Ports: Securing from the Inside Out

• Recent years have seen a strengthening of the power and position of the drug industry and illegal activities in Europe. 

• Criminals cannot operate without insider knowledge and legitimate access. 

• A focus on insider threats in ports and insider risk management will have multiple effects: caring for your employees; minimizing the opportunity for insiders; and, when set up correctly with internal ownership and oversight of the problem, connecting the dots in order to act early upon red flags in your organization.

In our profession of insider risk management, sea or airport environments as an industry hardly come up. Similarly when business and government entities in port environments discuss measures against undermining, Subversive Crime infiltration, social engineering or blunt extortion of personnel the subject of insider risk management as a solution seems unknown, thus far. Why? Perhaps because insider risk management predominantly originates from unauthorized disclosures and data leaks in a government setting. Though, in the meantime, it’s widely being implemented in a wide variety of industries. Let’s have a closer look at seaports in Europe – their challenges, the trends and whether insider risk management can provide a solution to the complex issues at hand.

Recent years have seen a strengthening of the power and position of the drug industry and illegal activities in Europe. According to Europol’s most recent Serious and Organised Crime Threat Assessment Report, serious and organised crime has never posed as high a threat to the EU and its citizens as it does today. COVID-19 has made global drug trafficking bigger and smarter. The size of intercepted shipments shows that the amount of drugs carried per shipment has grown. Drug traffickers are using more maritime routes than before, and they even improved their contactless delivery methods to end-consumers. 

EU ports are key locations for incoming, outgoing and transiting shipments of illegal goods. Cocaine, heroin and precursors for synthetic drugs enter the EU through ports in large quantities. Criminal networks have infiltrated transport infrastructure across the EU. The UK’s National Crime Agency (NCA) recently issued an official warning stating that organised crime groups are likely to increase their exploitation of people who work at ports and airports and who have detailed knowledge of controls and processes. Organised crime is big business with expansive logistical networks used to transport people and goods all across the globe illegally.

Legal structures and insiders for organised crime objectives

All types of legal businesses are potentially vulnerable to exploitation by serious and organised crime. About half of all criminal networks set up their own legal business structures or infiltrate businesses at a high level. At the port of Rotterdam, the 10th largest port in the world and the largest port outside East Asia, 385.000 people work in and around the port every single day. It’s Europe’s largest transshipment hub. Criminals cannot do without insider knowledge and legitimate access in order to find that needle in the haystack, evade checks or undo discoveries made during checks. Therefore, any employee working for an organisation active in a port environment and with access to sensitive information and secure areas is a potential target for organised crime.

 “Without access to corrupt port workers and officials, customs agents, police, ship crews and others, it would be impossible. And this is a broader reflection of the cocaine-trafficking world today, which increasingly favors plata – silver – over plomo – lead.” 

The cocaine pipeline to Europe – Global Initiative against transnational organised crime, 2021

The incidents are non-stop. Here are a few examples. This summer, the Dutch police arrested 12 employees of a logistics services company on the suspicion of involvement with the smuggling of cocaine. A better known incident was customs officer Gerrit G., who was sentenced in 2019 to 14 years imprisonment for letting cargo containers filled with cocaine pass through inspection. Earlier this year, two security guards from a large private security firm were arrested for leaking sensitive information to criminal groups and sabotaging the inspection of containers with cocaine. What is striking about this particular case is that the son of one of these guards started his education to become a customs officer in 2019. He too was arrested on the suspicion of corruption. Intercepted communication between the father and his son shows that he was well aware of his father’s illegal activities.

Recruitment of port employees

Drug traffickers employ a range of modus operandi to gain an advantage, most importantly the recruitment and use of insiders for their purposes. As mentioned earlier, it is even essential in order to do their job. There are several ways in which access is achieved:

• Infiltration by putting the right people in the right positions through a legitimate application for a  job (think of the son of the security guard earlier).

• Recruitment of employees through ‘social engineering’- the slow manipulation of people into performing actions for their benefit. At first it might not even be clear you are doing anything illegal. You’re just doing someone a favor and you might get some badly needed money for it, but this can go beyond a point of no return and you’re fully involved in organized criminal activities.

• (Violent) coercion of employees. Finding out who is in a crucial or relevant position and pressurizing the employee (and his or her family) into supporting the drug trade. The use of violence by criminals involved in serious and organised crime in the EU has been increasing in terms of the frequency of use and its severity according to Europol. 

N.B. Don’t forget that the more employees that are corrupt, the more their morals become the norm and the harder it becomes for individual employees to refuse involvement in a scheme. 

Insider risk management to combat organized crime 

Both authorities and organizations are more focused on response mechanisms than prevention. This is common for most organisations across all industries. However, prevention is much less costly and safeguards your workforce as well. The key to prevention and early detection in insider risk management is the development of a professional, safe and secure workforce. Such an approach takes into account a deep understanding of how employees can become threats, and aligns early warning signals and associated triggers to a series of mitigation measures. There are in depth studies that can provide lessons to this effect and should be incorporated into insider risk programmes. It is impossible to reduce the risk to zero, hence there will always be a need for ‘response’ and ‘recover’ mitigation measures as well. Understanding and learning from incidents are very useful for continually improving preventative measures.

Our eight recommended mitigation measures address people, processes and technology, and should be assessed along with the current state of an insider risk programme. Think of identity and access management, setting up the right insider risk governance structure, pre- and in-employment screening, professional case management capabilities and communication and training of your personnel to detect and act on concerning behaviours as a few examples of such a programme.

There are a couple of cornerstones in insider risk in ports that are particularly relevant in this context:

• The holistic approach provides an overarching overview of all relevant technical measures, processes and personnel related measures that ought to be in place to minimize insider risk. It requires departments to work together on all phases of identification, prevention, detection, response and recovery.

• Insider risk management focuses on the measures that have to be taken to minimise the possibility of trusted insiders conducting illicit activities. There is no other framework focusing on such actors. Most often (IT and physical) security measures focus on external actors, not on your own employees, and are now outdated as the preferred criminal route is through insiders.

• A focus on insiders will have multiple effects:

  • Caring for your employees, making sure you are there for them when they have been put under pressure. It’s as much combating organised crime as it is a duty of care for your employees.

  • Minimizing the opportunity for malicious insider acts (e.g. because your activities are being monitored) as detection (and intervention) will be more immediate. 

  • When set up correctly, internal ownership and oversight of the problem or subject will help you act early upon red flags by connecting the dots of information from your technical measures, HR, leadership, and employees.

“If a customs officer makes a mistake, it has consequences for the atmosphere in the workplace. It has an impact on your personal life. It does something to you when a colleague with whom you have worked for years turns out to be corrupt and is arrested. You work on the basis of trust.”

Ger Scheringa- Dutch Customs (translated from Dutch)

The above quote highlights again the importance of prevention or at least early detection. An insider risk project requires long-term effort and needs to be phased. Quick fixes won’t resolve matters, but they will get you started. It is imperative, however, that an organization start with a risk assessment, and then create a strategy and road map to build a professional insider risk programme.

Secure your organization from the inside out, not just the outside in. What have you done so far to do so? Please contact us on info@signpostsix.com if you would like to learn more about insider risk in ports and insider risk management in support of your organization.