Airports globally handle large passenger volumes and employ people in different roles to support airport operations. These range from retail employees, customs officers, to airport operations staff. Most staff members conduct themselves in an ethical and professional manner, but this isn’t always the case.
In an airport context, the insider threat can be defined as a threat to cause harm posed by individuals who have access to privileged information, assets, or premises. Trusted insiders can also help external parties to obtain access to infrastructure and information. Individuals may also act in a negligent way that exposes airport security, without intending to cause harm. A mix of personal vulnerabilities, life events, or situational factors could drive malicious insiders.
In April 2013, the UK Centre for the Protection of National Infrastructure released a report based on collecting data on insiders. This report studied used data on insider cases, collected and analysed between 2007 and 2012 from 120 UK based insider cases within the public and private sectors. One of the main findings that the report highlighted was that 47% of insider cases were driven by financial greed, followed by 20% driven from some ideology.
Trusted insiders who act against their organizations do so for various reasons such as revenge or greed. Most malicious insider cases involve fraud and theft, criminal gain (including drug trafficking and money laundering), corruption, or sabotage. However, trusted insiders can also be driven to cause severe harm and casualties, for instance when they are driven by ideology or are radicalized.
Different departments at airports have responsibilities for different facets of the insider threat. This includes the human resources team, the security team and airport operations. All these teams should work together in identifying insiders ensuring that information flows quickly when suspicious or questionable behaviour is observed.
To better understand where the vulnerabilities lie, airport operators should carry out risk assessments to determine what measures are required to address such threats and mitigate them effectively.
Those mitigations could include:
It’s important to note that not all insiders at airports need to have a physical presence to cause harm. In today’s digitally connected world, insiders can also use their privileged access to computer systems and IT to attack the airport and cause harm. Airports not only have to contend with implementing physical measures to address potential threats but should invest in cybersecurity defenses as well.
Mitigations to the cyber insider risk include:
The Addressing Insider Threat Handbook provides a comprehensive view on how the insider threat can disrupt operations at airports and the use of best practices to mitigate risks.