‘Insider attacks’ hard to stop in Afghanistan

WASHINGTON - According to the Pentagon’s December 2012 Report on Progress Toward Security and Stability in Afghanistan, "green on blue" attacks — incidents in which members of the Afghan security forces attack NATO coalition soldiers — "increased sharply" last year.

At least 52 coalition soldiers died as a result of at least 37 green-on-blue attacks in 2012. A recently declassified set of slides produced by U.S. Central Command, made public here for the first time, illustrates some of the steps that the U.S. military has taken to defeat "insider threats" — and why "green on blues" are so difficult to prevent.

The Centcom slides identify four types of threats: "Infiltration," when insurgents join the ANSF with the intent to attack, spy, or create mistrust; "Co-opting," when insurgents use "intimidation, blackmail, or connections" to persuade an existing ANSF member to conduct an attack; "Mimicking," when insurgents use stolen uniforms or forged ID cards to attack ISAF soldiers; and "Destabilizers," ANSF soldiers who (often due to "stress, mental instability, or... drug use") attack ISAF soldiers without having been influenced by insurgents.

Centcom’s ANSF Screening and Monitoring Timeline shows a robust — if belated — effort to quantitatively monitor each soldier in the Afghan army. Screening was hampered because a NATO intelligence-sharing agreement with the Afghan government wasn’t reached until March 2008, and the ANSF biometrics program was not officially established until September 2009. In response to insider attacks, the Afghan ministry of defence began extensively ramping up its counterintelligence program in late 2010.

Troublingly, some other basic steps were not undertaken until late in the war effort. The document reports that in May 2011, "10,000 ANSF uniforms [were] removed from bazaars," but it does not elaborate on how and why they were there; or how many uniforms remain available for purchase by non-soldiers who might attempt "Mimicking" attacks.

The final declassified slide details the eight-step screening process Afghan recruits must complete to enter basic training. These steps include: providing a valid tazkera (identification card), two letters from elders, biometric collection (currently the database stores 430,000 records), a criminal records check, fitness check (officers only), and medical and drug screenings. Failing a THC (marijuana) screening does not disqualify a recruit from serving in the ANSF — despite the document’s earlier claim that drug use can factor into "Destabilizer" (non-insurgent) insider attacks.

Centcom claims that this screening process — which is undergoing "ongoing improvements" — gives "the ANSF a better chance to identify ‘insider threats’ before they enter the service." Since the creation of this May 2011 document, these "ongoing improvements" have included a process for receiving anonymous tips, suspending the training of the Afghan Local Police and some joint "mentoring" operations, installing NATO service members dubbed "guardian angels" to observe all gatherings of NATO and Afghan troops, meetings between Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, and senior Afghan commanders and officials, as well as discussion of this problem between Presidents Barack Obama and Hamid Karzai.

Despite these efforts and improvements, green-on-blue attacks continue to escalate, making Centcom’s assessment that "continued shortfalls... will allow some insider attacks to continue to occur" all the more ominous.

Nate Jones is freedom of information act coordinator at the National Security Archive and editor of its blog, Unredacted.

—Foreign Policy