What do a bank, pharmacy, nuclear facility, and the Antwerp World Diamond Centre have in common? In a word, security. They all have something that someone wants: money, drugs, nuclear material, or diamonds.
While designing a security system to keep assets secure from outside threats such as a lone bank robber, is relatively straightforward, a greater challenge is designing a system that also protects against insider threats, such as trusted employees who become disgruntled. Trusted employees often have access to critical assets and knowledge of security procedures, making them formidable adversaries.
An important step to thwarting these would-be criminals is learning how different industries have approached insider threats. To address that in the nuclear industry, experts from across the globe gathered in Brussels, Belgium, in February to participate in an International Symposium on Insider Threat Mitigation. The event was co-hosted by NNSA and the Belgian Federal Agency on Nuclear Control.
The overarching goal was to develop a seamless insider threat strategy for the nuclear industry. Another was to build support for an International Atomic Energy Agency document (Information Circular 908 – Joint Statement on Mitigating Insider Threats), which seeks to build awareness of insider threats and acknowledgement that they pose a nuclear security threat.
Belgium’s Minister for Security and Home Affairs Pieter De Crem and NNSA Administrator Lisa E. Gordon-Hagerty delivered keynote addresses urging participants to lead the way in enhancing their insider mitigation programs.
Minister De Crem noted the seriousness of the topic, saying, “The insider threat is real and pervasive. This threat cannot, and will not go unaddressed.”
NNSA Administrator Gordon-Hagerty reminded attendees that “we work in a field where failure is simply not an acceptable option for the public. … There is no margin to be complacent. Simply put, we must stay ahead of the evolving threat.” She urged the international community to remain “forever united in our vigilance” against the insider threat.
Workshop topics at the symposium included national policies on trustworthiness, technical measures, and nuclear security culture. More than 200 participants from government, law enforcement, industry, and civil society attended.
Going forward, three countries agreed to sponsor regional insider threat mitigation workshops in the next year. In addition, an insider threat working group that formed at the conference will meet at the IAEA’s 2020 International Convention on Nuclear Security.
The event’s proceedings will be posted to insiderthreatmitigation.org.