Insider Threat

Jayne Maisey

Head of Regulation, Policy & Practice Birmingham International Airport

Insider Threat

Jayne Maisey Head of Regulation, Policy

and Practice

What is Insider Threat ?

A person who exploits, or has the intention to

exploit, their legitimate access to an

organisation’s assets for unauthorised purposes

Employees

Former employees

Contractors

Business associates

Insiders in Aviation

Scale and Complexity of the Aviation

Industry

50,000 commercial flights airborne

...Insider Threat to Aviation Security?

The global threat to Aviation Security is well known .

Security is ‘preventing adverse consequences from the intentional and unwarranted actions of others’

As an industry we expend energy combating outsiders but not so much insiders

The strength and weakness of any security system is people

UK based study – top 5 threats

Unauthorised disclosure of sensitive information

Process corruption

Facilitation of third party to an organisation's assets

Physical sabotage

Electronic or IT sabotage

• 80% of all incidents have a cyber element.

Demographics – consistent picture

More men engaged in insider activity – 82%

49% cases occurred within the 31-45 years age group

88% carried out by permanent staff (93% full time )

7% involved contractors and 5% agency or Temporary staff

Highest concentration of perpetrators by role :

Customer service - 20%

Financial - 11%

Security 11%

Insider behaviour

Deliberate insider – obtaining employment to exploit their access

Self initiated insider – taking an opportunity to exploit access permissions

Recruited insider – Recruited by a 3rd party

Primary motivation

58% of cases were more likely to be graduates

Individual level factors - personality

Immature

Low self esteem

Amoral and unethical

Superficial

Prone to fantasising

Restless and impulsive

Lacks conscientiousness

Manipulative

Emotionally unstable

Personality disorder

Individual – circumstances / behaviours

Poor work ethic

Stressed

Exploitable

Ready access to

valuable/key assets

Recent Negative life event

Excessive copying of

materials

Unusual IT activity

Unauthorised handling of

sensitive material

Commits security

violations

Organisational factors

Poor Management practices

Poor use of auditing functions

Lack of protective security controls

Poor security culture

Lack of role based risk assessments

Poor pre-employment screening

Poor communication between business areas

Lack of awareness of ‘insider’ risk at senior level

Aviation a special case ?

Rajib Karim – Airline IT engineer Guilty – Jailed for 30 years

Engaging in conduct in

preparation of acts of terrorism.

Terrorist fundraising.

Possessing a document likely to

be of use to a terrorist.

Rajib Karim – Double life

Worked since 2007 for British Airways in Newcastle Extremist beliefs – fund raising. Direct communication with Muslim cleric – al Awlaki.

Information about IT hardware locations Associates with key areas of access.

Jan 2010 – Rajib Karim

Government Agencies supplied the lead Would security measures alone have been successful

?

Assessing the risk.

Assess nature and magnitude of the risks, role by role.

Identify credible threat scenarios: Modus operandi

Target

Roles

Threat likelihood – Intelligence

Consequences – human, psycholgical, reputational, political and economic.

THREAT x VULNERABILITY = RISK

Effectiveness of mitigating measures

Residual Risk

Pre-employment screening

Ongoing preventative measures - STOP

Random searches

Limit lone working

Limit the carriage of personal belongings into the critical part

Restrict personal storage

Reduce, restrict access levels

Clear pass display, check and challenge

Potential mitigations - SPOT

Effective management

Effective Team Working

Confidential Reporting ‘whistle blowing’.

Welfare monitoring

Pass use analysis

Incident management

Media profile checks

Monitor Social Media Sites

Standard Operating Procedures

Deterrence Communications

Security culture

Security management system - SeMS

SPOT, STOP....Act

Process to manage the situation.

Role vulnerability already assessed

Investigation

Possible outcomes

Return to duties

Dismissal

Restriction of duties

Permit individual to seek alternative position

Most breaches have a simple explanation

Summary

Insider threat is real

People are the problem and the solution.

‘No security gap is too small’

New recruits required ???

Jayne Maisey

E mail :

jaynem@bhx.co.uk