The insider threat risk is still a very real and very present concern to transportation security professionals around the globe. Earlier this month in Tupelo, Mississippi, an aviation employee stole a plane and was threatening to crash it into a Walmart store. The incident caused stress and worry to the public and authorities as the plane circled above the area but ended peacefully when the plane landed in a field. As we all know, the situation could have ended much differently. This was just the latest wake-up call for general aviation airports and quite frankly, to all airports across the country. Though there are different and more robust security protocols at larger airports, the insider threat risk is surely present. While the Transportation Security Administration’s (TSA’s) annual “see something, say something” training helps to prevent and deter some nefarious activities, it won’t avert them all. More must be done across the transportation sector.
Two years ago, TSA published its Insider Threat Roadmap 2020. TSA created the document to ensure the transportation security sector was aware that insider threats risks are significant and to lead the sector in identifying ways to mitigate that risk. Like with most transportation security risks, the mitigation of those risks does not fall solely on the shoulders of TSA. The responsibility involves many stakeholders from both the public and private sectors. They must partner to make detection, deterrence, and mitigation of the insider threat a priority. Without active coordination, the entire integrated and interconnected transportation enterprise is endangered.
Following the release of the Insider Threat Roadmap, the TSA’s next step was to develop implementation plans for each of the priorities and objectives identified in the Roadmap. To make this happen, TSA and the numerous transportation stakeholders, including federal, state, local, tribal, and territorial governments, non-governmental organizations, along with the private sector must work together to establish or enhance their insider threat posture. Getting the numerous stakeholders together to work this effort is a challenge and will have to be a priority for each stakeholder. Fortunately, there are numerous tools and resources to assist in this effort. For example, the Cybersecurity and Infrastructure Security Agency (CISA) developed and shared its Insider Threat Mitigation Resources site. One of the resources from that site, the Insider Threat Mitigation Guide, provides the framework, at what I would call ‘the Implementation Plan level’, to create an effective insider threat mitigation program. As with most things, one size does not fit all. CISA’s Guide takes into consideration the level of maturity and size of the organization. Having that scalability within the Guide supports the different sized aviation and other transportation nodes.
Over the years, TSA and the transportation security sector have successfully implemented numerous insider threat mitigation measures including the ‘see something, say something’ campaign, behavior threat assessments, background check requirements, access controls, compliance inspections, and random employee screening. With technology advances, such as use of biometrics, social media screening assessment tools, and stand-off screening technology, additional measures should be implemented to enhance the existing threat prevention measures.
As TSA and the transportation security sector take strides towards developing insider threat mitigation implementation plans, both the general public and transportation sector insiders must be made aware of what is being done. It is critically important because awareness of these actions can deter potential insider threats. Lastly, better information sharing and collaboration across the transportation security sector will greatly improve insider risk mitigation efforts. Partnerships and collaboration will play a key role in protecting the country.