Transcript
Insider Threat
Jayne Maisey
Head of Regulation, Policy & Practice Birmingham International Airport
Insider Threat
Jayne Maisey Head of Regulation, Policy
and Practice
What is Insider Threat ?
A person who exploits, or has the intention to
exploit, their legitimate access to an
organisation’s assets for unauthorised purposes
Employees
Former employees
Contractors
Business associates
Insiders in Aviation
Scale and Complexity of the Aviation
Industry
50,000 commercial flights airborne
...Insider Threat to Aviation Security?
The global threat to Aviation Security is well known .
Security is ‘preventing adverse consequences from the intentional and unwarranted actions of others’
As an industry we expend energy combating outsiders but not so much insiders
The strength and weakness of any security system is people
UK based study – top 5 threats
Unauthorised disclosure of sensitive information
Process corruption
Facilitation of third party to an organisation's assets
Physical sabotage
Electronic or IT sabotage
• 80% of all incidents have a cyber element.
Demographics – consistent picture
More men engaged in insider activity – 82%
49% cases occurred within the 31-45 years age group
88% carried out by permanent staff (93% full time )
7% involved contractors and 5% agency or Temporary staff
Highest concentration of perpetrators by role :
Customer service - 20%
Financial - 11%
Security 11%
Insider behaviour
Deliberate insider – obtaining employment to exploit their access
Self initiated insider – taking an opportunity to exploit access permissions
Recruited insider – Recruited by a 3rd party
Primary motivation
58% of cases were more likely to be graduates
Individual level factors - personality
Immature
Low self esteem
Amoral and unethical
Superficial
Prone to fantasising
Restless and impulsive
Lacks conscientiousness
Manipulative
Emotionally unstable
Personality disorder
Individual – circumstances / behaviours
Poor work ethic
Stressed
Exploitable
Ready access to
valuable/key assets
Recent Negative life event
Excessive copying of
materials
Unusual IT activity
Unauthorised handling of
sensitive material
Commits security
violations
Organisational factors
Poor Management practices
Poor use of auditing functions
Lack of protective security controls
Poor security culture
Lack of role based risk assessments
Poor pre-employment screening
Poor communication between business areas
Lack of awareness of ‘insider’ risk at senior level
Aviation a special case ?
Rajib Karim – Airline IT engineer Guilty – Jailed for 30 years
Engaging in conduct in
preparation of acts of terrorism.
Terrorist fundraising.
Possessing a document likely to
be of use to a terrorist.
Rajib Karim – Double life
Worked since 2007 for British Airways in Newcastle Extremist beliefs – fund raising. Direct communication with Muslim cleric – al Awlaki.
Information about IT hardware locations Associates with key areas of access.
Jan 2010 – Rajib Karim
Government Agencies supplied the lead Would security measures alone have been successful
?
Assessing the risk.
Assess nature and magnitude of the risks, role by role.
Identify credible threat scenarios: Modus operandi
Target
Roles
Threat likelihood – Intelligence
Consequences – human, psycholgical, reputational, political and economic.
THREAT x VULNERABILITY = RISK
Effectiveness of mitigating measures
Residual Risk
Pre-employment screening
Ongoing preventative measures - STOP
Random searches
Limit lone working
Limit the carriage of personal belongings into the critical part
Restrict personal storage
Reduce, restrict access levels
Clear pass display, check and challenge
Potential mitigations - SPOT
Effective management
Effective Team Working
Confidential Reporting ‘whistle blowing’.
Welfare monitoring
Pass use analysis
Incident management
Media profile checks
Monitor Social Media Sites
Standard Operating Procedures
Deterrence Communications
Security culture
Security management system - SeMS
SPOT, STOP....Act
Process to manage the situation.
Role vulnerability already assessed
Investigation
Possible outcomes
Return to duties
Dismissal
Restriction of duties
Permit individual to seek alternative position
Most breaches have a simple explanation
Summary
Insider threat is real
People are the problem and the solution.
‘No security gap is too small’
New recruits required ???
Jayne Maisey
E mail :
jaynem@bhx.co.uk
top related