Insider Threat

    One of the biggest threats I see manifesting in current day aviation is “insider threats”. Who am I labeling when I say this? I am talking about any employee in the aviation industry, (gate keeper, terminal lead, bag sorter, airline mechanics, vendors, third party contactors, cleaning crews, etc.) that have access to classified or sensitive information, people with access to restricted or classified areas. Some of these employees are careless with this information or misuse information for the purpose of negative exploitation of companies or the entirety of the aviation industry. This absolutely includes theft and damage of physical property as well. 

    Just from my understanding on how these threats come to be, I believe some of the biggest factors on how these insider threats manifest themselves are the firing, furlough or complacency of individuals within their given role. With covid shifting the way we conduct business on all levels, the aviation industry is no stranger to a supply and demand deficit of employees. In the United States alone, roughly two million jobs were lost in the aviation industry. With no disregard to the creation of vengeful employees who have had access to otherwise classified information as well as access to restricted areas of authorization. This causes a conflict of interest between airports and companies. In addition to this, an understaffed workforce creates inherent stressors due to creating overworked/underpaid employees which in return creates a sour work environment. Because of this, there is already a heightened indication of suspicion when monitoring employees or former employees' actions. Some of the potential indicators of physical insider threats are requests to work alone, loitering outside of specific work areas, misuse of credentials to access remote areas, monitoring of access points and avoidance of security cameras. Some of the notable cyber insider threats are the leaks of critical information, sudden or unexplained wealth, or the working of unusual hours without authorization.  

 

    Based in the TSA layers of security, I believe the specific layers that can mitigate insider threats are crew vetting, random employee screening and behavioral detection. According to TSA what they really are trying to accomplish is a security promoted culture. If everyone holds themselves and each other accountable, this will create an accountable culture within the workplace. Although the three layers of security I highlight I believe play the biggest role in alleviating the insider threat. Crew vetting is a process in which all crew members are screened for individual threats to aviation security. Random employee screening can allow for potential insider threats to be caught off guard in the act of conflict. Behavioral detection is a security measure in which TSA uses a behavioral detection officer to screen and monitor employees for changes in behavior or otherwise observe worker/passenger behaviors for acts that skew from the baseline system they created. 

 

    A lot of times, when we see something happening or something bad has already happened, such as a plane being stolen, the problem is clearly already too far gone to be corrected. The biggest problem this stems from is lack of training. This goes much further than just aviation; this can be related to police and law enforcement to military action. In order to more effectively combat an insider threat means we need to be more prepared which ultimately means we need more training. To counter a physical security threat, we need to be training the TSA officers long after their “initial training” period has concluded. If employees were working four out of five days a week and that last day is spent training, whether that be, classroom instruction, field classes, running insider threat scenarios for test and implementation of mitigation strategies, more training is ultimately the answer. As I said prior, training is usually conducted in the first few weeks of employment, and with that, people are employed through a company for 5, 10, 20 all the way up to 40 and 50 years. If we believe that they are still effectively remembering their training, then we are already ill prepared for threats both internally and externally. However, if training was conducted on a weekly basis, if scenarios were conducted more frequently, security would be more prepared to combat a threat that could already be present or ones that are now beginning to form.  

References

The US Department of Homeland Security. (2017, August 1). Inside look: TSA layers of security. Inside Look: TSA Layers of Security | Transportation Security Administration. Retrieved July 2022, from https://www.tsa.gov/blog/2017/08/01/inside-look-tsa-layers-security 

Transportation Security Administration. (2020). Insider threat roadmap 2020 - transportation security administration. Transportation Security Administration. Retrieved July 2022, from https://www.tsa.gov/sites/default/files/3597_layout_insider_threat_roadmap_0424.pdf