55 F
Washington D.C.
Thursday, September 29, 2022

Insider Threat Awareness Month: Expect the Unexpected

Earlier this September, an unidentified photographer breached Joe Biden’s Secret Service perimeter as the candidate boarded his charter plane at Johnstown-Cambria County Airport in Pennsylvania.  

As Biden and his wife were on the staircase to the aircraft the man with a camera made his way onto the airport tarmac, around the plane’s rear and under its left wing to join the group of credentialed press corps traveling with Biden who were watching the couple board. The plane was surrounded on all sides by Secret Service agents, a more than eight-car motorcade and other local law enforcement.  

The man was intercepted by a Secret Service agent and physically removed.  He resisted, declaring himself to be a photographer with granted access and showed a pass on a lanyard around his neck. 

CBS News, who were present having covered the Democratic nominee’s visit, said the airport’s general manager told them that the man apparently either jumped a six-foot fence near the small terminal where a few dozen people gathered or entered the tarmac through an unauthorized pedestrian gate. 

A Secret Service spokesperson told CBS News that “a member of the media who was credentialed for an event earlier in the day attempted to gain access to the airport tarmac for the departure of Presidential Candidate Biden”.

While the man may not have had nefarious intentions, the event, on September 12, during Insider Threat Awareness month, highlighted the need for constant vigilance at airports and other transportation hubs. It also illustrates that threats may originate from unlikely sources and security planners must think outside the box. It is not enough for airports and airlines to consider their own immediate workforce (which is vast at just under 2 million in the U.S. alone) but also those who are given access to sensitive areas.

During election campaigns, the traveling press corps often undergoes a security sweep each morning by Secret Service agents. Biden was granted full Secret Service protection in March after protestors rushed his stage and had to be forcefully removed by his wife and other campaign aides.

But often, media present at an airport are there to catch a comment or photo of a celebrity or sports star, and security is therefore minimal, relying largely on the individual celebrity’s own team. It is an area that is often overlooked in terms of security, largely because airports expect media organizations to have run their own thorough background checks while others have their own in-house press, and also because of a lack of past incidents. But as anyone in the field of counterterrorism will tell you, just because it hasn’t happened, doesn’t mean it can’t.

As recently as 2019 terrorists have sought to leverage insiders to conduct attacks on the transportation system. For example, In July 2019, a U.S. airline mechanic sabotaged a navigation system of a 737-800 aircraft at Miami International Airport. The mechanic admitted to investigators that he tampered with an exterior compartment of the aircraft and glued a piece of foam to the air data module. Security camera footage indicates that the suspect accessed the compartment in question during the incident. The same year, an individual linked to a terrorist group was arrested by Philippine authorities after he was found training to become a pilot, with probable nefarious intent.

And the insider threat is not restricted to terrorism and sabotage. There are several examples around the world of airline and airport workers operating as the “inside man” for drugs or contraband smuggling. An American Airlines mechanic at John F. Kennedy International Airport was arraigned this July on an indictment charging him with conspiracy to possess cocaine with intent to distribute, conspiracy to import cocaine and importation of cocaine. It is alleged that the mechanic concealed cocaine bricks behind an insulation blanket in an external mechanical compartment beneath the aircraft.

The Transportation Security Administration (TSA), airport operators, and air carriers share the responsibility to mitigate all insider threats at airports. From fiscal year 2017 through fiscal year 2019, there were an average of 138 insider threat referrals per month, with an average of 14 (again per month) requiring further investigation. 

The Government Accountability Office (GAO) was asked to review TSA’s and aviation stakeholders’ efforts to mitigate insider threats at airports. GAO’s February 2020 report said airports, airlines and the TSA have come a long way in recent years to secure their infrastructure and passengers against the insider threat but noted these strengths were weakened by the lack of a strategic plan. 

TSA officials told the GAO review that it did not have an up-to-date strategic plan to counter insider threats due to turnover of key senior leadership. When the Insider Threat Program began in 2013, TSA initially developed a 2014-2016 Insider Threat Action Plan, which described TSA’s vision of an integrated insider threat program at TSA, and it included strategic goals, each with a set of objectives. However, according to TSA officials, TSA did not fully implement this Action Plan, and TSA did not renew or revise the Action Plan after 2016 due to the departure of the key sponsoring senior leader. 

The watchdog’s report came as the TSA was in the early stages of developing a roadmap that could serve as a new strategic plan for the Insider Threat Program. TSA finalized this roadmap in May, which streamlines its insider threat activities.

The focus of the new roadmap is on maximizing innovation and technology. It lists Artificial Intelligence, probabilistic analytics and data mining among the required tools in the fight against the insider threat.

The roadmap recommends an agile insider threat posture and partnering with stakeholders. TSA said when launching the roadmap that it intends to pursue innovative models of public-private partnerships to drive collaboration and shared investment to establish the best route to unlocking a business case for an effective insider threat program. TSA is actively pursuing research, development, testing, and evaluation of technologies that identify and validate detection and mitigation solutions. 

TSA announced at the time that it plans to also establish an Insider Threat Mitigation Hub to elevate insider threat to the enterprise level and enable multiple offices, agencies, and industry entities to share perspectives, expertise, and data to enhance threat detection, assessment, and response. A formal program review cycle will also be put in place to allow TSA to adjust to changing threats, assess performance, and establish what it calls a “virtuous refresh and investment cycle”. 

While the examples given here have focused on the insider threat at airports, other transportation modes must not be forgotten. Catastrophic damage could be caused by sabotaging the rail or road network, for example. Just as the insider threat may come from an unlikely actor, as highlighted with the Joe Biden incident, the target too could be unexpected. It is therefore imperative that TSA and stakeholders take an industry-wide approach to the insider threat to transportation and do not put all its eggs in the aviation basket.


Kylie Bielby
Kylie Bielby has more than 20 years' experience in reporting and editing a wide range of security topics, covering geopolitical and policy analysis to international and country-specific trends and events. Before joining GTSC's Homeland Security Today staff, she was an editor and contributor for Jane's, and a columnist and managing editor for security and counter-terror publications.

Related Articles

- Advertisement -

Latest Articles