TSA shines a light on insider threats
As screening programs for airline passengers and baggage have become more effective, the Transportation Security Administration looks to new ways to protect airplanes and airport systems from malicious insiders.
As the Transportation Security Administration’s screening programs for airline passengers and baggage have become more widespread and effective at spotting threats, terrorists, criminals and nation-states are turning to insider threats to achieve their goals, according to TSA Acting Deputy Administrator Patricia Cogswell.
At a Feb. 19 AFCEA event, Cogswell said combatting insider threats is now one of the agency's top security issues. As a result, TSA is focusing on developing new policies and technologies to guard airplanes and airport systems from being manipulated or sabotaged by any of the 1.8 million aviation workers who have non-escorted access to security-restricted areas at airports around the country.
Such insiders can be exploited both wittingly and unwittingly by foreign agents, criminal groups or terrorist organizations. They can also be tricked into providing access to sensitive systems or moving seemingly innocuous nonlethal items through security that can later be assembled into weapons. Cogswell said TSA and airlines should take a lesson from U.S. intelligence agencies that even trusted employees are vectors of attack and that passing a background check doesn't make them immune from potential compromise.
"This is an area where the No. 1 thing we need to do is incentivize a security culture," she said. "That mindset, that approach, that thought process that no one is above security. That everyone is part of security."
A Feb. 11 Government Accountability Office report called insider threats one of TSA's "most pressing concerns." TSA has multiple offices working on insider threat mitigation, but those activities are not being guided by an overall strategic plan, the report stated. Further, the agency has not established performance goals and metrics to measure the effectiveness of those activities.
"Without a strategic plan and performance goals, it is difficult for TSA to determine if its approach is working and progress is being made toward deterring, detecting, and mitigating insider threats to the aviation sector," auditors wrote.
The agency set up an executive steering committee in 2018 specifically focused on providing oversight for insider threat programs. Another TSA body, the Aviation Security Advisory Council (ASAC), issued 21 recommendations for improvements in threat detection, assessment and response, aviation worker vetting, screening and access controls, training and engagement, information sharing and governance and internal controls.
After her speech, Cogswell said TSA would have a strategic plan for insider threats finalized within the next month.
She did not have a timeline for addressing recommendations in the ASAC report, but said one initiative it has spurred is requiring full enrollment in the FBI's "Rap Back" Service, which collects fingerprints and conducts continuous monitoring and background checks for employees in positions of public trust.
"Traditionally those were point-in-time checks, now … any time new information [comes to light], we are notified," she said.
A longer version of this article was first posted to FCW, a sibling site to GCN.