direct or veiled threats against others,” the article says. “Another significant warning sign noted prior to several workplace violence incidents are co-workers’ or supervisors’ fears of a person, even when no reason for these fears can be articulated.”

Stratfor emphasizes, as we do, that companies can’t rely on an outside agency to take care of them. Inside, employees also can’t rely on a corporate security department to take care of them.

“Most corporate security departments are bare-bones operations and are quite often the first to undergo cuts when companies face tough economic times,” the author says. “Most corporate security departments focus on physical security, loss prevention and theft of company property. With their limited staff and large responsibilities, they have few opportunities to learn what is going on with the guy in that middle cubicle on the third floor who watches a lot of jihadist propaganda and has become angry at the West.”

Instead, the first line of defense has to be employees themselves. They must be educated about the insider jihadist threat in the same way they are about other workplace violence threats, and should be encouraged to speak up without fear of retaliation. Company’s top management must make it clear that reports will be taken seriously, and human resources, corporate security, and legal personnel must have a mandate to handle these cases early and quickly.