Insider Threat Management

The Seattle Plane Theft Shows a Need for Insider Threat Awareness

Share with your network!

Far beyond the technological and cybersecurity aspects of the insider threat conversation, there’s a human story. The recent, tragic Seattle plane crash after its theft by an airport employee, Richard Russell, has brought to the forefront an issue of physical insider threat. This story is as much about physical clearances and breach of protocol, as it is little-discussed issue of employees’ mental health, and the telltale signs of a potential issue.

Insider Threats in Aviation and Beyond

A 2017 Department of Homeland Security (DHS) report called for stricter security measures for airport employees, warning that the risk for “insider threats to aviation security are on the rise.”

Although incidents like the Seattle plane theft are extremely rare, they are shocking enough to prompt serious reviews of physical security protocols. For example, Russell should not have been able to tow or board a plane alone, as protocol requires at least two people to be present in these scenarios.

The DHS recommendations around insider threat mirror some of the core tenants of an effective digital insider threat management program. For example, the agency recommends that employees be educated on their role in mitigating insider threats and securing access to sensitive areas of airports. In a digital insider threat management scenario, it’s equally important to educate employees on their role in adhering to cybersecurity policies and best-practices.

he DHS states credentialing processes and playbooks should be periodically reassessed and rigorously tested to ensure continuous improvement. In addition, access controls should be put into place to only allow the people who absolutely need clearance to certain areas to the airport.

The same goes for cybersecurity practices regarding privileged users.

Beyond aviation, where the danger of insider threats and lone-wolf terror attacks often loom large, the healthcare and financial services industries are two key areas that are under increased pressure to remain vigilant about physical access protocol and insider threats, following several well publicised incidents.

Employee Mental Health Awareness

Russell had gone through background checks and security screenings prior to being employed, but the airport did not perform a psychological screening. Authorities described Russell as suicidal, based on recordings from the air traffic control team’s unsuccessful attempts to get him to maneuver the plane and land safely. It’s a tragic incident that reminds us of the often-neglected, but critical issue of employee mental health and wellness, but also helps us recognise its importance in the context of cybersecurity and insider threat management.

Approximately 1 in 5 adults in the US experience mental health challenges every year, with more than half of individuals in middle‐ and high‐income countries experiencing at least one psychological disorder in their lives, according to a recent Quartz article. The same article pointed out a study from The Lancet Psychiatry showing the benefits of giving managers just four hours of training on mental health. Researchers found that after six months, the managers’ direct reports had an 18% reduction in work-related sick time off (while the control group had a 10% increase).

These sobering statistics, paired with this promising study, point to the need for an ongoing approach to employee engagement on mental health issues. Paired with psychological screenings, these approaches could help reduce the risk of fatigue, depression, poor health, and insider threat-related incidents from employees who may be showing signs of workplace stress or other key indicators often associated with a potential insider threat.

In Closing

If even one life can be saved, or insider threat incident avoided, from establishing and maintaining better physical and cybersecurity protocols and mental health trainings, the value of these programs would be proven.

We would all do well to remember that we’re all equally a part of the insider threat problem, as well as the solution. Oftentimes we think of insider threat management in terms of processes and technologies, but it is important to remember that people are at the heart of it.