60 Seconds with… John Taylor, Founder and CEO of JTip
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Posted: 26 January 2016 | International Airport Review | No comments yet
John Taylor, Founder and CEO of JTip, discusses what he believes to be the key threats to aviation security…
What do you consider as the key threats to the security of the aviation industry in 2016?
Terrorists, extremists and people with evil intent have attacked airlines, hotels used by crew and airports. Many innocent people have died. Hostile cyber-attacks are an almost daily occurrence. Criminals regularly try to steal passenger and corporate data for financial advantage. The industry has become more reliant on technology-based systems and therefore the prospect for disruption to operations from a cyber-attack has risen. We have seen a long-standing threat – the ‘insider’ – come to the fore, with hostile actors – both criminal and extremist – exploiting employees to sabotage security procedures. With the aviation sector continuing to grow, three core areas – geopolitics, cyber and the insider – will continue to constitute the biggest threats to aviation security and business continuity in the year ahead.
How do you define the ‘insider’ threat, and why is it relevant to the aviation sector?
Employees can negatively affect aviation security for three reasons: because they don’t know the rules, because they mistake or ignore them, or because they deliberately break them. The first two can be managed through effective communications, training, and good management. The third category represents the insider threat. The key question here is why employees deliberately act against their organisation. Some individuals join the organisations with the intent to commit damage. They are malicious and devious. The aviation industry knows this and thoroughly vets employees before joining. However, not all insider threat comes from ‘bad apples’. Often employees become disenchanted and angry over time. These individuals are not alone either; our research shows that disenchanted employees are often grouped together in the same section or department. ‘Insiders’ come from these disenchanted groups. The fact that they are in the same section is no coincidence. The reason is nearly always the result of poor management.
We have been researching this topic alongside UCL’s Psychology department for more than 15 years and have developed a tool that measures the extent and causes of employee disenchantment. Knowing the causes for disenchantment is vital in knowing how to manage and reduce insider threat risks.
Suggestions that the Metrojet crash in Egypt was enabled via the exploitation of an employee at Sharm el-Sheikh airport have shifted focus on to whether we can detect employees becoming radicalised. Academic research has discovered that the process of extremism is a linear progression. It is a staircase, where specific factors influence whether the individual will take the next, increasingly more extreme, step towards radicalisation. Moreover, while the final steps of radicalisation may go unnoticed in the workplace, the initial steps can be detected. We are developing a tool to help reduce this risk.
What can the sector do to manage the threats it faces?
Encouragingly, aviation authorities, regional bodies, international airlines and crime prevention agencies are increasingly cooperating and sharing information, which is vital to understanding and mitigating many of these cross-border threats. However, levels of cooperation fluctuate and progress will be slow. Companies – whether they be aircraft manufacturers, airlines or airport operators – can all take measures to manage their exposure to some of the threats mentioned earlier.
Companies should ensure their staff are properly briefed both at induction and throughout their careers about the cyber threat. They should also ensure they have adequate and effective defences from cyber attack
Vetting employees before they enter is important, but not the whole solution. An employee can become an insider when subjected to poor management. The aviation sector needs to understand what disenchants employees and drives them to damage their organisation. We have tools to help identify the potentially damaging employee and existing pockets of disenchantment.
It is also critical that companies stay abreast of fast changing situations, not just those linked to conflict and terrorism but also those from environmental events, industrial action, criminal trends or changing regulatory obligations on operators. To help airlines monitor trends and prepare for changing geopolitical events, we provide free daily updates and country risk assessments, via our online geopolitical Risk Portal (https://riskportal.pgitl.com).
Biography
John Taylor is the founder and CEO of JTiP. JTiP provides high quality training to British and overseas governments to improve the capabilities of intelligence and security agencies and contribute to better national security policy. JTiP is part of PGI, a global risk management consultancy that specialises in cybersecurity, open-source intelligence and human behavioural analysis.