The Transportation Security Administration (TSA) has released a roadmap to deter and combat potential threats from insiders across the nation’s transportation systems that emphasizes data-driven decision making to detect threats, stakeholder collaboration to deter threats, and best practices and technology innovation to mitigate threats.

The TSA Insider Threat Roadmap 2020 “defines the common vision” for the transportation sector and outlines the need to work with all stakeholders, TSA Administrator David Pekoske said in a message included in the roadmap.

“Together with our interagency partners and industry stakeholders, we will maximize innovation and technology to mitigate insider threats,” Pekoske said in a statement last Thursday announcing release of the roadmap. “In addition to addressing key operational needs, implementing the Roadmap will also enhance our position as a global leader in transportation security and advance transportation security standards worldwide.”

A threat assessment included in the 18-page document says that for the most part in the U.S., sabotage, theft and smuggling have been the primary insider threats. However, it also mentions the 2016 arrest of a transit authority police officer in a U.S. city for providing support to the Islamic State although no link to a planned attack was discovered.

“These incidents, and other similar cases, highlight tactics, techniques, and procedures employed by the drugs or arms smuggling insiders—exploiting insider access to bypass security measures—that could be replicated by terrorist insiders,” the assessment says.

The assessment highlights several international incidents with potential links to terrorism including the downing of a passenger jet in 2015 over the Sinai Peninsula using a suspected bomb, an explosion aboard a passenger aircraft traveling from Somalia in 2016, and the arrest in 2019 by Philippine authorities of a Kenyan national who was training to become an pilot and was alleged to be a member of Al-Qaeda.

The current operating environment of the transportation systems sector is defined by continued growth and increasing complexity, which serves to expand the number of potential threat actors, and technology change, which increases the threat vectors to the sector, the roadmap says.

The sector is also a shared environment with multiple agencies and operators involved with overlapping authorities, making cooperation and collaboration critical to a layered approach to security.

The first strategic priority in the roadmap is the need for data-driven decision making and includes inventorying critical assets and functions essential to operations and national security. It also calls for creating insider threat risk indicators fusing data from multiple sources as part of this data-driven approach.

The second priority, which is to advance operational capability, calls for a joint approach to insider threat mitigation and the establishment of an Insider Threat Mitigation Hub to fuse data about potential threats from disparate information sources.

Operational capability also includes a “collective security culture and mindset where insiders are responsible for their actions and those of their colleagues” and where capabilities and technologies are used as part of best practices to mitigate threats, the roadmap says.

The third priority, which is to mature the capability of the transportation systems sector, calls for developing a threat maturity framework to keep up with the shifting threat landscape and the pursuit of technologies to “augment detection and mitigation capabilities,” the roadmap says. It adds that the agency will incentivize the private sector to acquire improved technology.

Mature insider threat mitigation capabilities also include driving best practices throughout the supply chain and minimizing consequences of incidents through coordinated responses, the roadmap said.