Lone Actor Terrorism

This chapter outlines the main research findings in relation to lone actor terrorism from the past decade of work. The results are clustered across seven core themes. The authors explore (1) the heterogeneity of lone actors in terms of their sociodemographic characteristics; (2) the degree to which people within the lone actor’s social or physical space were aware of a plot developing; (3) the prevalence and forms of mental disorders within lone actor samples and how they differ from what you would expect in the general population; (4) the relationship between offline and online forms of radicalization; (5) their similarity with other forms of violent lone offenders who conduct violence in public spaces; (6) what attack planning looks like; and (7) the key role protective factors might play.

International Legal Perspectives on Threat Assessment

Threat assessment and threat management occur within the evolving context of legal issues that both enhance and restrict threat investigation and intervention activities. Legal issues affecting threat management practice in Europe and the United States include criminal code statutes and case law that define relevant crimes such as stalking, criminal threats, domestic violence, and other violent crimes that fall within the purview of threat assessors. Additional issues include civil commitment procedures such as involuntary hospitalization, as well as bail and probation conditions. New developments in threat management–related laws are usually precipitated by tragedy and violence. Most recently, in the United States, this led to red flag laws and Extreme Risk Protection Orders in the aftermath of the Parkland, Florida, school shooting in 2018. Similarly, in Germany, the suicide of a stalking victim has resulted in greater sensitivity by the legal system to victim impact in stalking cases. Red flag law preliminary research data related to threat reduction have been promising, and ideally the impact of legislative changes in multiple threat management contexts on victim safety should continue to be assessed so that evidence informs violence risk legal responses.

Fundamentals of Threat Assessment for Beginners

This chapter addresses the fundamentals of threat assessment for professionals new to the field. Threat assessment is a critical thinking analysis that requires a multidisciplinary and peer review approach. Some of the fundamental concepts of threat assessment discussed in this chapter include the need for a detailed evaluation of the threatener’s background, including background patterns of behavior, motivation, and abilities to carry out the threat. The use and relevance of self-reported information in a threat assessment context must be very carefully evaluated because of the possibly deceptive motivations of the person providing it. Also discussed in this chapter are adolescents as unique offenders from a threat assessment perspective; their psychological, emotional, and brain development is unique and critical for the threat assessor to understand and to discern when evaluating their potential to make threats and carry them out. Key concepts integral to threat assessment also discussed in this chapter include evidence of escalation, injustice collecting, superficial indicators of normalcy, hatred and other emotions as motivators for carrying out threatened acts of violence, and the categories of reasons for the misinterpretation of dangerous and violent behavior by individuals close to or associated with the threatener.

The Importance of Bystanders in Threat Assessment and Management

Bystanders—those who observe or come to know about potential wrongdoing—are often the best source of preattack intelligence, including indicators of intent and “warning” behaviors. They are the reason that some planned attacks are foiled before they occur. Numerous studies of targeted violence (e.g., mass shootings and school shootings) have demonstrated that peers and bystanders often have knowledge of an attacker’s intentions, concerning communication, and troubling behavior before the attack occurs. This chapter describes—with empirical support—why threat assessment professionals should consider bystanders; outlines a model for understanding bystander decision-making; reviews common barriers to bystander reporting; and suggests ways to mitigate those barriers, to engage bystanders at an individual level, and to improve reporting. The principal aim of threat assessment is to prevent (primarily) intentional acts of harm. When tragic incidents of planned violence occur, however, it is almost always uncovered “that someone knew something” about the attack before it happened. This happens because, as attack plans unfold, people in several different roles may know, or come to know, something about what is happening before harm occurs. The perpetrators know, and so might others, including targets, family members, friends, coworkers, or even casual observers.

Threat Triage

A significant minority of threateners stalk, approach, or become violent after threatening. Violence risk and threat assessment have traditionally relied on evaluating the threatener’s behavior, disposition, and membership in violent groups. However, the identity of the threatener is often unknown, and the assessor must make an initial evaluation using only the language in the threat. By combining predictive factors and their ratios to one another, our predictive model can assess linguistic characteristics of the threat without any information about the threatener, the target, or the relationship between the two. This model assesses predatory thinking, which has a strong relationship with eventual action. The language in both single threat cases and the first threats in cases with multiple threats can be used to promptly assess the likelihood that a threatener will act, enabling assessors to effectively manage cases and mitigate harm.

