Aviation industry takes steps to mitigate insider threats

Every industrial sector is required to address the insider threat, and all hope they never have to face the reality. The aviation industry is not immune, and it has been facing the reality of insiders going sideways for several years.

The Public-Private analytic exchange program commissioned their Aviation Insider Threat Team 2017 to determine what they know and what is recommended.

Insider threats in the aviation industry

2017 — PenAir

Recently we saw a retired reservations agent for PenAir (Alaska) decide pre-retirement to provide herself with the means to return to the Penn Air reservation system clandestinely. Whether Suzette Kugler was “retired” or retired voluntarily is not known. According to the court documents, what is known is she set up a fake employee account that she used to sabotage PenAir’s ticketing and station management network database services.

Over the course of two months, she deleted employee accounts, made seating charts disappear, deleted station information for eight airports, and disrupted the airline’s critical infrastructure.

The fake employee account was eventually linked to the activities, and the VPN connecting the “user” to the PenAir network showed that the individual was located in Desert Hot Springs, California. Kuglar’s California residence was searched, and two laptops were obtained. The VPN logs on the laptops showed sessions that correlated with the nefarious activities on the PenAir network. Kugler has pleaded guilty and is awaiting sentencing.

Insider threat, realized.

2016 — United Airlines

We have all read of the flight attendant who make dramatic exits from their career. In 2016, a United Airlines flight attendant deployed the emergency chute in Houston and walked away.

Insider threat, realized.

2010 — JetBlue

In 2010, a JetBlue flight attendant in New York grabbed the inflight communications microphone, let loose with a slew of invectives, grabbed a beer and went down the chute. He got up, walked away, made his way to the employee parking lot and drove home. He was subsequently arrested.

Insider threat, realized.

2014 — Air Traffic Control

Then in 2014, a telecommunications field technician sabotaged the air traffic control system in Chicago. This event was labeled the “worst sabotage” in the history of U.S. air traffic control system. The tech set fire in the communications room — the net result, thousands of flights were cancelled across the U.S. that day. Of the 29 racks of computers driving the communications equipment, 20 were destroyed by fire and water damage. It took weeks for the damaged equipment to be fully replaced.  

What was the motive? The field tech was angry with the U.S. He went to the facility, to which he had insider access and set the fire and then attempted suicide. He was found by paramedics with cuts on his arms and attempting to slit his own throat.

Insider threat, realized.

Aviation industry insider threat study and recommendations 

In 2017, a survey of 160 individuals, representing 16 segments of the aviation industry, for the report, “Aviation Insider Threat: What We Know, Our Findings, and What We Recommend” (pdf). The study revealed that 54 percent of organizations have an insider threat training program specific to the aviation industry. That means, 46 percent aren’t training to thwart the insider threat.

Three recommendations in the report:

• Evolve one definition for industry, public and private on what constitutes an insider threat and an information sharing platform.
• Develop a social media strategy, training to sensitize the workforce not to post info about the specifics of their job/duties or how they “feel” about their co-workers.
• Develop an insider threat poster (example can be found in the report).

The aviation industry is taking the bull by the proverbial horns. What’s your industry or company doing to manage your insider threat risk?