Spoiler: no sophisticated tool, accessible to any "ordinary" citizen
In 1944, the OSS (Office of Strategic Services), the forerunner to the CIA, produced the Simple Sabotage Field Manual. This document was declassified in 2008 - and is available on the CIA website.
Its goal was quite simple: train normal people, to subtly disrupt enemy operations without sophisticated tools or training.
In other words, teaching people to do their jobs in the worst yet subtle manner!
It’s a shortbook, written for historical wartime contexts… But, its relevance extends to understanding insider threats and organizational vulnerabilities today.
Without transition, let’s jump into a list of tactics from the declassified document !
Non-exhaustive list of some (very simple) tactics shared in this document
- Insist on strict adherence to bureaucratic processes.
- Prolong discussions with irrelevant issues, speeches, or debates.
- Refer decisions back to committees or demand excessive documentation.
- Demand written orders and delay delivering them.
- Assign inefficient workers to critical tasks.
- Over-inspect or reject perfectly acceptable work for minor flaws.
- Work slowly or inefficiently, creating unnecessary delays.
- Pretend not to understand instructions or deliberately make errors.
- Mix defective parts with functional ones.
- Delay, garble, or misroute messages.
- Damage telephone lines or interfere with radio signals.
- Damage machinery through improper maintenance or deliberate contamination (e.g., adding sand to lubrication systems).
- Disrupt transportation by tampering with fuel, brakes, or signaling systems.
- Spread rumors to create distrust among employees.
- Reward underperformers while penalizing effective workers.
The tactics shared in the document are particularly efficient to become… the worst manager or employee ever.
Do you see where I’m going?
How to create the ultimate insider threat
Written in 1944, the Simple Sabotage Field Manual may seem outdated…. However, it is anything but.
This manual does not rely on sophisticated tools, advanced technologies, or complex strategies: it focuses solely on the human factor.
The risk posed by people.
Or, to put it another way, how to create the ultimate insider threat.
If you recognize patterns from this manual within your organization: these could be red flags. They strongly suggest the presence of an insider threat.
Insider threats aren’t always malicious or intentional.
Sometimes, they stem from liabilities that employees themselves don’t even recognize: an affinity for gossip, disregard for clear security protocols, or simple complacency.
As a responsible leader, my question to you is: what systems have you implemented to combat these vulnerabilities?
I cannot stress enough the importance of implementing a counterintelligence program or, at the very least, establishing robust protocols for security, regular audits, and awareness training.
The risks posed by the human element - whether intentional or accidental - require consistent oversight and proactive measures.
We live in an era of rapid technological advancement, and it’s undeniably exciting.
Yet, I’ve chosen to specialize in the least understood and most complex factor in all of this. One that, despite the transformations our world undergoes, remains unchanging: the human being.
In all its strengths.
Its weaknesses, vulnerabilities, and complex emotions.
As a leader, it is your responsibility to understand this human dimension and address it strategically.
If you need support in building a safer, more aware organization, I’m here to help.