U.S. Border Security: Mitigating the Insider Threat

The Unites States has a 7,000-mile border with 300 points of entry — by air, sea and land — where many thousands of government employees work to protect national security and public safety. But cases of insider activity posing a threat to border security have gone up from 250 in 2006 to over 750 in 2010, according to the Office of the Inspector General. The increasingly virtual and globally connected way agencies conduct business today has resulted in new threats that must be proactively managed.

Tune into this episode of Deloitte Insights to learn more about insider threat and what steps organizations can take to mitigate it.

Guests:

Mike Gelles, Director, Deloitte Consulting LLP

Linda Solomon, Director, Deloitte Consulting LLP

Transcript: 

Sean O’Grady, Host, Deloitte Insights: On this program, we are talking about U.S. Border Security and the potential insider threat posed by government employees. We are joined by two guests today in the studio to discuss this topic and they are Linda Solomon, a Principal in Deloitte Consulting and the leader of Deloitte’s Homeland Security Segment. We also have Mike Gelles, a Director in Deloitte Consulting and the former Chief Psychologist of Naval Criminal Investigative Service. He works with Linda in Deloitte’s Homeland Security Segment. Thanks to you both for joining us here today. I would like to begin by better understanding the concern. Mike can you describe what the insider threat is along the border.

Mike Gelles: Sure Sean, let us start out first by defining the insider threat. What is an insider threat? I mean that is an individual who is an employee of the government, who works along the border, who has access to information, has access to materials, and has access to information systems. As a result of a particular crisis, in most cases, the individual subsequently uses the information materials or systems available to them to exploit the security at the border. So that is the insider threat along the border. In terms of the border, let us talk about some of the challenges here. We have a 7000-mile border with 300 ports of entry, air, sea, and land where we have many thousands of employees who are protecting national security and public safety. We do know, from a 2010, Department of Homeland Security briefing to the Senate, that we have at least great insight into the drug cartels, the Mexican drug cartels, who can facilitate weapons, facilitate human smuggling, and facilitate the passage of drugs across the border. We also know that since 2006, where we had about 250 cases according to the U.S. Inspector General at the border in terms of insider activity, we now have over 750 in 2010, a real concern.

Linda Solomon: And just to build on what Mike is saying Sean, we really have at the border a nexus. A nexus between smugglers, traffickers, the drug cartels, and the 20,000 government employees who work alongside the border each and every day and the drug cartels know that they can entice one of those employees occasionally to take the bait. Now they have got the financial resources to offer up to that disgruntled employee, to the employee that may be burdened with some kind of financial obligation, so that nexus has created a real threat to our country quite frankly.

Sean: So Linda what happens if this threat becomes a reality. How does that affect an agency’s business?

Linda Solomon: Yeah, agency organizations are significantly impacted. The threat is really, really enormous. We find that a single threat can actually evolve and expand way beyond the initial intent. So for example, an employee who may have engaged in corruption may in fact be caught and ultimately convicted by law enforcement in this country; however, the documents that that employee may have stolen and sold for a bribes as high as $50,000. Those documents may have contained for example law enforcement sensitive maps that basically describe every border patroller in this country for both the southern and the northern borders. The documents may contain lists of sensors that are alongside the border that the country has invested billions of dollars to get out there, to help protect our borders, and all of a sudden, those documents are in the hands of drug cartels and guess what, you then have kind of the next chapter of the story, which is the drug cartels may in fact engage in some type of transaction with the terrorist group or terrorist cell. So, all of a sudden, you can see the evolution here and with each and every chapter, the threats expand, potentially exponentially.

Mike Gelles: I think we continue to see an increase, as I mentioned in the numbers of incidents at the border over the years and that has to be concerning. The consequence also from the standpoint of national security and public safety is confidence. It is the loss of proprietary information. It is the loss of scientific and technology solutions. It is the transfer of weapons and other potentially dangerous materials that come into the United States that can be further be exploited in other means and measures.

Sean: Now we have been talking about employees along the border but just because you work on the border does not mean you have to work on the border. You could be working remotely with people all over the world. How does that factor into this threat, Mike?

