Federal agents foil a Kansas man’s attempt to bomb the airport in Wichita (see "A plan gone awry from the start" below for more information). Police in New York break a gun-trafficking scheme based on flights from Atlanta. UK counter-terrorism officials arrest a self-proclaimed terrorist, carrying military-style equipment and a large amount of cash as he prepares to board a plane at Heathrow.

What do these incidents have in common? Each bore the markings of an inside job – aided or carried out by someone in a position of trust. In the examples above, the insiders included an avionics technician, a baggage handler, and a shop employee, respectively.

 

Insider Threats Are a Universal Concern.

They are as old as civilization itself. An official report from over 3,000 years ago accuses the mayor of western Thebes of being behind a rash of tomb robberies in Egypt’s Valley of the Kings.

Today, insider threats are a source of ongoing concern throughout our economy. Manufacturers guard against the sabotage of production equipment. Retailers monitor “shrinkage” (inventory loss), often the result of employee theft or supplier fraud. Organizations of all kinds worry about the protection of sensitive data, not to mention people’s safety on their properties.

 

Background Checks Are Important, but May Be Insufficient.

In U.S. airports, employees must undergo a thorough background check before gaining access to the facility’s secure areas. Those who clear the background check receive a SIDA (Secure Identification Display Area) badge that allows them into the boarding gates, baggage loading areas, runways, and other secure areas.

But badge-only access leaves a security hole that the unscrupulous can exploit. In the New York gun-trafficking scheme, an airline baggage handler used his badge credential at the Atlanta airport to take bags of firearms to a passenger who had already cleared security checkpoints.

The federal government has recognized the issue. On July 6, 2016, Congress green-lighted an aviation bill that includes measures to reduce insider threats at US airports. The proposed legislation subjects airport employees to more frequent random inspections and tighter vetting for access to secure areas. This echoes the Transportation Security Administration’s (TSA's) own efforts to step up airport access control.

Airports may, of course, go even farther. At Miami International, for instance, employees must go through screening checkpoints rather than rely on badges to reach the airport’s secure areas.

 

An Insider Threat Program Can Bring the Airport Community Together.

Yet even screening has its limits. It monitors only what an employee brings to work that day. It doesn’t necessarily keep insiders from facilitating others in the airport who may have malicious intent.

For that reason, airport authorities might consider augmenting existing practices with a program to help prevent, detect and mitigate insider threats. Such a program recognizes the airport for what it is – a complex ecosystem of airlines, vendors, contractors and airport employees – and provides a way for this community to come together to protect the aviation transportation system. In a sense, the airport community becomes an insider threat working group.

Borrowing from similar programs that exist in both the public and private sectors, the community would agree on the following:

• Well-defined expectations for employee behavior.
• Universal training and communications.
• Standard vetting and termination procedures.
• A central system for reporting suspicious or anomalous behavior.

The goal is to enable pattern detection by combining the perspectives of anyone with access to airport information, facilities, or people. For example, a baggage handler has one view of the airport. A ticket agent has another, as do the bagel shop manager and the restaurant bartender. A common platform can transform many pairs of eyes across the various zones of an airport into a singular detection capability.

 

Airport Security Can Be a Source of Leadership.

So the airport community would act as the engine of an insider threat program. But who belongs in the driver’s seat? A good candidate is likely the chief of airport security.

The airport security organization is responsible for the property’s physical security. It can see whether people are moving about in a way that isn’t relevant to their jobs. But the security organization also has relationships with local law enforcement and the appropriate federal agencies. In other words, it’s a hub ­­– a place for activity coordination and information sharing, not only within the program but between the program and other security partners.

Another argument for airport security leadership is vendor due diligence. Large corporations are starting to impose stricter guidelines for contractors who require access to internal staff, systems and facilities. Should airport management adopt similar vetting of its supply chain, the head of security would be in a position to integrate that effort with the airport’s insider threat program.  

 

Empowerment Joins Compliance to Help Curb Insider Threats.

When it comes to airports, passenger screening claims the greater share of public awareness. Efforts to curb insider threats aren’t as well known, despite recent scrutiny from civil aviation authorities. But airports are paying attention and evaluating ideas from other organizations.

Done effectively, an insider threat program supports existing TSA recommendations. It emphasizes early detection, prevention and response. It arrives at agreed-upon policies for employee management, training, communications, and reporting procedures. Perhaps most significantly, it takes practices largely designed to control (such as restricting access to concourses, planes and tarmac) and enhances them with ones that aim to empower. In so doing, airports can create a way for employees to stop insider threats right where they begin.

 

---

An Insider Plan Gone Awry

A 59-year-old man from Wichita, Kansas, planned and tried to carry out the suicide bombing of an airliner at what is now Wichita Dwight D. Eisenhower National Airport. On December 13, 2013, the day of the planned bombing, Terry Lee Loewen, an avionics technician who worked for an aircraft services business at the airport, used his security badge twice at an entrance card reader, attempting to gain access to the tarmac where the airliner was parked. The FBI arrested him there with the explosive device, which he and undercover FBI agents had built (with inert explosive material, unbeknownst to Loewen) as part of an Internet sting the FBI had carried out. Loewen was sentenced to 20 years in prison for the attempted suicide attack.

---

Airport Fast Facts

• Total number of public and private use airports in the United States: 19,299 (As of August 2014)
• People who work at U.S. commercial airports, 2013: 9.6 million
• Passengers on U.S. domestic flights, 2015:  696.2 million
• Passengers on U.S. and foreign airline flights to and from the U.S., 2015: 199.4 million

---

As used in this document, "Deloitte" means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see http://www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this communication.

Copyright © 2016 Deloitte Development LLC. All rights reserved.