TSA makes data a top priority for detecting insider threats
The Transportation Security Administration is prioritizing the use of data to detect insider threats to the transportation system, under a roadmap released Thursday.
TSA issued the document in response to an October directive from the Department of Homeland Security that its agencies implement an insider threat detection and prevention program.
The agency defines an insider threat as a person who wittingly or unwittingly uses their authorized access to sensitive areas and information to compromise transportation security— or allow criminals or terrorists to do so — in a way that hurts people, organizations, systems, or national security.
“Together with our interagency partners and industry stakeholders, we will maximize innovation and technology to mitigate insider threats,” said TSA Administrator David Pekoske in the announcement. “In addition to addressing key operational needs, implementing the roadmap will also enhance our position as a global leader in transportation security and advance transportation security standards worldwide.” TSA is responsible for mitigating insider threats throughout the entire transportation sector, including airlines.
Terrorists sought to use an insider to attack a transportation system in 2019, and TSA is concerned they could use transnational criminal organization tactics to recruit or place insiders in the sector, according to the roadmap.
For that reason, TSA’s top priority in the roadmap is making data-driven decisions to detect threats by collecting and using threat information more efficiently and establishing the technical capabilities to identify and evaluate risks. Advanced analytic solutions using artificial intelligence, predictive analytics and data mining will be used in developing screening and staffing models, per the document.
“Crucial to mitigating insider threat activity is the information needed to detect it. Specifically, accurate and quality source information is key to effectively inform mitigation activities,” reads the roadmap. “This priority is intended to align existing information and data sources, ensure their integrity, and use them for modeling and analysis”
The first step is working with security partners to determine key assets and mission-critical functions. Once TSA knows what elements are essential to operations and national security, it can establish behavioral, physical, technological and financial risk indicators for insider threats.
TSA will increase the information it releases on behaviors and actions that have occurred in actual insider threat incidents, according to the roadmap, though it did not specify how.
The second roadmap priority is advancing TSA’s operational capability to deter threats and the third is maturing the transportation sector’s capability to mitigate threats through partnerships.
Guiding principles include promoting a security culture within TSA, adopting a “privacy-by-design” mindset and harmonizing work with other components of DHS.
The next step for TSA is developing phased implementation plans addressing management, timelines and performance measures for achieving the roadmap’s three priorities.
Pekoske acknowledged in his introduction that publishing a roadmap during the coronavirus pandemic may present a challenge, but he said that implementation plans will be carefully coordinated with security partners during recovery.
“While we recognize that there is no ‘turn-key’ solution to mitigating insider threat, this roadmap will help implement safeguards that incrementally raise the security baseline,” Pekoske said.