INTRODUCTION
Protecting the Aviation Industry against threats from insiders is everyone’s responsibility. Based on the multitude of past cases, insiders will continue to seek to challenge security countermeasures, exploit potential vulnerabilities, and increase their knowledge of security procedures for nefarious purposes. On this note, this presentation seeks to leverage the best practices of the industry and stakeholders to establish what a baseline standard in identifying and reporting insider threat is or should be. In turn, this standard will look to achieve consistent insider threat mitigation and awareness messaging to both the personnel within the aviation ecosystem and perhaps the traveling public as well.
#
WHAT IS AVIATION SECURITY (AVSEC)?
A combination of measures and human and material resources intended to safeguard civil aviation against acts of unlawful interference. The aim of airport security is to protect passengers, aircrew, staff and members of the general public from acts of violence. Under the scope of the Chicago Convention, Aviation Security (AVSEC) is covered by five international Legal instruments, namely:
1. Tokyo Convention (1963 – Safety of Aviation)
2. The Hague Convention (1970 – Aircraft Hijackings)
3. Montréal Convention (1971 – Applies to acts of aviation sabotage such as bombings aboard aircraft in flight)
4. Complementary Protocol to the Montréal Convention (1988 Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation)
5. MEX Convention (1991 – Provides for chemical marking to facilitate detection of plastic explosives)
It is important to note that the successful execution of any of the aforementioned acts for which the legal instruments are provided will require collaborators from within the system and without cutting across leadership to followers in any organization.
CONCEPT OF THREAT
According to the Merriam-Webster (1994), Threat is “an expression or warning of intent to inflict evil, injury, or damage; an indication of something pending.” Defense against both internal and external threats involves the use of technological controls, the implementation of policies that explicitly acknowledge the role of cognitive and behavioral traits of the firm’s workers, and the identification of common behavioral traits of potential inside attackers. An effective defense against insider attacks encompasses technology as well as an understanding of behavior. Because best-practices guidance to date has focused almost exclusively on implementing technological controls, we focus on the generally neglected portion of the defense equation. This is so because according to the Dynamic Trigger Hypothesis [Andersen et al. 2004], an organizational focus on external threats can lead to complacency, allowing an insider to gain confidence by exploiting known weaknesses in organizational defenses.
#
WHAT IS INSIDER THREAT?
There is no better place to begin the discussion of this topic than with giving an accurate understanding of what insider threat is. “An insider threat is attributed to a legitimate user who maliciously leverages his or her system privileges, familiarity and proximity to the environment to compromise valuable information, facilities, processes and procedures for gratification or outright ignorance of the potential outcome of his or her actions/negligence.”
#
WHO IS THE AVIATION INSIDER?
Potential insider threats within the aviation industry include a wide variety of individuals involved with the aircraft and passengers, including, but not limited to, the following categories:
- Airline employees
- Concession and restaurant employees
- Cleaning and catering crews
- Construction and maintenance crews
- Law enforcement, military and/or security personnel
- Taxi cab, shuttle bus and/or other transportation specialists
- Current and/or former TSA employees
- Current and/or former contract government employees
- Air Traffic Controllers
#
TYPES OF INSIDER THREAT
Insider threat come in several shades and has different objective and motivations. Below are common types of insider threats:
- Negligent workers: This has been reputed to be the commonest type of insider threat. This type of insider threat takes place when a worker unintentionally places the organization at risk. For example, an employee may leave a file, devise, computer, etc. untended to where it could be stolen or compromised. These insider threats do not act out of malice though the still place the organization at risk.
- Security Evaders: Security measures are developed and deployed with the aim of protecting organizations, its facilities and employees. However, security evaders often view these measures as inconveniencing and a hindrance, thus giving rise to the habit of bypassing them.
EXAMPLE 1
In late 2014, an airport employee was arrested and charged with trafficking firearms and entering secure areas of a US airport in violation of security requirements. The complaint alleges that the employee “repeatedly evaded airport security with bags of firearms, some of which were loaded.” The employee then passed the guns off to an accomplice who transported them as carry-on luggage to New York, where they were illegally sold.
EXAMPLE 2
In early February 2017, a federal grand jury returned a superseding indictment against twelve defendants – to include six federal government employees, airport security personnel, and ramp employee – who have been charged with conspiracy to possess with the intent to distribute cocaine. According to the indictment, during the course of the conspiracy, the defendants smuggled suitcases, each containing cocaine, through the TSA security system at the Luis Muñoz Marín International Airport (SJU) and then onto airplanes without detection. Sometimes, as many as five mules were used on each flight, with each mule checking-in up to two suitcases. From 1998 through 2016, the defendants helped smuggle approximately 20 tons of cocaine.
- Insider Agent: Insider agents are insiders that work on behalf of an external group to carry out a data, system or facility breach or other attacks. This type of insider threat can be malicious or coerced through gratifications or blackmail. This type of insider threat is dangerous because it provides an outside group with the access and privileges of an insider.
- Malicious Insiders: Malicious insiders are insiders that have grievances against their organization and their acts could manifest in acts such as leaking of official information, modification or deleting of sensitive data or performing acts of sabotage.
