An insider threat is best described as coming from which sources?

Insider threat comes from people who already have legitimate access or proximity to the operation, so the risk originates from individuals who are inside the environment. The best description is that it comes from assigned or attached military/civilian personnel, host country nationals, third country nationals, and even persons transiting the area of responsibility. These insiders can misuse information or assets because they understand the system from the inside, making them the most capable and challenging threat to detect. External cyber criminals operate from outside the organization and typically breach defenses via perimeter weaknesses, phishing, or malware, which isn’t an insider issue. Random individuals with no access simply cannot pose an insider threat because they lack authorized proximity or credentials. And employees who always follow procedures do not present risk as insiders.