Stockholm Syndrome is a psychological phenomenon described in 1973 in which hostages express empathy and sympathy and have positive feelings toward their captors, sometimes to the point of defending and identifying with the captors. - Wikipedia
Maturing as a threat intelligence analyst involves “living with your threat.” In my interview process I ask potential analysts about threats they’ve tracked in their career. Tracking a threat for months or years creates a unique learning environment and I look for that in analysts. Unsurprisingly, in that environment an analyst becomes intimate with the adversary’s routines, their interests, and even begins to distinguish characteristics of individuals from within a larger group. An analyst gets truly connected when they can successfully predict a threat’s activity.
However, while this sounds like an analytic panacea and also something threat intelligence production cells strive to build, it comes at a cost. The risk is that analysts go beyond being closely connected and become “married” to a threat. In living with that threat every day, spending all of your professional time studying them, spending hundreds of hours discussing them with others, it is impossible not to closely connect with the adversary on the other side of your screen. Analysts become personally attached to the “bad guys” – a “Cyber Stockholm Syndrome.” I personally know analysts who have fallen into depression when their threat goes away.
Not only is this unhealthy for the analyst, this relationship also affects their communication and infects their analytic capabilities reducing objectivity.
Symptoms of “Cyber Stockholm Syndrome”
- An analyst gets particularly protective and defensive regarding perceived encroachment on their territory
- An analyst unnecessarily hides intelligence and data to prevent others from knowing details helping to maintain their superiority
- Overwhelming and obvious confirmation bias – an analyst “seeing their threat in everything”
- An unwillingness to work on other threats even given clear direction and obvious priorities
- An analyst continues to work on a threat even after the threat is “gone” against overwhelming evidence and analytic consensus
What may cause this?
One hypothesis: an analyst may associate their self-worth with an adversary. As the analyst grows in mastery of knowledge of an adversary, they produce spectacular intelligence and amazing insight providing great value to others; this results in praise from leaders and admiration from peers creating a feedback loop. The cycle strengthens the bond the analyst builds with a threat as the threat continues to provide value to the analyst.
What should happen?
When this happens managers may respond by immediately separating the analyst from the threat. I don’t believe that is the right answer. Separation causes resentment and potential psychological problems such as depression. Instead, managers of analysts should look to slowly incorporate other analysts into the equation and ultimately strive to return the analyst to a proper relationship so they don’t lose that valuable expertise.
Most importantly, analysts must recognize this problem in themselves. For their own professional and personal well-being.
Chris Sanders (@chrissanders88) made an excellent point that Stockholm Syndrome requires empathy with an aggressor which is lacking in my description. I agree that the syndrome’s description includes that requirement but its exclusion from the DSM means there is no consistent definition. Further, active academic discussion on the topic includes whether Stockholm Syndrome actually exists or is really one facet of a larger aggressor-bonding trait. While empathy is not the right aspect of the bond I describe here there is an attachment bond created either through the return on investment (ROI) the analyst receives through the adversary or otherwise. This is evidenced by both the confirmation bias present and the sense of depression described by analysts. I agree that the application of the Stockholm Syndrome may be imprecise.