A Department of Homeland Security Center of Excellence led by the University of Maryland

A consortium of researchers dedicated to improving the understanding of the human causes and consequences of terrorism

Discussion Point: Insider Threat in the Aviation Industry

Discussion Point: Insider Threat in the Aviation Industry

April 29, 2015Herbert Tinsley and Cory Davenport

As is often the case in the wake of an individual committing a seemingly inexplicable act of violence, warning signs are coming to light that, if recognized earlier, might have prevented the murder-suicide of 150 passengers and crew aboard Germanwings Flight 9525 by Andreas Lubitz.  Among these signs are persistent mental health issues, the severity of which Lubitz appears to have attempted to hide from his employer, and comments suggesting an intention to take some grand action that would make him famous. These warning signs inevitably raise questions about why the violent act was not prevented.

Mercifully, acts of mass violence committed by employees are rare. Commercial and government organizations worldwide, however, have long grappled with the problem of malicious or dangerously unstable insiders: screened and scrutinized individuals given authorized control of potentially dangerous hardware or information, who misuse their access with catastrophic results. While these organizations have security procedures to deter or prevent insider threats, there are many occasions where the procedures are less than effective, where they are effective but inconsistently applied, or where they are applied piecemeal and not in proper harmony with one another. Lufthansa, the parent company of Germanwings, is clearly in this category.

Regardless of the motive—whether an insider has personal, medical/mental health troubles, seeks money for sensitive information, expresses disgruntlement or fears loss of status, has been put to coercion or blackmail, or harbors divided loyalties or ideological objectives—techniques exist to further minimize vulnerability due to insider threats.

Organizations need to conduct a calibrated risk assessment. The insider threat stems from access and impact: who has the greatest access to the most impact-potent assets? Before even beginning to recreate personnel reliability programs or vetting procedures for new hires, an organization must soberly zero-in on the critical segments of the employee corps. Internal security structures tailored to this measure would save money and better anticipate surprise.

Depending upon the potential threat that an employee poses, an organization may need to more aggressively and more consistently monitor employee behavior and employ systems which prevent unwanted behavior. Traditional background checks and psychological evaluations cannot always weed out insider threats, but scrutiny of Internet use and social media activity can help by identifying problematic comments or behaviors from the past or as they come up throughout employment. Problematic workplace behaviors can sometimes be prevented when potentially disruptive actions require management sign-off or when physical systems actively prevent certain actions, like the use of an Automatic Ground-Collision Avoidance System in commercial flights to prevent crashes.

Of course, the checks and evaluations usually in use are only as powerful as their frequency and variety. An organization that requires periodic and variable checks/evaluations (i.e., workplace climate surveys, psychological assessments) is the one that can develop useful data about employees’ professional and personal states over time.

These impersonal approaches should only be considered one part of an effective insider threat prevention program. Personal rapport and visible security culture—no matter the environment—are crucial supervisory and security concepts. Consistency in “how’s-it-going-today,” in open door policies which promote self-reporting, in openly rewarding good security behavior, and in empowering and developing intentionality in security protocol can often serve to highlight threats—long before they turn disastrous.  Unfortunately, many organizations downplay the role of workplace climate in security.

After events such as the crash of Germanwings Flight 9525, new protocols and security measures are inevitable. But, piecemeal adjustments that seek to allay customers or regulators (i.e., altered cockpit door practices) generally do not go to the heart of the problem. New steps that can develop stark contrasts between appropriate and inchoate bad behavior should be considered first and continually.

This last suggestion incorporates a philosophical shift. In fact, in order to detect the insider, organizations must adopt a paradigm of integrative analysis. None of these suggestions—by themselves—can lead to optimal interpretations of a security baseline or of the insider’s trajectory from thought to behavior.  Bringing data captured through the above suggestions into the analytical process can greatly improve an organization's security. In addition, if an organization is known to adopt such a structure, a natural deterrent comes into play.

The risk of the insider act is highly complex and cannot be eliminated. Still, these recommendations do not arise from admonishment or panic, but from a far more mundane inspiration which we hope organizations, including Lufthansa, may adopt. The “layered” structures of modern internal security structures must take their own inherent logic very soberly. Every component of the system needs to be smartly applied, applied over-and-over, and applied in connection and coordination with one another. If one knit of the net is out of place, the gaps become more inviting or more probable as pathways for various types of insider threats, including those looking to kill themselves and others by crashing a plane.