the enemy within · 2018. 9. 27. · 4 5 mandate create a shared vison and objectives for the...
TRANSCRIPT
The Enemy WithinTechniques to Combat Insider Threats:Lessons From the Aviation Industry
Shayne Bates, CPPStratum Knowledge, LLC.
Risk Based
Divestment
Partnership Cloud
Business Value Compliance
ConvergenceLeaders
Rapid
From Replication to Transformation & Automation
2005 2015 2016 2017 2018
Security industry starts
replication of functions
of security from
analog to digital.
Process Automation is
being extended to safety,
security and compliance
programs.
IDC predicted that 2
out of 3 CEOs had
digital transformation
at the heart of their
corporate strategy.
more than 85% of
organizations have
already started Digital
Transformation projects.
Innovation decade
ahead
One Decade to Replicate
• Life Safety
• Security & Compliance
• Emergency Communications
• IoT
• Big Data
• AI & Machine Learning
• Location Based Data
Supported By
1
2
3
4
5
MANDATECreate a shared vison and objectives for the program – reinvention –productivity – cost reduction.
EVALUATEApply a data-driven approach to the assessment, business case and prioritisation of opportunities.
INTEGRATEDeliver the projects expected benefits using the plan, schedule and resources.
INITIATEPlan and schedule the deliverables required to deliver the project.
IDEATEExplore opportunities to improve security and enhance service through the lens of ESRM. How does it help the business?
Connecting With The Business
Risk Assessment Techniques
QUALITATIVE
Effective when there is no relevant data present. Typically used for risks
that have never occurred before. Subject to bios
and errors in estimation.
ANALYTICS
Effective when there is data set that can be
analysed by subject matter expert. Data needs to be
interpreted and aligned to risk events
MACHINE LEARNING
Effective to predict a specific value or category
of a given risk event. Requires similar data to
analytics and skill to build the model. Highly effective in predicting the outcome of a potential event with
many dimensions.
QUANTITATIVE - DATA DRIVEN
Source: Int:rsect 2017 https://www.slideshare.net/ResolverInc/data-driven-risk-management
Donald Zoufal, CPPSDI Presence
Layered Approach to Security
Source of Image: U.S. General Accountability Office. Testimony Before the Subcommittee on National Security, Homeland Defense and Foreign Operations, Committee on Oversight and Government Reform House of Representatives. “Aviation Security: TSA Has Taken Action to Improve, but Additional Efforts Remain.” GAO-11-807T. July 13, 2011. Cited at http://www.gao.gov/new.items/d11807t.pdf (Accessed September 21, 2017)
Complex Multi-Level Environment
Source of Image: U.S. General Accountability Office. Report to Congressional Requestors. “Aviation Security: Airport Perimeter and Access Control Would Benefit from Risk Assessments and Strategy Updates.” GAO -16-632. May 2016. cited at http://www.gao.gov/assets/680/677586.pdf (Accessed September 7, 2016)
Airport Risk Management Process
Source of Image: U.S. General Accountability Office. Report to Congressional Requestors. “Aviation Security: Airport Perimeter and Access Control Would Benefit from Risk Assessments and Strategy Updates.” GAO -16-632. May 2016. cited at http://www.gao.gov/assets/680/677586.pdf (Accessed September 21, 2017)
Airport Risk Management Process
Source of Image: RTCA, Inc, Special Committee 224 (SC224) ‘Standards for Airport Security Access Control Systems,” DO 230f. 2015. cited at http://www.rtca.org/storedef.asp?optid=1231 (accessed September 21, 2017)
Regulated Process Under 42 CFR 1542 Including Requirements for
• Employment History Checks
• Criminal History Records Checks
• Verification of Eligibility to Work
• Security Threat Assessment
• Security Training
• Authorized Signatories
• Trusted Agents
• Audit Requirements
Aviation’s Partnered Vetting Environment
Source of Image: U.S. General Accountability Office. Testimony Before the Subcommittee on Transportation Security, Committee on Homeland Security, House of Representatives, “Aviation Security: TSA Has Taken Steps to Improve the Vetting of Airport Workers.” GAO-15-704T. June 16 2015. Cited at http://www.gao.gov/assets/680/670809.pdf(Accessed September 21, 2017)
Linking to Next Generation Identification (NGI)
FBI Next Generation Identification (NGI)
• System to replace IAFIS (the integration system for biometrics and criminal histories)
• AFIS modified to AFIT (more accurate algorithms)
• Facial Recognition
• Iris Pilot
• Latent and Palm Prints
• Rap Back & RISC
Source of Image: U.S. Department of Justice, Federal Bureau of Investigation. Official Website. “ Next Generation Identification (NGI).” Cited at https://www.fbi.gov/services/cjis/fingerprints-and-other-biometrics/ngi (Accessed September 21, 2017)
Inside Threat Triad
Malicious Actors
Mental LapsersMilitantly Stupid
The Three M’s
• Intentional • Reckless• Negligent
Josh JacksonRightCrowd Software
• Task: Implement & Automate Security Workflows:
• Mitigate: Reduce Criticality & Fast Moving Risk (“Zero Day”)
• Service: Real-time Efficiencies (e.g. - Visitor Approvals)
• Cost: Drive Transactional Delivery Cost Down
• Need: IT Platforms Need to Host and Integrate a Wide range of Sensors, Data Sets and Connections
• Opportunity: The Rise of Process Automation tools
Implementing Security Process Automation
● Increasing insider threats
● Frequency and complexity of cyber attacks
CYBER SECURITY
PHYSICAL SECURITY ● Terrorism concerns
● Increasing perimeter protection
● Growing insider threats
PROCESS AUTOMATION ● Reduction in employee expenses
● Improved resource productivity
● Enabling new security models
PRIVACY ● Maintaining intellectual property integrity
COMPLIANCE ● Satisfying increasing regulatory requirements
SAFETY ● Protection of people, assets and reputation
COMMERCIAL BENEFITS● Automated contract administration and compliance
● Mitigating risk of litigation
Process Automation Drivers
Integrating business and security systems to deliver safety, security and business efficiency.
