Protecting from insider threats in the transportation sector

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

When it comes to security, cyber or otherwise, often the people you trust can become threats. Insider threats to transportation have moved front and center at the Transportation Security Administration. It’s published a strategy to protect itself and the transportation sector from inside threats. To explain, transportation security specialist Dean Walter, and Supervisory Air Marshal in Charge, Serge Potapov joined Federal Drive with Tom Temin.

Interview transcript: 

Tom Temin: Here to explain is Transportation Security Specialist Dean Walter. Mr. Walter, good to have you on.

Dean Walter: Good morning. Thanks for inviting me

Tom Temin: And supervisory Air Marshal in charge. Serge Potapov. Mr. Potapov, good to have you on.

Serge Potapov: Good morning. Thank you.

Tom Temin: Let’s talk about first of all, how does TSA define insider threats? This could be, I guess, possibly TSA employees, but also airline employees and those types of folks?

Serge Potapov: So in the TSA roadmap that was just published on the 14th, we define insider threat as the threat an individual with authorized access to sensitive areas and or information will wittingly or unwittingly misuse or allow others to misuse this access to exploit vulnerabilities to compromise security, facilitate criminal activity, terrorism or other illicit actions and inflict harm to people, organizations, the Transportation Security System, or national security.

Tom Temin: So these could be people that say you could define them as having twic cards, for example.

Serge Potapov: Secure access cards to security restricted areas of airports or other transportation facilities.

Tom Temin: And you’ve had some experience, there’s a long list in the report in the strategy of incidents that have happened as late as just last year, correct?

Serge Potapov: That’s correct, yes.

Tom Temin: Tell us some of the more nefarious ones.

Serge Potapov: Well, so what I would say is more focused on what we’re regularly seeing is the inside of that landscape is dynamic and capabilities are associated with it continue to evolve. And we consistently see criminal activity happening transnational criminal activity happening, and, you know, really sort of with the roadmap being published, it helps us sort of open our aperture to view those things is also being potential insider threats because as recently as 2019 terrorists have sought to leverage insiders to conduct attacks in the transportation system. And we continue to be concerned that terrorists exploit the observable tactics, techniques and procedures used by these criminal organizations to identify and recruit or develop an in place insider in the transportation system.

Tom Temin: And are the insiders that you’re focusing on strictly in air transportation, are you also including other modes like cruise ships and so on, Dean?

Dean Walter: So the insider threat roadmap focuses on the transportation system sector, and that’s not just aviation but all modes of transportation, thatincludes freight rail, highway motor carrier mass transit pipeline, in addition to aviation. So this is really about coming up with a common framework not only for the federal government but for our transportation partners in industry on how to approach this issue.

Tom Temin: And earlier Serge said that it could be deliberate acts of sabotage or terror. But also inadvertent problems. And that seems to be something that comes up in the cybersecurity, people click on the wrong thing — but does this also happen in the physical world where just people make goofs that can turn into dangerous situations?

Serge Potapov: Yes, they can. So when we look at insider threats, you know, we take a preventative health model approach and sort of our philosophy and addressing some of these issues. And so we’re constantly looking at mitigation measures that can address those types of vulnerabilities from unwitting insiders that may not be trained or conditioned to certain security measures they should be applying or those employees that just might be complacent, they may feel rushed to get the job done and have to bypass security measures. So really, that’s that’s, I would say, one of the largest portions of our program and our philosophy to address them is to be able to mitigate those issues at the lowest level possible so that they don’t manifest themselves to be a threat in the first place.

Tom Temin: Yeah, so if people are say rushing maintenance type of work, it would seem like the carrier’s themselves and perhaps even FAA could also be involved in this effort to make sure that they understand, don’t ever rush it that much that things get slopp. Correct?

Serge Potapov: Yes, that is correct. And we work very much with our interagency partners and our industry partners, notably the Aviation Security Advisory Committee, and also the Surface Transportation Security Advisory Committee. They take insider threat very seriously. In fact, both stood up permanent subcommittees on insider threat to address this.

