The World Institute for Nuclear Security (WINS) and the Federal Authority for Nuclear Regulation (FANR) held a joint workshop on Understanding and Mitigating the Insider Threat on 16th – 18th December 2018 in Abu Dhabi, UAE.
Nuclear operators seek to employ personnel who can be trusted with sensitive information, critical technology, and hazardous nuclear and radioactive materials. This requires employees who are honest, dependable and mentally and physically stable. Social backgrounds and external influences, as well as a host of other influential factors, can create undue levels of vulnerability, altering a person’s dependability, moral character, motivations and allegiances. History has repeatedly shown how such changes have catalysed insider threats and weaknesses in nuclear safety and security, sometimes leading to serious consequences.
Past incidents have clearly demonstrated that insiders can take advantage of their access rights and knowledge of a certain facility, as well as their authority over staff, to bypass dedicated security measures. They can also threaten cyber security, safety measures, and material control and accountancy (MC&A). Insiders are likely to have the time to plan their actions; in addition, they may work with others who share their objectives. Employees may sometimes also cause harm unintentionally, particularly in the cyber realm.
As a concerned professional, you understand that no matter how serious the threat from outsiders may be, it can be leveraged or multiplied through the help of one or more insiders. This International Best Practice Workshop focused on the measures to prevent, detect and respond to insider actions, and drew on best practices from the nuclear industry and other sensitive and high value sectors.
The workshop examined the latest and most effective methods to assess and manage insider threats. It reviewed programmes and tools developed to ensure the reliability of personnel accessing critical areas or information. It also explored the role of different stakeholders involved in the identification and mitigation and assessed their current contribution to insider mitigation.
The workshop built on the discussions held during previous international events run by WINS. It was conducted in English and drew only on unclassified information. The fully facilitated event included presentations, plenary and breakout sessions, and case studies to provide for maximum participation and involvement of all participants.
The key objectives of the workshop were:
- To discuss how the insider threat landscape has evolved in the last few years;
- To review the process for identifying the motivation, intention and capabilities of insiders and to discuss real life examples and applicable case studies;
- To review the key components of insider mitigation programmes, with a focus on human reliability and employee satisfaction programmes;
- To review existing tools and technologies developed for mitigating the insider risk;
- To identify methodologies and metrics for measuring the performance of the insider mitigation programme and to share practices for reporting it to Senior Management levels;
- To discuss the nexus between cyber security and the insider threat
- To highlight the importance of involving all departments of an organisation in identifying and responding to all credible threats;
- To learn from other sectors and to provide participants with the opportunity to network and share experiences and best practices utilised across the nuclear and other industries.
The workshop also provided an opportunity for participants to learn more about the WINS publications dealing with insider threat mitigation and human reliability.