In light of the recent US Homeland Security Committee report highlighting the dangers posed by an airport’s own staff, we asked Art Kosatka (left), CEO of aviation security consultancy, TranSecure, for his thoughts on the ‘insider threat’
Exactly who is responsible for dealing with the ‘insider threat’?
First, I’d like to define what we’re talking about within the parameters of ‘threat’. The most reported incidents are usually terrorism related. Essentially, bad guys storming the front door of a public terminal. ‘Public’ in the sense that anyone, carrying anything, can walk in the door unimpeded. In many ways, an airport is often no different than a shopping mall, sports arena, train, bus or subway station in that its landside area is essentially open to the public. It should also be noted that airports face a number of threats beyond terror. These include gun and drug smuggling; extensive vandalism/theft in the parking lots; and organized crime/theft rings operating in the cargo areas. Or the ‘threat’ could be a disgruntled employee trashing the airport’s entire operational/administrative data base with a virus, leading to ATC problems, nationwide cancellations and economic chaos because the hub airport can’t operate.We should also remember that commercial airports are not law enforcement agencies. By law and by regulation, they are required to have a cooperative arrangement with local law enforcement agencies to provide uniformed, armed officers in that jurisdiction – how many, covering which parts of the airport, is worked out individually. And in the US, the TSA is also not law enforcement – its task is to screen passengers and baggage. If there is a serious event or incident of any kind, it is the responsibility of the local police assigned to respond.
However, the TSA does have a regulatory role in ensuring airports provide an adequate physical security environment – including perimeter fences, surveillance, and access control systems that ensure only authorized persons can enter protected security areas. In particular, it is this last area of access control where the airport has a very significant role (and regulatory mandate) in maintaining a secure environment.
Can you give some recent examples of ‘insider threat’ incidents?
Recent examples include gun smuggling from Atlanta to JFK, regular incidents of drug smuggling through Miami and elsewhere, and everyday occurrences throughout the industry of theft from cargo buildings, concession storage and airport equipment and supplies. Poor credential management at an airport is often a contributory factor. In one incident several years ago, background clearances were taking a very long time and the airline, construction companies and others were pressuring the airport for quicker clearances to get their new people on board. So the office handling credentials simply reissued some recently cancelled badges to new hires who looked similar to the old photo.
Just how suspicious should airport staff be of their colleagues?
There is no question that the enormous majority of airport staff are conscientious employees only seeking to do a good job and earn a living. In receiving their security access badge, they also receive training on their security responsibilities at the airport. They are in effect the eyes and ears of security – they are familiar with every aspect of daily operations, and are the most likely to recognize anomalies – when something or someone ‘just doesn’t look right’. This doesn’t mean they should be on the lookout for a terrorist with a gun under his coat. It is often far more subtle. For example, it could be something as simple as noticing that a door lock isn’t working, or there’s a big gap in the fence.
What might turn a previously trustworthy employee into a threat?
It could be ignorance or greed: for example, offering to pay an employee to stow a package of drugs which is really a bomb. Money is always a potential factor. Blackmail in various forms, including taking family members hostage is another risk. Dissatisfaction with management can also lead to retaliation, not just against airport/airline management, but against any contractor working at the airport, from any employee who just got fired, for example.
What can an airport do to guard against the ‘insider threat’?
You should have to pass a criminal background check before being approved for a security pass that provides unescorted access to sensitive, airside areas. But one’s future behavior and intent cannot always be identified by examining one’s past. Unfortunately, there are no guarantees – constant vigilance is often the best we can do. There is no such thing as perfect security – just varying levels of insecurity. However, there are well-established and mandated policies and procedures for background clearances, recurrent checks, etc.
A good starting point for understanding the complexity of airport access controls would be the RTCA-DO-230G document entitled ‘Standards for Airport Security Access Control Systems’ (www.rtca.org). This is a 330-page document detailing the physical aspects of an access control system, as well as the credentialing process, biometrics, non-duplication, cancellation, records management, etc, which is continually updated by a standing committee, now in its eighth iteration.
Overall, continued vigilance and recurrent background checks are essential.
What role can technology play, going forward?
Biometrics can provide considerably greater certainty of identification; fingerprint-enabled systems remain the most common. There are different technologies with different advantages and disadvantages. For example, facial recognition technology has improved dramatically in recent years, but still has certain operational issues such as lighting, camera angle and orientation, target movement, etc. Some technologies are also more sensitive to exposure to weather conditions.
About the interviewee
Art Kosatka is the CEO of TranSecure. He was previously director of safety and security at the Airports Council International and after 9/11, was in the TSA’s Aviation Security Policy Office where he developed the TSA’s guidebook, ‘Recommended Security Guidelines for Airport Planning, Design and Construction’. TranSecure recently completed security design proposals for all 27 commercial airports in Saudi Arabia.
For more on the subject of the insider threat, see the special feature published in the March 2017 issue of Passenger Terminal World magazine, click here.
The insider threat will also be discussed at this year’s Passenger Terminal Conference. ‘The insider threat has no boundaries’ will be presented by Richard Duncan, Assistant General Manager, Public Safety and Security – Atlanta Hartsfield Jackson International Airport, USA, as part of the Aviation Security, Border Control & Facilitation session on Tue 14th March 2017.
Story by Anthony James
February 27, 2017