Workflow Integration
Secret Sauce: Keeping Business
Knowledge & Processes Separate from Access Technology
Empowering Physical Security Systems
Process Automation in the Business Ecosystem
PHYSICAL SECURITY – IT CONVERGENCE
TALENT IS KEY; ESRM
PROGRAM IS ESSENTIAL
ESRM ENABLERS CRITICAL
GENUINE PARTNERSHIPS
● Everything is IT – including physical security systems
● Threat landscape is constantly evolving
● Failure to adapt programs leaves the organization open
● Digital capability gap in physical security to be closed
● Battle for talent to attract technical people to physical security
● ESRM is a systematic approach to adapting to a changing threat landscape
● Broad range of new technology to be understood in the context of ESRM
● Not just about more CONTROL
● Data driven risk VISIBILITY enablers are critical
● Untapped opportunities to breakdown internal silos
● Continued evolution of technology platforms has benefits for Security Practitioners and vendors
● ESRM & automation creates genuine opportunities
for new security models
Building Digital Momentum
Enterprise CWA & Process Automation
Bill McAteerEvolv Technology
AV
IAT
ION
IN
SID
ER
TH
RE
AT
IN
CID
EN
TS
CONFIDENTIAL & PROPRIETARY. Any use of this material without specific permission of Evolv Technology is strictly prohibited.
Egypt – Metrojet 9268 October 2015
o Airport Employee plants explosive device on plane
o 224 passengers & crew killed in crash
San Juan International Airport – February 2017
o Airport Employees arrested in drug smuggling case
Dallas – DFW August 2018
o Nationwide drug smuggling aboard planes
o 46 people indicted including airport employees
Minneapolis – MSP 2008-14
o Men recruited by ISIS were former airport
employees with access to airplanes
o One of the men became a suicide bomber
abroad
Seattle – SeaTac August 2018
o Ramp worker “steals” plane, flies around Seattle
area and crashes plane.
Ba
ck
to
th
e b
asi
cs Who?
What?
Where?
When?
Why?
How?CONFIDENTIAL & PROPRIETARY. Any use of this material without specific permission of Evolv Technology is strictly prohibited.
CONFIDENTIAL & PROPRIETARY. Any use of this material without specific permission of Evolv Technology is strictly prohibited.
Wh
o is
the
th
rea
t? Who?
Friend or Foe?o Airport Employee
o Airline Employee
o Vendor/Concessionaire
o Law Enforcement, TSA, or other Security
Personnel
o Taxi, TNC or Shuttle Drivers
o Construction Workers
o Contracted Services, Janitorial Staff, etc.
WH
AT
& W
HER
E A
RE Y
OU
R V
ULN
ER
AB
ILIT
ES?
What?
What is the intent?o Malicious- are they intent on causing
damage?
o Complacent- are there lax security
procedures?o Unwitting- are the employees aware of
policies and security procedures?
CONFIDENTIAL & PROPRIETARY. Any use of this material without specific permission of Evolv Technology is strictly prohibited.
WH
EN
& W
HY
AR
E T
HEY
IN
TH
AT
AR
EA
?
When?When are they at your airport?o Are they scheduled to work
today?
o Are there special events or VIP's in the area?
CONFIDENTIAL & PROPRIETARY. Any use of this material without specific permission of Evolv Technology is strictly prohibited.
Where?Where are they in the airport?o Do they have access to areas
outside of their work area?
o Do they have access to the
aircraft? The cockpit?
HO
W D
O Y
OU
MIT
IGA
TE T
HE T
HR
EA
T ?
Current AVSEC Best Practices -o Threat Assessment & Rap Back
o Employee Screening Programs
o Risk Based Security
o TSA- Known Crew Member (KCM)
& TSA PreCheck
How?
CONFIDENTIAL & PROPRIETARY. Any use of this material without specific permission of Evolv Technology is strictly prohibited.
Why?
Why are they at the airporto Work?
o Seeing off family
members/friends?
o Criminal intent?
Threat Assessment/ Rap Back
Threat Assessment (Background Check)o Recurring (every 2 years)
o Criminal Convictions only
o Condition of employment
RAPBACo Currently in use at several airports
o Realtime Alerts
Employee Screening & RBS
Leverage Technologyo Be ahead of the threat!
o What are you looking for?
o Metallic/Non-metallic threats?
Prohibited Items?
o TSA level of screening?
Risk Based Securityo TSA Pre-Check
o Known Crew Member (KCM)
RISK BASED SECURITY
De
nie
d
En
try
“W
alk
Up
” P
art
icip
an
ts
Ve
rifie
d a
nd
Tru
ste
d P
art
icip
an
ts
TR
US
T
Quantifiable concern based on
known or suspected affiliations
No reason to trust… no reason not to trust…
Organizationally determined reasons to
withhold trust – poor past behavior, etc.
Organizationally determined reasons to trust –
background verified, tenure, financial commitment
Su
spic
iou
s
Pa
rtic
ipa
nts
PHYSICAL SCREENING
Questions