News Article

The inevitable emergence of the cyber-physical insider threats

One might say it was only a matter of time: We have been digitising our physical world, blurring the lines between physical and cyber-spaces. Cyber-incidents can now have direct impact on physical assets and processes, and vice versa. New categories of insider threats have emerged, including expert insiders (personnel that are fully aware of security systems and processes), zero-day insiders (new staff with little to no background information), needle in the haystack and slow-poison threats; all of which are impossible to detect without deep data analytics and a cyber-physical approach to security.

Traditional airside crime will mostly rely on corrupted employees with airside access. The new starting point for mitigating this risk is an IT-physical system integrated approach to the identity access lifecycle. IMCS with built-in background-check services such as DACS, STA, CHRC and Rap Back, as well as real-time training and certification validation through LMS integration, can significantly reduce vulnerability and risk during airport staff selection and accreditation processes.

In February 2018, it was reported that a temporary security pass allowed a former terror suspect with a string of convictions, to gain access to the runway and baggage-handling areas at Heathrow Airport. An IMCS with integrated and automated background checks would have shown that the terror suspect had served five years in prison since 2003.

Blended cyber-physical risks require a converged approach and a holistic view of security to better defend against attacks. It is critical to have a centralised view of complex threats, events and incidents across cyber, physical and operational domains. By consolidating cyber, human and asset intelligence, airports can correlate threats and empower security operations centre personnel to make informed decisions and take appropriate action.

Looking forward, the future of insider threat protection is AI. AI-powered identity intelligence technology is dramatically reducing the time and cost needed for detecting and resolving risk by automating threat protection. Advanced machine learning capabilities can now automatically baseline identity profiles, allowing it to quickly sort through millions of events to detect behaviour anomalies and trends for an effective airport SOC response to potential malicious behaviour and policy violations.