Mike Gelles: Well, here clearly, business now is conducting in a very global and virtual manner. Individuals today now manage information in a way that we never had before. There are no more paper documents. Data is mobile. Databases are easily accessed through web applications. Web applications lead to greater proliferation globally. We are talking about people, I think which you are mentioning, along the lines of mortal working and working more remotely, where they have less restrictions. So information that might otherwise impact what goes on at the border is more readily accessed and more readily exploited and that information in many cases wittingly exploited by an insider who has access or works along the border or is providing security at the border to other individuals who may be unwittingly exploited by family, by friends, by other associates who know they have information and they may simply be looking to be helpful, to be polite, to validate some value for themselves in a family friendship and provide information that is readily exploited with the subsequent consequences of the security at the border.

Sean: Linda?

Linda Solomon: Yeah, I will just add that we are seeing a trend towards more employees telecommuting and while you have certainly a large group of employees who are physically based alongside our borders, both northern and southern borders; in fact, we do see a lot of employees who are engaged in protecting our nations, protecting our borders, who have jobs that can be performed remotely and with telecommuting you deal with all sorts of access, access to networks, access to lots of different types of information, and as systems are more integrated and connected, the list of systems that employees have access to tends to grow. And so, I think it really comes down to our reliance on people who are knowledgeable about the right and wrong things to do and making sure that you are in fact hiring people to the best of your ability and all sorts of methods and techniques that are being used now to screen potential candidates to make sure that you are getting the right people and then training them and setting the standards.

Sean: So, to time this all up for the audience, what do we think an organization or an agency should be doing right now to avoid this potential border threat? Linda?

Linda Solomon: Sean, organizations and federal agencies have to do a couple of things. First and foremost, they have to identify preventative front and measures. So a couple of minutes ago we talked about screening employees before they are hired, making sure that they have the right profiles of individuals that should be placed in jobs that have access to secure information. The other thing that organizations need to do in particular is to use a risk-based approach and by that I mean they need to do an assessment of where they believe the greatest risk actually exist and allocate resources and invest in securing those areas, putting the right controls in place, using technology to perform analytics to identify trends and patterns in terms of accessed information, usage of information, looking at the habits of employees who are physically located on the border; when they are working in certain areas of the border, there are a lot of great geospatial technologies that can help assist companies in monitoring activities and looking for anomalies.

Sean: And Mike, your final thoughts?

Mike Gelles: So, I think we are really emphasizing the tools that are available with technology. This is where securing the border is built upon bringing technology and the focus on people together. So organizations need to be more proactive. They need to be able to look beyond the fact that this is just a low frequency event because of the impact that it can have in terms of national security and public safety. What can organizations do? Clearly, we have talked about what the insider at the border essentially can pose as a threat to our national security. Leveraging human resources, much as Linda is talking about, how do we recruit, how do we vet, how do we onboard, how do we then think about the threat across the border, where people are working, using predictive analytics, and evaluating the workforce, the risk across the enterprise, if you will the risk across an organization and where people are placed, and where the highest risks are, and evaluating based on the types of cases we have seen, the insider threat, the corruption cases, and the cases that essentially have led to exploited assets, clearly, as we discussed before we have to be attentive to the notion that information is now readily available, a new generation of a workforce, that uses information 24x7 has to be attended to. Organizations have to pay attention to going forward with this new demographic and lastly, I think, organizations need to look at how they develop awareness and training on a routine basis. How do you develop a workforce as a sensor, much like we use the community? Anywhere you travel, did someone leave a bag, what do you see that is an anomaly in the community that you might want to notify homeland security, the police. What do you notice along the border? What does the workforce notice that makes them a collective sensor? These are things that I think clearly organizations need to do and begin to really assess what their current state is and how they are managing the insider threat.

Sean: Well coming back to people at the end. We have been talking security Mike Gelles, a Director in Deloitte Consulting and the former Chief Psychologist of Naval Criminal Investigative Service. We have also been listening to Linda Solomon, a Principal in Deloitte Consulting and the leader of Deloitte’s Homeland Security Segment. If you would like to learn more about Mike, Linda, or any of the topics we discussed in this broadcast, you could find them and many more on our website, it is www.deloitte.com/us/podcasts.

For all the good folks at Deloitte Insights, I’m Sean O’Grady – we’ll see you next time.