The Public Service and The Insider Threat

The Insider Threat – further confirmation that the Chinese Communist Party (CCP) is actively engaged in subverting foreign political institutions was made public yesterday, while the unethical (at best) behaviour of some of those elected to the UK Parliament was also revealed [1]

In issuing a warning to Members of Parliament via a Security Service Interference Alert (SSIA), MI5 noted that a foreign agent had been caught engaging in ‘political interference activities’ on behalf of the CCP.

The MI5 alert notes that Christine Lee had acted as “…an agent of the Chinese government in the British Parliament”, and that she has “acted covertly” in co-ordination with the United Front Work Department (UFWD) of the Chinese Communist Party (CCP), and is “judged to be involved in political interference activities in the UK” [2].

The Insider Threat Lessons for Australia

The case highlights that, even in the birthplace of parliamentary democracy, the insider threat is real and pervasive. This follows other comparable revelations/attempts at interference, including China’s reported attempt to recruit and fund a Liberal Party member’s run for a Melbourne, Australia parliamentary seat in 2019. The implication apparently was that offering $680,000 would generate influence in governmental business, should he have been elected.

The intended beneficiary, Nick Zhao, was “…found dead in a hotel room in Melbourne in March. Police have not been able to establish how or why he died, and his death has prompted a coroner’s inquiry.” [3]

The Insider Threat Beyond Politics

Setting aside the headline threat that the CCP poses to many countries through its routinely belligerent behaviour (according to established international norms), the threat of cultivating political influence is not the only one linked to insiders, in the Australian context. For example:

• On 28 January 2021, the AFP reported that a subcontractor to Australia’s postal service had been charged with drug offences after allegedly using his position to facilitate the importation of methamphetamine into NSW. It was alleged that the Parramatta man was involved in the drug trade, using his role as a postal subcontractor to access the parcel which he allegedly knew contained narcotics, and remove them during his delivery route. AFP Commander of Investigations Kirsty Schofield said this investigation uncovered an attempt from organised crime to infiltrate Australian businesses. “This was an opportunistic attempt to use a position of insight and access into the mail delivery system, motivated by personal gain and greed” she said. [4]
• On 11 June 2020, the Australian Broadcasting Corporation (ABC) reported that three public servants allegedly used their inside knowledge to influence IT contracts at the Department of Finance and were charged with conspiring to defraud the Commonwealth Government. It was alleged that the three men used their knowledge as public servants within the Department of Finance in Canberra to direct contracts through preferred suppliers, and that they received a financial benefit for their efforts. [5]
• On 17 March 2015, The Australian Securities and Investments Corporation (ASIC) released a statement noting that “Two men were sentenced to jail terms of 7 years and 3 months, and 3 years and 3 months respectively in the Victorian Supreme Court today for their roles in Australia’s largest insider trading scheme, totalling $7 million. The two men were charged in 2014 with insider trading, money laundering and abuse of public office offences”. [6] The AFP and ASIC, working together through the AFP-led Fraud and Anti-Corruption Centre, discovered an employee of the National Australia Bank was receiving sensitive information from an employee of the Australian Bureau of Statistics (ABS). They were then using this information to enter into foreign exchange derivative products and profit from favourable movements in market prices.
• On 5 December 2015, the ABF reported that “Two Customs insiders” were arrested over the biggest drug seizure to date in Australian history, with federal police accusing them of using “their position of trust to circumvent border controls”. AFP Deputy Commissioner Neil Gaughan said at the time “They are trusted insiders within the industry… They used their position of trust to circumvent the border controls that exist within Australia”. [7]
• On 31 July 2015, the Canberra Times reported that “An Australian government official is facing trial for allegedly leaking the contents of a secret intelligence document produced by one of the nation’s spy agencies in 2012”. Michael Scerba was alleged to have improperly disclosed the information in the Defence Intelligence Organisation (DIO) report, although the exact nature of the leak was undisclosed. [8]

Pandemic Induced Effects

Recurring Covid-19-related restrictions, and the longer-term social and economic consequences of the pandemic, may invigorate related grievances. For example, Covid-19 has increased the attraction of people to more extremist positions/ideologies, as documented in numerous publications recently, including those issued by ASIO.

This is not to suggest that grievances at the core of some groups’ raison d’etre do not have merit…and many reflect contempt for some governments and the rank political opportunism that has variously been on display.

But the Commonwealth Government indicates that, while COVID-19 has caused social and economic challenges, it has not greatly changed the threat from terrorism [9]

Separately, a US Transport Security Administration (TSA) Subcommittee on Insider Threat reveals multiple noteworthy factors in the aviation context [10].

