Insider Threats 

Within the Aviation Industry

    Since the early 2000s, it has become a routine for airline passengers to be processed through security screening checkpoints. At first thought, most do not think much of it. In fact, some may even find it a nuisance. The truth, however, is that the physical security checkpoints located at airports, train stations, and ferry or boat terminals are just one level of the many necessary security processes that the Transportation Security Administration (TSA) uses to thwart terrorism and criminal activity.

An Emerging Threat

    Insider threats are those where personnel within an organization use their access, authority, or understanding of an organization to do harm to the organization (Cybersecurity, n.d.). The TSA has been countering insider threats since its inception, however, it was not until 2013 that it formally established a program aimed at countering insider threat activity (TSA, n.d.). Typically insider threats do not relate to terrorism, but rather to industrial sabotage, theft, or smuggling (TSA, n.d.). 

    Some examples of insider threats could include sabotage of an aircraft by an airline mechanic, a flight crew member smuggling drugs, an airline employee stealing an aircraft and intentionally crashing it, and the list goes on. You can now see how an employee within the Transportation Security Sector (TSS) or aviation industry could use their access or knowledge of an organization to carry out criminal activity. One must only use their imagination to think of ways an insider threat could do grave harm.

    The TSA has many layers of security aimed at providing security throughout the various different levels and areas within the TSS. Of these layers that protect against insider threats are: Intelligence, Crew Vetting, Behavior Detection, Random Employee Screening, Trained Flight Crew, and Passengers. There are others, however, that may indirectly provide protection against insider threats. 

    Because there are already many protections in place, improvements in combating insider threats are far limited. One area, however, that can always be improved is that of Behavior Detection. An employee may never demonstrate traits or show signs that he or she is a possible insider threat. They may initially pass a background check and go for years showing no sign of a threat. However, circumstances change and this is where coworkers and leadership within an organization can have an impact in detecting an insider threat. It doesn't take specialized training to recognize when someone's behavior patterns change. Maybe they become reckless in their duties, seem to stop caring, their spending habits change, or they just don't seem to be themselves. Although these behaviors do not guarantee that one is for sure an insider threat, recognition and reporting of behavior changes might just be enough to stop someone who intends to use their access, knowledge, or position to do harm.

    As coworkers, it is our responsibility to look out for each other; to keep each other safe and protected as well as those who rely on us as professionals within the aviation industry. So the next time you recognize behavior changes in a coworker, engage them and see how they are doing. If it persists, ensure you report your observations to leadership so that action can be taken. It may be the only thing standing in the way of an insider threat within your organization. 

References

Defining Insider Threats | CISA. (n.d.). Cybersecurity & Infrastructure Security Agency. https://www.cisa.gov/defining-insider-threats

James, A. [Anthony James]. (2020, March 6). Anthony James (@Cut_2_Fit) / [Tweet]. Twitter. https://mobile.twitter.com/cut_2_fitCombating Insider Threats

Transportation Security Administration. (n.d.). Insider Threat Roadmap 2020. TSA.Gov. https://www.tsa.gov/sites/default/files/3597_layout_insider_threat_roadmap_0424.pdf