The Transportation Security Administration (TSA) has released a framework to thwart insider threats in the transportation sector. The TSA Insider Threat Roadmap is intended to “streamline processes, identify requirements and capabilities, and leverage partnerships to proactively mitigate risks” associated with insider threats.
TSA Administrator David Pekoske said the focus will be on maximizing innovation and technology and that TSA will work with interagency partners and industry stakeholders. The roadmap lists Artificial Intelligence, probabilistic analytics and data mining among the required tools in the fight against the insider threat.
The roadmap focuses on three overarching priorities:
- promoting data-driven decision making to detect threats;
- advancing operational capability to deter threats; and
- maturing capabilities to mitigate threats to the transportation sector.
“While we recognize that there is no ‘turn-key’ solution to mitigating insider threat, this roadmap will help implement safeguards that incrementally raise the security baseline,” Pekoske said.
TSA began conducting counter insider threat activities early in its existence and established a formal program in 2013. It has consistently identified insider threat among its enterprise-level risks.
As recently as 2019 terrorists have sought to leverage insiders to conduct attacks on the transportation system. For example, In July 2019, a U.S. airline mechanic sabotaged a navigation system of a 737-800 aircraft at Miami International Airport. The mechanic admitted to investigators that he tampered with an exterior compartment of the aircraft and glued a piece of foam to the air data module. Security camera footage indicates that the suspect accessed the compartment in question during the incident. The same year, an individual linked to a terrorist group was arrested by Philippine authorities after he was found training to become a pilot, with probable nefarious intent.
It is also highly feasible and a growing concern that terrorists could exploit the same or similar tactics, techniques, and procedures used by transnational criminal organizations to identify and recruit, or develop and place insiders into the transportation network.
The new roadmap is designed to enable TSA to promote meaningful data-driven decision making to detect threats by collecting and using threat information better, and by developing and maintaining technical capabilities to identify and evaluate risk indicators.
It also aims to advance operational capability to deter threats by optimizing information to improve capabilities, and enhancing insider threat detection and case management.
The roadmap recommends an agile insider threat posture and partnering with stakeholders. TSA intends to pursue innovative models of public-private partnerships to drive collaboration and shared investment to establish the best route to unlocking a business case for an effective insider threat program.
TSA will actively pursue research, development, testing, and evaluation of technologies that identify and validate detection and mitigation solutions. To this end, it will incentivize private sector acquisition of improved technology with periodic refresh cycles and will work to align with private sector business
decision cycles.
TSA will also establish an Insider Threat Mitigation Hub to elevate insider threat to the enterprise level and enable multiple offices, agencies, and industry entities to share perspectives, expertise, and data to enhance threat detection, assessment, and response.
A formal program review cycle will be put in place to allow TSA to adjust to
changing threats, assess performance, and establish what it calls a “virtuous refresh and investment cycle”. In addition, a coordinated response capability will be developed for internal and external insider incidents where insider
incidents will be coordinated with federal partners to support DHS asset response.
