The TSA’s Insider Threat program has numerous features to guard against such a threat, including from among its own workforce, but the program lacks a central strategy and metrics to measure its success, GAO has said.
“TSA has consistently identified the vulnerability of the aviation system to the insider threat among its highest enterprise-level risks,” a report said. “Recent incidents where aviation workers stole or damaged an aircraft or smuggled illegal drugs, firearms, and cash have highlighted this threat . . . Insider threats may arise from a malicious intent to cause harm, or may arise from workers assuming a negligent or ignorant approach to security procedures and potential risks.”
For the TSA’s own employees, efforts include pre-employment screening such as checking whether the applicant has previously applied for employment with the Department of Homeland Security and checking the applicant’s credit history. Airports and air carriers also are increasingly conducting more rigorous background checks and randomized worker screenings, while many airports are using sophisticated controls access control techniques such as fingerprint readers, it said.
However, the GAO said that the program’s strategic plan has not been updated “due to turnover of key senior leadership positions” and that while the agency is working on one, the schedule is uncertain. TSA further has not defined performance goals with targets and timeframes to assess progress, it said, and without such a strategy and goals, “it is difficult for TSA to determine if its approach is working and progress is being made toward deterring, detecting and mitigating insider threats to the aviation sector,” it said.
It said that management agreed with its recommendations.