Primarily quoting a Dr. Michael Gelles, who is a managing director at Deloitte Consulting LLP and a reported insider threat expert, the paper variously asserts that:

• “Unusual times can provoke unusual responses in people. Prolonged stress may increase anxiety and impulsivity, impair judgment and lead people to become negative and distort their experiences. In times of crisis, individuals can begin to feel desperate, resulting in erratic behaviour, potentially increasing the risk of insider events…
• Three important COVID-19-influenced considerations likely weigh heavily on the aviation workforce: their jobs, their health, and ultimately their future…
• A surge in financial, work scope, or other stressors will likely increase employee dissatisfaction and/or disgruntlement, resulting in increased insider risk…
• While industry and governments continue to mitigate security concerns, potential security vulnerabilities coupled with the prospect of job loss may motivate insiders to take advantage of a strained and potentially vulnerable environment, adjust illegal activity or attack planning, and pull timelines forward.
• Within the aviation sector, it was reported that there may be a heightened risk of bribery, smuggling, trafficking, and other criminal activity that may thrive as workers are facing economic hardship and are more susceptible to recruitment for nefarious activities.”

With some experts predicting that the next pandemic is ‘a probability, not a possibility’ [11], and in view of the cycle of pandemics in the last 20 years, the same factors are likely to arise again within the near to medium-term future.

Of course, many of these factors may not only be precipitated by a pandemic, such as Covid-19. Personal circumstances/life changes can similarly influence an otherwise reliable and trustworthy insider to make irrational decisions that exacerbate risks to any organisation.

Who are insiders?

While definitions vary, prevailing wisdom is that anyone with ‘useful’ information/knowledge about the internal workings of an organisation could be considered an insider, not just employees. Doing so would influence what screening/vetting (incoming and outgoing) processes they should be subjected to.

The Commonwealth Attorney-Generals Department (AGD) certainly continues to take this broader view of the insider threat after more than 10 years of defining it as “the threat posed by unauthorised access, use or disclosure of privileged information, techniques, technology, assets or premises by an individual with legitimate or indirect access, which may cause harm. Trusted insiders are potential, current or former employees or contractors who have legitimate access to information, techniques, technology, assets or premises.” [12]

As a security manager, it would be entirely prudent to take a broader view of the ‘insider’, and in the process remove most consideration around whether they are employed or not. Doing so would then lend itself to taking a graded approach to the threat, rather than one based around employment status. Indeed, and in the process, the term ‘insider’ may well prove less useful.

Security Culture Helps

Established security culture, incorporating practices for effective personnel security vetting, “aftercare” and education, combined with the suite of physical, electronic and procedural countermeasures prescribed in the Australian Government’s Protective Security Policy Framework (PSPF), and related security and intelligence agency guidance, can mitigate the trusted insider risk to acceptable levels.

This requires sustained management attention and a shared commitment to effective security, to avoid security “decay”, which has a corresponding effect on the likelihood of breaches and incidents.

It does, however, remain a truism that, regardless of security hardware, firmware and software, ‘wetware’ is routinely the weakest link. With the exception of natural disaster or industrial accident, security breaches invariably result from persons not doing what they should, or doing what they should not.

Executives and security managers should be alert to changes in the threat environment with implications for trusted insider activity against corporate interests. Within government, granting an individual security clearance is the start of the personnel security process, as exposure arises after the person has unsupervised access to valuable and mission critical assets.

Yours in security risk and resilience,

Konrad Buczynski and Mark Jarratt, CPP

Industry Risk is Australia’s shining light in solutions for security risk and business resilience. We welcome opportunities to assist entities in getting to a security baseline, then acting as guide in more advanced (proactive) endeavours.

Banner image supplied courtesy of BBC News (https://www.bbc.com/news/uk-politics-59984380).

[1] https://www.gbnews.uk/news/alleged-chinese-agent-in-parliament-named-as-christine-lee/204652.

[2] https://www.bbc.com/news/uk-politics-59984380.

[3] https://www.bbc.com/news/world-australia-50541082.

[4] https://www.afp.gov.au/news-media/media-releases/trusted-insider-charged-importing-drugs-through-postal-service.

[5] https://www.abc.net.au/news/2020-06-11/public-servants-charged-with-conspiring-to-defraud-government/12344164.

[6] https://asic.gov.au/about-asic/news-centre/find-a-media-release/2015-releases/15-058mr-two-men-sentenced-in-australia-s-largest-insider-trading-case.

[7] https://www.abc.net.au/news/2019-12-05/melbourne-drugs-customs-agents-charged-over-record-ice-haul/11769088.

[8] https://www.canberratimes.com.au/story/6063520/government-official-allegedly-leaked-contents-of-secret-intelligence-document.

[9] https://www.nationalsecurity.gov.au/Securityandyourcommunity/Pages/National-Terrorism-Threat-Advisory-System.aspx.

[10] https://www.tsa.gov/sites/default/files/insider_threat_subcommittee_white_paper-covid-19-related_risk_considerations_0.pdf.

[11] https://www.abc.net.au/news/science/2020-06-07/a-matter-of-when-not-if-the-next-pandemic-is-around-the-corner/12313372.

[12] https://www.tisn.gov.au/Documents/InsiderThreatBooklet-ManagingTheInsiderThreatToYourBusiness.pdf.