- Departing Employees: Employees departing a company both voluntary and especially involuntary are sources of threat that organizations face. This threat could manifest in the form of data theft, particularly with involuntary employees or those anticipating a departure.
In addressing insider’s threat in any organization and in this context, the aviation industry, the understanding of the behavioral patterns and inherent traits, temperament, triggers of threat and the cognitive abilities of individual members of staff is required to effectively reduce/eliminate the probability of having such within a system.
#
TYPES OF INTENT BEHIND AN INSIDER’S ACT
Historically, the insider threat is considered to be a malicious insider or group who seeks to do harm. However, it is important to remember that the insider threat can be unintentional as well. Personality, behavioral and lifestyle indicators may alert us to the malicious insider. However, the complacent or unwitting insider could go undetected by peers and supervisors. The following constitutes intent behind an insider’s act:
- Malicious: Insider seeks to aid or conduct an act that is malicious and intentional in nature to cause damage.
- Complacent: Insider takes a lax approach to policies, procedures, and potential security risks.
- Unwitting: Insider is not aware of security policies, procedures and protocols which expose the organizations/agency to external risks.
POTENTIAL INDICATORS OF AN INSIDER THREAT WITHIN THE AVIATION INDUSTRY
- SIGNIFICANTLY ALTERED APPEARANCE: Burns on hands or body; chemical bleaching of skin.
- DISPLAYS OF NERVOUS OR SECRETIVE BEHAVIOR: Sweating; Lack of eye contact; Apparent monitoring of access points.
- BODY LANGUAGE/MOVEMENT CONSISTENT WITH “PHOTO PANNING” WITH A HIDDEN CAMERA: Avoidance of security cameras.
- REQUESTS TO WORK ALONE AND/OR ON UNSUPERVISED SHIFTS OR WITH A PARTICULAR SET OF PERSON: Facilitation of unauthorized visitors at the airport in uniform on days off.
- THREATENING COMMENTS/THREATS OF VIOLENCE AGAINST THE STATE OR INDIVIDUALS: Allows access badge sharing and “piggy backing” at security gates and doors.
- HISTORY OF CRIMINAL ACTIVITY AND ARRESTS: Disregard for security policies.
- ENTHUSIASTIC INTEREST IN SECURITY MATTERS OUTSIDE THE SCOPE OF HIS/HER DUTIES: Working unusual hours without authorization.
- MISUSING CREDENTIALS: Suspicious foreign contacts or travel, including via internet and social media.
- UNEXPLAINED OR SUDDEN WEALTH: Misusing cyber systems.
- CONDUCTING UNAUTHORIZED SEARCHES: Withholding or misreporting information necessary for counterterrorism efforts.
- EFFORTS TO CONCEAL THE TRANSFER OF MONEY OR OTHER FINANCIAL RESOURCES INTO OR OUT OF THE COUNTRY: Participation in transshipment of illicit goods or persons.
- COLLUDING WITH CRIMINAL ENTERPRISES TO FACILITATE ACCESS TO THE AVIATION DOMAIN
MANAGEMENT OF INSIDER’S THREAT, WHOSE RESPONSIBILITY?
In every airport/organization, personnel are basically classified into two classes; (Management and other staff) which could be further subdivided into Senior and Junior Staff. It is important to note that the management of insider’s threat is the collective responsibility of everyone. Just as the Management has its roles, subordinates also have theirs.
MANAGEMENT/EMPLOYER’S RESPONSIBILITY
An airport operator/management/employer shall not employ any person as an aviation security officer or aviation security screening officer unless:
- such a person meets the requirements of relevant civil aviation regulations;
- such a person has been trained in accordance with the requirements of civil aviation regulations, where his duties are in respect to screening of passengers, crew, baggage and mail; and
- where employed by the aerodrome tenant as an aviation security officer, such a person is approved by the aerodrome operator.
- initial and periodic background checks are performed in respect of each aviation security officer and aviation security screening officer; and
- initial and recurrent training on aviation security is received by each aviation security officer and aviation security screening officer in his employment.
An aerodrome operator shall keep an accurate record of the initial and periodic background check, experience and training of an aviation security officer and aviation security screening officer in his employment; and such record shall be retained for the duration of his employment and thereafter for a period of one year.
An aerodrome operator must have answers to the following questions: what is known about Airport Personnel and those of construction companies and airport concessionaires? What is known about the family of airport personnel? Where do airport personnel visit frequently? Who are their spouses? What do they do for a living?
#
EMPLOYEES’ RESPONSIBILITY
¶ Maintain environmental and situation awareness.
¶ Initiate or cause to be initiated, processes that will lead to the actualization of the provisions of industry regulations.
¶ Be diligent at work.
#
CONCLUSION
Insider threats in the Aviation Industry are real and can be mitigated with commitment and dedication. It is therefore important that every aviation personnel and airport user understands that he or she is a critical stakeholder in securing the industry from his or her point.
#
REFERENCE
- International Civil Aviation Organization (ICAO) 2018, Insider threat awareness. Web.
- International Air Transport Association (IATA) 2018, Insider threat in civil aviation. Web.
- Transportation Security Administration (TSA): Insider Threat Awareness – ICAO Global Aviation Security Symposium 2018