Horizon Air tragedy highlights airline insider threat vulnerability

The ease at which a Horizon Air employee was able to steal and crash a Bombardier Q400 turboprop will likely prompt airlines to develop an insider threat mitigation strategy to close this vulnerability.

Insider tragedy within Alaska Airlines’ Horizon Air
Reuters / Gary Hershorn

The recent theft and subsequent crash of the Horizon Air Bombardier Q400 turboprop airplane by a Horizon Air employee shocked the aviation security world.

The employee, Richard “Beebo” Russell, was a 29-year-old ground service agent (baggage handler/aircraft tow operator) who had worked at Horizon Air (parent company Alaska Airlines Group) for 3.5 years. On Aug. 10, he climbed into the cockpit of the 6-year-old Q400, which had been parked on a maintenance apron at Seattle-Tacoma International Airport (SeaTac), fired up the engines, and took off.

An unauthorized flight, in the jargon of the airlines industry.

The tragic flight

A review of the raw transmissions between Air Traffic Control (ATC) and Russell reveal that he had no intention of landing the Horizon Q400. In fact, he told the ATC he didn’t know how. The ATC attempted numerous times to guide Russell to nearby runways, of which there were five, including Joint Base Lewis-McChord (JBLM) whose Runway 15/35 is more than 6,000 feet long.

The ATC brought Q400 pilots into the conversation and attempted to assist Russell in landing the Q400, guiding him with specific instructions in how to prepare the aircraft for landing. Simultaneously two F-15s were launched from the Portland area to intercept the Q400. These Air National Guard jets arrived on station ahead of sonic booms in a matter of minutes, where they maintained visual surveillance.

Russell, during his sometimes-rambling conversation with ATC, gave an initial indication that he was going to conduct some acrobatics with the aircraft and then “call it a day.” Meaning, he anticipated crashing during the acrobatic stunt. Following the stunt, he expressed his surprise at having completed the maneuver.

The flight over the Puget Sound ended shortly thereafter as Russell crashed the plane onto the sparsely populated Ketron Island near South Tacoma, about 25 miles south of SeaTac.

The approximately 90-minute-long flight was Russell’s intended suicidal act.

There is no doubt the loss of life could have been substantially more significant. SeaTac, the ninth-busiest airport in the country had planes landing, taxiing, and taking off when Russell took to the skies. Both Seattle and Tacoma are densely populated cities. In Seattle at Safeco Field, a Pearl Jam concert was taking place with approximately 45,000 attendees.

The fact that Russell was not intent on inflicting injury or damage beyond his own demise and the destruction of his employer’s aircraft is what kept the event from being an even greater catastrophe.

Russell’s motivation a mystery

By all accounts, Russell was a nice, affable, easy-going individual.

The family’s post-event statement did not provide any clues as to the presence of depression or his being a disgruntled employee.

The New York Times tells us of a friend of Russell’s who noted how Russell was unhappy his specific job did not pay the $15 per hour that other airport workers received.

That said, a review of Russell’s own YouTube video highlights his “handling a lot of bags” and his use of the most significant perk provided to airline employees, the travel benefits. He ended his video with the statement, “It evens out in the end.”

Insider lessons learned

This trusted insider had undergone a background check as a condition of employment, and according to the CEO of Alaska Airlines, he was fully cleared for access to the flight line.

When we think insider threat and risks, our minds go to violence (active shooter) and theft (goods and intellectual property) as the two most common scenarios discussed and mitigated.

Alaska Airlines security personnel may not have factored the theft of their aircraft by an insider as high a risk as an employee clicking on a phishing email.  

Stealing planes is not a new phenomenon; drug traffickers regularly steal private planes to haul their illegal goods. 

Unlike autos, the $32 million Q400 doesn’t have a key to start the engines. It is controlled by switches in the cockpit. Stealing a commercial aircraft is, however, rare.

No doubt, the ease at which this Horizon Air Q400 was commandeered will have aviation security analysts within the Alaska Airlines Group (and beyond) diligently putting together an insider threat mitigation strategy to close this identified vulnerability.


Copyright © 2018 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)