I previously observed that the space domain is facing a challenging paradox: as an essential instrument of geopolitical stability, it is subject to both epoch-defining international collaboration and catastrophic sub-threshold manipulation.
The opportunities for successful collaboration in the space sector are many and varied, including the development of cutting-edge technology, a reduction in cost and time burdens, and the sharing of advanced technology. It is reasonable to expect that these opportunities will contribute to global interconnectivity and promote environmental sustainability worldwide.
Crucially, however, the converse aspect of this prediction must be given due regard. In recognition of the substantial harms inflicted by malicious insider threat actors, the space industry must pay close attention to the features and consequences of this intricate phenomenon. To inform this conversation, it is helpful to establish the key terminology employed within the study of insider threat.
Having outlined the key insider threat terminology, organisations should consider the most appropriate means of identifying and mitigating malicious insider threat activity(ies). Insider threat experts4 promote an established criminological perspective – Routine Activity Theory – as an accurate means of interpreting the opportunities associated with insider threat.
Assuming a rational choice perspective, Routine Activity Theory proposes that for criminal activity to take place, three key components are necessary: a motivated offender, a suitable target, and the lack of a suitable guardian5.
With this in mind – and in recognition of the opportunities associated with malicious insider threat – space domain professionals should assess the specific risk(s) associated with an incident or event. To enable this, it is suggested6 that insider threat risk assessments integrate five domains:
- Context – determine the operational context within which the risk is likely to emerge;
- Identification – categorise the events, constraints and other factors that could influence the organisation’s ability to achieve its objectives;
- Analysis – establish a detailed understanding of the typologies of insider threat risk the organisation is facing;
- Evaluation – decide whether the identified risk(s) is/are above or below the organisation’s threshold of acceptability;
- Treatment – deliver an iterative process that assesses the suitability of risk mitigation measures against the organisation’s needs.
Given the inherent complexities of insider threat, effective mitigation of the risks it represents to the space domain demands a thoughtful approach.
Mitigation frameworks
The space industry should adopt an insider threat mitigation framework that is tailored to the needs and demands of the operating environment. The framework should integrate a systemic view across the organisation’s culture, objectives and leadership with a person-centred perspective that responds to the individual’s wants, needs and potential vulnerabilities.
Space companies must recognise the impact of geopolitical tensions upon their organisation and attend to the network of vulnerabilities that hostile state actors will seek to exploit. A holistic risk perspective that considers the multiple layers of technical-human interfacing that enable in-orbit activity is essential, paying specific attention to the limitations of legacy software and the efficacy of those systems and protocols employed to maintain data security.
For circumstances involving inter-organisational collaboration, there is value in considering the principle of dual allegiance7 – referring to when an individual is compelled to align his/her loyalties to one or more organisation at the same time. Research into dual allegiance8 identifies a series of individual psychological typologies that indicate the potential successes, opportunities and vulnerabilities of collaboration.
This person-centred view of malicious insider threat risk is augmented by acknowledging that a person’s behaviour can be accurately predicted through the analysis of three key factors: the person’s perceived capability of success; the opportunities present in the person’s immediate environment; and the person’s current motivation. This perspective, referred to as the COM-B Model,9 is highly regarded as a means of behavioural prediction across a range of contexts and organisations.
A final layer of person-centred risk mitigation may be employed through the FIREPLACES Framework10. FIREPLACES was developed by law enforcement professionals to highlight those motivational vulnerabilities that can be exploited by trained professionals seeking to manipulate third-party access, consisting of: Financial, Ideology, Revenge, Excitement, Protection, Lifestyle, Access, Coercion, Ego and Sentence.
A balancing act
Person-centred insider threat risk models such as these offer critical guardrails to the space industry and are of distinct organisational value. They must, however, be employed in a manner that champions the individual’s wellbeing. Ill-considered or inaccurate implementation of malicious insider threat mitigation models is likely to amplify latent vulnerabilities and invoke the very perspectives and behaviours it is intending to deter.
There can be little doubt that successful pathways to the development of space domain technology are founded in the bedrock of innovative practice and robust collaboration. Given the volatility and unpredictability of the contemporary geopolitical environment, and the inherent value of the space domain, space companies should consider a purposefully developed approach that is responsive to ideological and psycho-social ambiguity. Crucially, security practitioners and human resource professionals must ensure their approach to malicious insider threat safeguards organisational integrity through a perspective that is attuned to the needs, desires and vulnerabilities of its greatest asset – its people.
1 Adapted from BAE Systems, Threat Intelligence Insights.
2 Vaideeswaran, N. (2025, January 08). Insider Threats Explained. CROWDSTRIKE. Accessed via: Insider Threats And How To Identify Them | CrowdStrike
3 Terrill, D.J., & Trichas, M. (2025). The Impact of Insider Threat Upon Supply Chains and Technical Development in the Space Industry [in press].
4 Skorich, P., & Manning, M. (2025). Insider Threat: A Systemic Approach. Routledge.
5 Cohen, L.E., & Felson, M. (1979). Social change and crime rate trends. American Sociological Review 44(4), 588-609.
6 Skorich, P., & Manning, M. (2025). Insider Threat.
7 Purcell, T.V. (1954). Dual allegiance to company and union-packinghouse workers. Personnel Psychology 7, 67-71.
8 Husted, K., Michailova, S., & Olander, H. (2013). Dual allegiance, knowledge sharing, and knowledge protection: An empirical examination. International Journal of Innovation Management 17(6), https://doi.org/10.1142/S1363919613400227
9 West, R., & Michie, S. (2020, April 7). A brief introduction to the COM-B Model of behaviour and the PRIME Theory of motivation. Qeios. Accessed via: https://doi.org/10.32388/WW04E6
10 Stanier, I., & Nunan, J. (2021/2024). Identifying informant motivation: The FIREPLACES framework. CREST Security Review. Accessed via: https://crestresearch.ac.uk/comment/fireplaces-and-informant-motivation/
Evaluating the threat of malicious insiders on space supply chains
Given the current climate of geopolitical tension and uncertainty, combined with the influence of the space sector to defence and national security, space is a prominent target for malicious insiders.