TSA to roll out strategic plan for insider threats next month

Acting Deputy TSA Administrator Patricia Cogswell said that as screening tech has improved, insider threats have become an increasingly attractive attack vector for bad actors.

Shutterstock ID 679967149 by HNWORKS
 

As airport screening technologies have gotten better at detecting dangerous and illegal items, terrorists, criminal groups and nation-states are increasingly looking to leverage insider threats to achieve their goals, according to Acting Transportation Security Administration Deputy Administrator Patricia Cogswell.

According to TSA estimates, there are more than 1.8 million aviation workers who have nonescorted access to security-restricted areas at airports around the country. At a Feb. 19 event hosted by the Armed Forces and Communications Electronics Association, Cogswell said combatting insider threats were now one of the agency's top security issues. As a result, the agency is increasingly focused on developing new policies and technologies to guard airplanes and airport systems from being manipulated or sabotaged by compromised employees.

"The good news is we've gotten really good at screening people coming onto planes and their stuff, so that means our adversaries look at what is considered to be the next easiest way to [get access], and a lot of that stems from, focuses around, insider access to our transportation arena," said Cogswell.

Such insiders can be exploited both wittingly and unwittingly by foreign agents, criminal groups or terrorist organizations, tricked into providing access to sensitive systems or moving seemingly innocuous nonlethal items that can later be paired with other components and assembled into a weapon after moving past screening procedures. Cogswell said TSA and airlines should take a lesson from U.S. intelligence agencies that even trusted employees are vectors of attack and that passing a background check doesn't make you immune from potential compromise.

"This is an area where the number one thing we need to do is incentivize a security culture," she said. "That mindset, that approach, that thought process that no one is above security. That everyone is part of security."

While screening technologies have become more effective, Cogswell said the demand for such equipment at airports often outstrips TSA's supply. Even when they do get the money, the reality of budget and procurement cycles means many airports suffer longer lines and delays processing passengers while they wait for new screening equipment. Members of Congress have fought with the Trump administration to carve our more funding for more advanced screening equipment they believe is vital to detecting modern explosives hidden in electronic equipment like laptop computers.

TSA has an initiative, the Capability Acceptance Process, that allows aviation industry stakeholders to procure Advanced Imaging Technology devices, Computed Tomography 3D X-ray machines, boarding pass scanners, explosives detection systems and other technologies that meet pre-established quality standards – and help the donors speed up airport check-ins.

"What this means is we qualify the equipment, we say this equipment meets our detection standards and our operational testing standards," Cogswell said. "If it meets both of those, you may buy it and gift it to us."

The Government Accountability Office reported on Feb. 11 that insider threats are one of TSA's "most pressing concerns." TSA has multiple offices working on insider threat mitigation, those activities are not being guided by an overall strategic plan, the report stated. Further, the agency has not established performance goals and metrics to measure the effectiveness of those activities.

"Without a strategic plan and performance goals, it is difficult for TSA to determine if its approach is working and progress is being made toward deterring, detecting, and mitigating insider threats to the aviation sector," auditors wrote.

The agency set up an executive steering committee in 2018 specifically focused on providing oversight for insider threat programs. Another body, the Aviation Security Advisory Council, issued 21 recommendations for improvements in threat detection, assessment and response, aviation worker vetting, screening and access controls, training and engagement, information sharing and governance and internal controls.

After her speech, Cogswell told FCW that the agency would have a strategic plan for insider threats finalized within the next month.

She did not have a timeline for addressing recommendations in the ASAC report, but said one initiative it has spurred is requiring full enrollment in the FBI's "Rap Back" Service, which collects fingerprints and conducts continuous monitoring and background checks for employees in positions of public trust.

"Traditionally those were point in time checks, now it is we enroll you and anytime new information [comes to light], we are notified," she said.