Tom Temin: Tell us what are some of the highlights of the strategy? What will you be doing next as an agency to kind of mitigate these insider threats, Dean?

Dean Walter: I think the real value of the document is, again lays out a framework for how TSA industry and other federal partners collectively address this risk and how we can work together to better share information, better share best practices — get the right data so we can optimize our analysis and really do the best job with the resources we have on detecting, deterring, and mitigating these types of risks.

Tom Temin: It seems like you might have a lot of different sources of information because, you know, I think of an airport or a cruise ship or terminal where cargo is being loaded onto a shipper, some kind of transportation hub, and they’re very busy places and there’s different levels. There’s upstairs and there’s downstairs at the loading level or the tarmac level. So surveillance cameras, and also just other people watching would seem to be something that’s really important, kind of if you see something, say something that we have in the consumer end of things,

Serge Potapov: Right, that’s correct and part of a robust inside threat program throughout the entire transportation system sector is really sort of where we want to get to at the end is establishing a strong security culture, which addresses some of those things, you know, we can’t be everywhere all over the place so we rely heavily on those folks that are out there on the front lines, supervisors, frontline employees, industry representatives to be on the lookout for various potential risk indicators and to report them to appropriate authorities to be able to mitigate them as soon as we can.

Tom Temin: And one of your top strategic priority in the strategy is promote meaningful data driven decision making. How do you see that happening?

Serge Potapov: We see that happening by improving our collection and use of threat information and developing technical capabilities to identify and maintain risk indicators.

Tom Temin: And those might be such as what>

Serge Potapov: Whole variety of risk indicators — anything from at an airport access door violation that’s reported as a one off to an employee being reported as going through employee screening and having an illicit item discovered on them or some type of other issue thatwe’re constantly looking to evolve to the risk indicators that we may not be aware of today.

Tom Temin: Because I imagine you have to somehow distinguish between, as you say, one of incidents, some, something just dumb happening, or maybe not so dumb but one of versus things that happen regularly that maybe more than one person participates in, and that indicates maybe something more systemic. Is that one of the ways one of the angles that you’ll be checking these things?

Serge Potapov: Absolutely, looking at establishing long term patterns and trends. And doing that longitudinal analysis to really be able to identify things may be patterns emerging that we previously weren’t aware of and being able to address them at the lowest level possible.

Tom Temin: Because looking at the list of incidents that have happened in the past few years, all of these things are part of it. And I guess, the scary part is not knowing what you don’t know. So it sounds like this is an effort at finding out more to know so that more things can be discovered and prevented.

Serge Potapov: That is correct, yes.

Tom Temin: Dean?

Dean Walter: And it’s also about just awareness. So as you correctly pointed out, there are hundreds of thousands of people working in the transportation sector each day. And all of these people contribute to the safety and security of the system. So those people working in the system have the best knowledge of the processes, procedures, vulnerabilities, and they know what’s right and where something may be off. So it’s really working collectively with industry to address that risk and acknowledge it. And then also having industry leadership emphasize this point, and look for ways to mitigate this threat.

Tom Temin: And just a final question, this is more for my own information. The TSA officers that are on the frontline screening passengers develop quite a bit of knowledge and insight, I think the human emotion and behavior just as much as they can find specific things and metals and so on. Do they have any role at the back end, looking at some of the transportation processes and the people carrying those out but the public doesn’t normally see — do the officers have any role there at all?

Serge Potapov: Yes, the officers definitely have a role. But I would also even go beyond that and say that it’s really sort of the broader stakeholders and security partners that we have local law enforcement, local security coordinators, industry, security coordinators, that are all part of this. We often refer to them as sort of our force multipliers who are our sensors to be able to really sort of bring to bear those things that we may not see from a higher level. So it does include yes our Transportation Security Officers, but also includes the entire enterprise of our security partners.

Tom Temin: Serge Potapov is Supervisory Air Marshal in charge at the Transportation Security Administration. Thanks so much for joining me.

Serge Potapov: Thank you.

Tom Temin: And Dean Walter is a Transportation Security specialist at TSA. Thank you also.

Dean Walter: Oh, you’re welcome.

Read the strategy here.