The Transportation Security Administration is planning to increase and share information it collects, including that gleaned from employees, with other federal agencies and the private sector in an effort to prevent insiders from perpetrating various harmful malfeasance.
Artificial Intelligence, probabilistic analytics and data mining are among tools the agency lists in a document it issued today loosely outlining the problem and the plan to create an “Insider Threat Mitigation Hub.”
“The Insider Threat Roadmap defines the common vision for the Transportation Systems Sector that insider threat is a community-wide challenge, since no single entity can successfully counter the threat alone,” TSA Administrator David Pekoske wrote in an opening message.
In July 2019, a surveillance camera at the Miami International Airport captured footage of an airline mechanic sabotaging a plane’s navigation system with a simple piece of foam. The TSA road map describes this incident along with a number of others dating back to 2014 spanning a range of activities including terrorism, subversion and attempted or actual espionage, to stress the need for a “layered strategy of overall transportation security.”
A TSA press release identified three parts of that strategy as “promoting data-driven decision making to detect threats; advancing operational capability to deter threats; and maturing capabilities to mitigate threats to the transportation sector.”
Under the first objective, TSA plans to “develop and maintain insider threat risk indicators,” which could include behavioral, physical, technological or financial attributes that might expose “malicious or potentially malicious” insiders.
“We must identify key information sources, and ensure they are accurate and available for use in informing risk mitigation activities,” the document adds.
For the second objective, the document describes information-sharing plans with other federal agencies and industry.
“We will establish an Insider Threat Mitigation Hub to elevate insider threat to the enterprise level and enable multiple offices, agencies, and industry entities to share perspectives, expertise, and data to enhance threat detection, assessment, and response across the TSS,” the document reads. “This capability will allow us to fuse together disparate information points to identify intricate patterns of conduct that may be unusual or indicative of insider threat activity and drive enhanced insider threat mitigation efforts.”
Meeting the third objective would require seeking out the appropriate technology to improve detection and mitigation of insider threat TSA writes, and expanding it throughout the agency’s supply chain.
TSA pre-empted concerns usually associated with massive data collection practices by including the protection of privacy and civil liberties among the “guiding principles” it said would accompany its efforts.