Mitigating the insider threat to aviation
AeroBD | The AERO news Company…LONDON, December 11, 2015 : Russia has said that the downing of a Metrojet airliner over the Sinai was the result of an insider putting an explosive device on board the aircraft. ISIS, the terrorist group claiming responsibility for the attack, has a propensity for radicalizing using the internet, which presents significant challenges for the aviation community in mitigating a threat of this nature. First, the enormity of the problem is sheer numbers. Globally, millions of employees have access to the secure areas of airports, more than a million alone in the US.
ICAO, which sets the standards and recommended practices for aviation security, does require persons with secure-area access to be vetted against security and criminal databases and requires the screening of employees, which is determined by individual nations. Individual countries are left to their own decisions on how to mitigate the insider threat and conduct screening and vetting. Typically, all countries vet their employees, but the time between vetting checks can vary from continuous to five years or more. Most countries physically screen employees, but these checkpoints can be notoriously weak. Employees in Sharm El Sheikh, Egypt, were required to go through screening.
Clear lines of authority and responsibility for mitigating an insider threat can become blurred between the government, the airport, law enforcement, security personnel, and outside agencies. More importantly, the “insider threat” is defined very differently in the aviation community. Most insider threats in the aviation sector are oriented towards criminal activity such as smuggling, theft and cyber activity. This can cause confusion for the aviation community as it attempts to define and mitigate a terrorist insider threat. The solution is multi-faceted and incorporates intelligence, targeting, variable security methodology and newer, less human factor dependent technology, and clearly defined roles and relationships by partners.
Mitigating the insider terrorist threat means that the threat must be defined clearly and shared by all within the aviation community. Clear lines of authority and responsibility in mitigating a terrorist insider threat must be adhered to and understood by the community. Additionally, it is extremely important to understand that all elements of the aviation sector must share responsibility and cooperation to mitigate this threat. This means government, airport authorities, airlines and all the private-sector elements that make up the global aviation community. Organizations such as ICAO, aviation associations, private companies and government agencies can work together, as they have before, when a new threat stream emerges such as the cargo printer plot and the resulting international changes to the cargo security system.
Intelligence is vital to understanding the insider terrorist threat and how to analyze and define it. Unlike conventional intelligence, the “field of play” is civilian locales consisting mainly of commercial entities and locations with few security or law enforcement personnel. Most of the information needed to mitigate this threat is not classified nor is it collected by government officials. The key is to coordinate and share information on all aspects of the aviation community and assign risk values geared toward an insider terrorist threat with the appropriate response. The US is developing a response to this type of intelligence requirement but it is one that needs to be global as the aviation community is interconnected. New intelligence requirements, understanding of the aviation culture/community and sharing critical information is essential. Developing terrorist insider threat identifications and potential targeting information is critical to mitigation operations. Classic intelligence analysis can be used only if the analysts understand the nuances of this different culture. Closer cooperation between the business and private sector and government responders and regulators is mandatory to find a solution.
Another key step to mitigating this threat is to develop training and awareness programs for everyone who works in the aviation sector. Mandatory regulated training to identify the threat, and understanding how to report threat information is one of the keys to mitigating a terrorist insider. Operationally, airports currently vet their employees with criminal and security/intelligence records and data. Unfortunately, in most places throughout the globe, this vetting takes place only every few years. The US is the exception and does continuous vetting. Still, vetting alone cannot completely mitigate this threat if the person is radicalized through the internet with no current derogatory information. Physical employee screening is a good mitigation tool, but it is not fool proof. It is used in most places except the US. Other techniques, such as the use of unpredictable security measures add to mitigation and make it more effective. Random identification checks, use of explosive dogs in airside areas, random explosive trace detection and other measures are effective to throw the terrorists “off their game”. Singularly, these measures do not meet the challenge of mitigation of the threat, but together and used systematically can successfully mitigate an insider terrorist threat. Terrorists will always choose targets that are deemed more vulnerable to maximize their chances of success.
Finally, technology must become less dependent on the human factor for identifying threats from explosives. The primary threat tool for terrorists is explosives. Vulnerabilities in the system like collusion from insiders could be used to bypass normal screening operations. New technology such as CT systems at the checkpoint that are less human dependent, remote screening, which can significantly mitigate the insider threat by reducing collusion and provide real time monitoring of screening, more advanced explosive trace detectors, mass spectral analysis capabilities and better advanced imaging technologies in conjunction with operational measures and intelligence operations are all key to mitigating this threat. Can the terrorist insider be mitigated? Yes, but only if there is a change in business as usual. Complacency is the breeding ground for insider threats. Better intelligence, awareness and reporting, unpredictable and multiple operational security measures and new less human- dependent technologies and clearly defined responsibilities and cooperation are the keys to success. We must meet the challenge and evolve to meet this emerging threat.
Authored by John Halinski, is the former Deputy Administrator for the US Transportation Security Administration. The views expressed here are his own.