02 Jun Ofer Eitan Review: Protecting from insider threats in the transportation secto
Tom Temin: Here to explain is Transportation Security Specialist Dean Walter. Mr. Walter, good to have you on.
Dean Walter: Good morning. Thanks for inviting me
Tom Temin: And supervisory Air Marshal in charge. Serge Potapov. Mr. Potapov, good to have you on.
Serge Potapov: Good morning. Thank you.
Tom Temin: Let’s talk about first of all, how does TSA define insider threats? This could be, I guess, possibly TSA employees, but also airline employees and those types of folks?
Serge Potapov: So in the TSA roadmap that was just published on the 14th, we define insider threat as the threat an individual with authorized access to sensitive areas and or information will wittingly or unwittingly misuse or allow others to misuse this access to exploit vulnerabilities to compromise security, facilitate criminal activity, terrorism or other illicit actions and inflict harm to people, organizations, the Transportation Security System, or national security.
Tom Temin: So these could be people that say you could define them as having twic cards, for example.
Serge Potapov: Secure access cards to security restricted areas of airports or other transportation facilities.
Tom Temin: And you’ve had some experience, there’s a long list in the report in the strategy of incidents that have happened as late as just last year, correct?
Serge Potapov: That’s correct, yes.
Tom Temin: Tell us some of the more nefarious ones.
Serge Potapov: Well, so what I would say is more focused on what we’re regularly seeing is the inside of that landscape is dynamic and capabilities are associated with it continue to evolve. And we consistently see criminal activity happening transnational criminal activity happening, and, you know, really sort of with the roadmap being published, it helps us sort of open our aperture to view those things is also being potential insider threats because as recently as 2019 terrorists have sought to leverage insiders to conduct attacks in the transportation system. And we continue to be concerned that terrorists exploit the observable tactics, techniques and procedures used by these criminal organizations to identify and recruit or develop an in place insider in the transportation system.
Tom Temin: And are the insiders that you’re focusing on strictly in air transportation, are you also including other modes like cruise ships and so on, Dean?
Dean Walter: So the insider threat roadmap focuses on the transportation system sector, and that’s not just aviation but all modes of transportation, thatincludes freight rail, highway motor carrier mass transit pipeline, in addition to aviation. So this is really about coming up with a common framework not only for the federal government but for our transportation partners in industry on how to approach this issue.
Tom Temin: And earlier Serge said that it could be deliberate acts of sabotage or terror. But also inadvertent problems. And that seems to be something that comes up in the cybersecurity, people click on the wrong thing — but does this also happen in the physical world where just people make goofs that can turn into dangerous situations?
Serge Potapov: Yes, they can. So when we look at insider threats, you know, we take a preventative health model approach and sort of our philosophy and addressing some of these issues. And so we’re constantly looking at mitigation measures that can address those types of vulnerabilities from unwitting insiders that may not be trained or conditioned to certain security measures they should be applying or those employees that just might be complacent, they may feel rushed to get the job done and have to bypass security measures. So really, that’s that’s, I would say, one of the largest portions of our program and our philosophy to address them is to be able to mitigate those issues at the lowest level possible so that they don’t manifest themselves to be a threat in the first place.
Tom Temin: Yeah, so if people are say rushing maintenance type of work, it would seem like the carrier’s themselves and perhaps even FAA could also be involved in this effort to make sure that they understand, don’t ever rush it that much that things get slopp. Correct?
Serge Potapov: Yes, that is correct. And we work very much with our interagency partners and our industry partners, notably the Aviation Security Advisory Committee, and also the Surface Transportation Security Advisory Committee. They take insider threat very seriously. In fact, both stood up permanent subcommittees on insider threat to address this.
Tom Temin: Tell us what are some of the highlights of the strategy? What will you be doing next as an agency to kind of mitigate these insider threats, Dean?
Dean Walter: I think the real value of the document is, again lays out a framework for how TSA industry and other federal partners collectively address this risk and how we can work together to better share information, better share best practices — get the right data so we can optimize our analysis and really do the best job with the resources we have on detecting, deterring, and mitigating these types of risks.
Tom Temin: It seems like you might have a lot of different sources of information because, you know, I think of an airport or a cruise ship or terminal where cargo is being loaded onto a shipper, some kind of transportation hub, and they’re very busy places and there’s different levels. There’s upstairs and there’s downstairs at the loading level or the tarmac level. So surveillance cameras, and also just other people watching would seem to be something that’s really important, kind of if you see something, say something that we have in the consumer end of things,
Serge Potapov: Right,…