GAO: Insider threats are of highest concern in aviation security
In 2015 alone, more than 895 million passengers boarded a flight, and passenger enplanements are expected to increase in 2016. Ensuring the safety of both passengers and crew members when flying requires protecting airports and airplanes, and screening employees, workers, or other individuals who need to gain access to the nations airports on a regular or daily basis.
The Transportation Security Administration (TSA) is the regulatory agency responsible for this daunting task that includes passenger and baggage screening, maintaining perimeter security and assessing insider threats across approximately 440 commercial airports in the U.S.
A 2016 report released by the Government Accountability Office (GAO) indicated that recent assessments conducted by the TSA do not adequately reflect relevant data on current risks. Additionally, the GAO found that the TSA does not engage airport stakeholders, including airport operators or airlines, in information sharing to help assess and deter those risks with best practices.
The report was prompted by concerns over security threats that occurred at two different airports in 2014. One incident took place at the San Jose International Airport in California when a a 15-year-old boy stowed away in the wheel well of an airplane going to Hawaii after allegedly scaling an airport perimeter fence.
— FCLeslieville (@FCLeslieville) April 22, 2014
Another incident occurred at Atlanta’s Hartsfield-Jackson International Airport in Georgia and involved a baggage handler using airport-issued credentials to smuggle firearms – both loaded and unloaded – onto commercial flights to New York. The baggage handler would take these firearms into the passenger waiting area where he would give them to an accomplice who would then board the flight en route to New York with the weapons.
— Liz Goldenberg (@newstruthliz) December 23, 2014
Rogue aviation workers
Identified as rogue aviation workers, these individuals are defined as a people who seek to “exploit their credentials, access, and knowledge of airport security procedures for personal gain or to inflict harm.”
Such rogue aviation workers, or insider threats, constitute the highest concerns regarding aviation security among the Department of Homeland Security (DHS), the TSA and the Federal Bureau of Investigation (FBI), and, thus, increased measures may be necessary in light of these heightened risk.
Additional gaps revealed
The GAO report indicated that while some measures were taken to address threats revealed in the 2009 report, these recent changes to the risk environment have revealed additional gaps and realigned priorities that will likely require a redirection of resources. Failure of the agency to update risk assessment strategies and to include airport stakeholders in outcomes of conducted risk assessments can increase airport vulnerabilities, and may divert resources to inappropriate actions.
The report suggested that the TSA update its strategies with the recent vulnerability assessments, evaluate previous actions taken and their effectiveness, and then base current risk mitigation strategy decisions on these evaluations.
Findings from that 2009 report
In the 2009 report, the GAO had evaluated security measures and strategies of the TSA regarding risks to airport perimeter and access control security. Findings from that 2009 report revealed a failure by the TSA to complete a thorough risk assessment in accordance with the National Infrastructure Protection Plan (NIPP).
The NIPP risk assessment includes three risk elements: threat, vulnerability, and consequences. Other findings suggested that security enhancement efforts implemented by the TSA did not follow the unifying national strategy to comprehensively address key elements. The unifying national strategy key elements include identifying goals, priorities, performance measures, and required resources to address the three risk elements as outlined by the NIPP.
The NIPP was designed by the DHS in order to help critical infrastructure stakeholders appropriately determine the highest priority categories in which to invest limited resources. The risk assessment outlined by the NIPP serves to assist the TSA in determining its highest priority goals, and also in continually measuring its performance in accordance to actions taken to reduce that risk.
A few of the current strategies undertaken by TSA following the most recent 2016 report include:
- Updating assessment tracking resources to better evaluate past efforts.
- A commitment to nationwide sharing of “best practices for mitigating airport perimeter and access control security vulnerabilities with airport operators.”
Going forward, to protect the flying public and airline crews, it is critical that TSA leaders embrace the urgency of the actions needed to better coordinate risk management strategies and redirect priorities to engage in effective measures to reduce risk.