Digital Behavioral Criminalistics to Elucidate the Cyber Pathway to Intended Violence

With the vast advances in computer, mobile, and online technologies, visibility into an offender’s thought processes and decision-making trajectory has been markedly enhanced. Digital behavioral artifacts, or digital evidence “breadcrumbs” of an offender’s behaviors, are now often left in publicly accessible locations on the Internet—such as social media platforms and social messaging applications—and in locations not privy to the public—such as the offender’s devices. Importantly, early seminal literature introduced and described examining an offender’s actions as series of steps along a path of threat escalation, or “pathway.” The totality of these emerging digital behavioral artifacts allows investigators to piece together an offender’s behavioral mosaic at a much more intimate and granular level, warranting a revised pathway—the cyber pathway to intended violence (CPIV)—that captures the thoughts and actions of an offender leading up to an act of deliberative, predatory violence. This chapter introduces the emerging discipline of Digital Behavioral Criminalistics and how this process can meaningfully be used by threat assessors to elucidate an offender’s steps on the CPIV.

Protective Intelligence

Protection of leadership is a crucial aspect of any organization’s harm prevention efforts. Recent shifts in global culture, societal expectations, and access to information are transforming the threatscape at a startling speed, resulting in the rapid growth of protective intelligence programs to protect leadership. Protective intelligence uses a holistic, behavior-based threat assessment methodology to identify, investigate, assess, and mitigate potential threats against an organization’s leadership. It expands the focus beyond investigating communicated threats to identifying and investigating concerning behaviors within a behavioral threat assessment framework. This results in an improved capability of identifying and mitigating threats. To achieve this goal, protective intelligence programs require a commitment from the organization’s leadership, an awareness campaign to educate the workforce and encourage their reporting of any suspicious or concerning behavior, and a professional and well-trained team of protective intelligence investigators, analysts, and threat assessors.

Operations of the Los Angeles Police Department Threat Management Unit and Crisis Support Response Section

The Los Angeles Police Department has developed a systematic approach to investigating and managing cases involving stalking, workplace violence, and threats to high-profile individuals, including celebrities and elected officials. The authors note that there is no checklist or “one size fits all” formula to successfully manage these cases. From the law enforcement perspective, successful case management comes from experience, a fundamental understanding of threat assessment principles, in-depth familiarity with applicable laws, and knowing the available resources within jurisdictional control. This chapter explores the nuances inherent in investigations of this type, the necessity to integrate multiple avenues of prevention and intervention, and the critical role that mental health plays.

Warning Behaviors

The typology of eight proximal warning behaviors for targeted violence was first introduced a decade ago. Since that time, a number of studies have continued to support its interrater reliability and its criterion, discriminant, and predictive validity. Among the warning behaviors, the three most validated in discriminating between attackers and nonattackers are pathway, identification, and last resort. All of the other warning behaviors—fixation, novel aggression, energy burst, leakage, and directly communicated threat—are found at various frequencies throughout all the samples tested to date, including intimate partner homicide perpetrators, school shooters, adult mass murderers, public figure attackers, and lone actor terrorists.

Electronic Threats and Harassment

This chapter highlights the highly influential and evolving contribution of cyber activity across a range of harassing, threatening, stalking, and violent behavior. Multiple psychological factors (e.g., perceived anonymity and low-risk nature of activity) influence the negative impacts of cyber and electronic activity. It is strongly suggested that the de facto standard of practice emerges in that one cannot perform threat assessment and management without assessing the electronic activity by the subjects of concern. The omnipresence of cyber and electronic communications mandates that threat assessment and management cannot occur without a review of pertinent electronic activity and communications that are reasonably accessible. The research to date suggests that threat assessment professionals should focus on the pattern and nature, as opposed to the modality, of communications when assessing the risk entailed with threatening and harassing electronic communications. The nature and pattern of contacts must also be evaluated in the context of how the correspondence relates to other contact behaviors as part of a chain of events signaling intent from ideation to action. Among such factors are the presence of relevant content factors (e.g., personalized motive, expressing intent or plans to approach, language regarding justified violence, and rhetoric suggesting incitement of violence) as well as factors related to leakage of intent and intensity of effort. Implications for threat management, particularly related to the impact on victims, as well as strategies to help combat such online harassment or abuse are also discussed.