Cincinnati/Northern Kentucky International Airport. Partnership for Nuclear Security Insider Threat Summit September, 2015

Transcription

1 Cincinnati/Northern Kentucky International Airport Partnership for Nuclear Security Insider Threat Summit September, 2015

2 Cincinnati USA Story 2 28 th largest metropolitan area in the USA with 2.1M population Global business center with 9 fortune 500 headquarters and 14 fortune 1000 headquarters Site Selection ranked the region 6 th in the US for business expansion and new facilities 2 nd lowest business operating costs in the United States Labor force of 1.5 Million people within 50 miles of CVG Corporate diversity with 450+ foreignowned firms employing over 40,000 people

3 Cincinnati/Northern Kentucky has a healthy and diverse economy with more Fortune 500 companies per million residents than New York, Chicago or Los Angeles Aerospace Automotive Chemistry & Plastics Financial Services Advanced Energy Consumer Products Information Technology Life Sciences 3

4 Strategic Geographical Location CVG: 2014 Statistics Total Passengers 5.9 million Total Flights 133, % of the Nations Population 53% of the Nations Purchasing Power 52% of the Nations Manufacturing Establishments

5 CVG Airport Infrastructure Single passenger terminal Two Active Concourses Automated Guideway Transit All Contact Gates (no ramp boarding) Room for expansion Four Runways: 3NS/1EW 18R/36L: 8,000 Feet 18C/36C: 11,000 Feet 18L/36R: 10,000 Feet 9/27: 12,000 Feet 133,000 Annual Aircraft Movements 9th Largest North American Cargo Airport Approximately 7,500 acres of airport property 5

6 DHL Hub at CVG Global super hub for DHL; employs nearly 2,400 at CVG Processes 2.6 million cargo pieces a month and sorts 92% of all US delivery shipments as well as all Canadian, Mexican, and Latin American shipments at CVG Connects over 100 service centers and international gateways in DHL s International network in the U.S. 6

7 Operating with Excellence #1 Best Regional Airport In North America * 5 Years in a Row! #2 Best Airport in North America * #4 World s Best Airports Serving 5-10 M passengers * #4 World s Best Domestic Airports * SAFETY ACT Certification Ranked # 1 as America s Safest Airport 7 * = SKYTRAX 2015

8 Insider Threat at World s Busiest Airport Atlanta December, 2014 a man carrying a backpack containing 16 firearms with ammunition flew aboard a Delta Air Lines passenger jet to Kennedy International Airport in New York from Hartsfield- Jackson Atlanta. Six people have been arrested as part of a ring smuggling guns and ammunition on planes from Atlanta to New York, in an investigation that revealed a "devastating breach of security," 8

9 Atlanta Airport Response to Insider Threat Incident: Full (100%) Employee Screening at Airport Portals 96.1 million passengers in million square foot terminal complex 63,000 Employees 9

10 U.S. Airport Industry Response to Atlanta Incident: Formation of Aviation Security Advisory Committee (ASAC) Working Group Committee formed January 8, Member Working Group comprised of airport operators, airline and cargo carriers, airport industry trade associations, Transportation Security Administration and Homeland Security and Analysis Institute representatives Report issued April 8, areas analyzed, with recommendations in each area 10

11 ASAC Areas of Analysis Five Areas of Focus: Security Screening and Inspection Vetting of Employees and Security Threat Assessment Internal Controls and Auditing of Airport-Issued Credentials Risk-Based Security for Higher Risk Populations and Intelligence Security Awareness and Vigilance 11

12 ASAC Report Key Findings: Security is a complex issue that requires multiple responses No single measure can provide broad-spectrum protection against risks or adversaries. Therefore, risk-based, multi-layered security offers the greatest ability to mitigate risks through the application of flexible and unpredictable measures to protect commercial aviation. 12

13 1. Security Screening and Inspection Recommendations: Random and unpredictable security measures are most effective means to enhance employee security TSA and DHS should utilize roving security officers, behavior detection officers and security inspections to conduct random and unpredictable employee screening and inspection Airport and aircraft operators should post signage at all portals to alert employees that they are subject to random screening/inspection 13

14 2. Vetting of Employees and Security Threat Assessment Background checks (required since 1985) are not enough: Use FBI Rap Back Service- immediate notification of criminal activity Update and review list of disqualifying employee offenses Provide airport operators with enhanced training on identification documents, identity fraud and behavioral analysis TSA should maintain national database of employees who have had badges revoked for cause TSA Security Threat Assessment should be enhanced to run foreign born employees against international databases. 14

15 3. Internal Controls and Auditing of Airport Issued Credentials TSA and airport operators should enhance auditing program requirements for airport issued identification media Establish biometric standards to enhance identity and badge verification Fine/penalize for failure to immediately report lost, stolen or unaccountable badges Restrict access privileges and/or reduce access points Enhance and expand CCTV and other measures to monitor employees 15

16 4. Risk Based Security (RBS) for Higher Risk Populations and Intelligence RBS requires continuous reevaluation due to changing vulnerabilities, better understanding of risks and new technologies Develop risk matrices for various employee groups using RBS principles Use social media to track and assess emerging threats TSA and airport operators should partner to conduct an Airport Risk Evaluation and provide all risk vulnerability assessments to appropriate parties TSA should analyze insider threat cases to create a model of predictive risk factors TSA, FBI and CBP should partner with airport operators on enhanced training and information on insider threat activity and suspicious indicators 16

17 5. Security Awareness and Vigilance TSA and DHS should consistently brief airport operators on results of security assessments Airport operators should develop and implement employee engagement/recognition programs for security TSA and airport operators should promote existing national anti-terrorism reward/employee engagement programs to increase security awareness and reporting of suspicious activity Establish anonymous tip line to receive employee security concerns 17

18 Insider Threat Considerations at CVG CVG is only airport in the United States to receive SAFETY Act certification and designation Support Anti-terrorism by Fostering Effective Technologies Act of 2002 or the SAFETY Act. The SAFETY Act provides important legal liability protections for providers of Qualified Anti-Terrorism Technologies - whether they are products or services In short, CVG meets or exceeds all Department of Homeland Security requirements through deployment of technology and human resources 18

19 Insider Threat Considerations at CVG Utilize best practice, multi-layered, risk based approach- Infrastructure Design new facilities with security standards (current and proposed) in mind Reduce access points for both passengers and employees Limit employee access based on job functions Limit access via badging credentials Establish and monitor secure perimeter Change locks and security codes on frequent but unpredictable basis Utilize CCTV and other visual surveillance technology throughout facility 19

20 Insider Threat Considerations at CVG Utilize best practice, multi-layered, risk based approach- Human Factors Utilize background screening for all employees Employ and empower Airport Security Coordinator Train all airport employees on aviation security considerations and insider threat potential require annual recurrent training Monitor social media and communication of employees on a random basis Post watch tips in breakrooms and in concourses Utilize anonymous hotline to report concerns Reward employees for proactive behavior 20

21 Insider Threat Considerations at CVG Utilize best practice, multi-layered, risk based approach- Coordination with Security Agencies and Stakeholders Conduct regularly scheduled and ongoing meetings with all stakeholders to discuss security Work cooperatively with TSA and DHS taskforces stationed at CVG Act on recommendations following TSA and DHS assessments (funding always a consideration) 21

22 Summary--Recommendations Safety and security must be primary considerations Promotion of security awareness and vigilance must be led by the top but practiced actively throughout company No single measure can provide broad protection against risks and adversaries. Security measures must be multi-layered and unpredictable to protect against those who would cause harm 22

23 Thank You! Questions?