Category: Maritime

New drugs, routes and tricks spur operators and vendors toward smarter, faster, safer devices.

Air, ground, maritime and rail operators as well as enforcement officials face rapid changes in drug smugglers’ tactics, while detection vendors that support them are refining technology — including artificial intelligence (AI) — for products to help foil the crooks.

Tougher enforcement efforts around the world, greater supplies and higher prices have spurred smugglers to decentralize their organizations, outsource methods and diversify routes for moving narcotics, such as “designing” more potent drugs that can be shipped in smaller, less detectable parcels.

“The traditional smuggling routes and methods have not changed significantly,” said Jeff Sweetin, a retired U.S. Drug Enforcement Administration (DEA) special agent and counter-narcotics consultant for Thermo Fisher Scientific. However, he and his colleagues have seen “several methods of countering added border enforcement. While these trends have not yet amounted to a complete shift in cartel tactics, enforcement personnel are reporting them more frequently.”

Thermo Fisher in May unveiled the TruNarc Delta and Tau upgrades of its handheld narcotics analyzer, which uses Raman spectroscopy for rapid, non-contact identification of more than 1,200 substances. The Delta is aimed at U.S. customers, the Tau for others worldwide.

Vendors look to build on their portfolios of proven spectroscopic- and radiation-based detectors by increasing the speed, range and adaptability of results for field investigators, in part with AI-based tools. For instance, they are linking detector results with cloud-computing libraries of spectroscopic signatures that can detect specific drug ingredients from tens of thousands of possibilities within seconds and can learn new signatures without the need to add them manually.

Smugglers’ New Tactics Vary

Many have foregone top-to-bottom supply chain control and outsourced shipping phases, processing stages and money-laundering. Police have seized single bulk shipments that contained drugs labelled for competing gangs and destined for a multitude of customers — an Amazon-like model for saving money and speeding delivery. Cryptocurrency is replacing cash to evade scrutiny as payments change hands.

More roundabout routes are adopted — say by ship from Latin America to West Africa on to Scandinavia and Russia, then by truck to inland points — to break patterns that make police suspicious. Some smugglers have moved upstream products like coca paste from Latin American cocaine labs to final processing closer to consumers in Europe and fentanyl powder to pill pressers in the U.S. Others are experimenting with liquifying drugs to hide them in fuel tanks, seat cushions and insulation, Sweetin said. Smugglers are hiding drugs in auto batteries and masking them with chemicals to throw off detectors.

Some are developing submersibles to sail tons of drugs between continents, even as far as Europe and Australia. There are reportedly smugglers hiring professional divers to attach drug shipments outside cargo ship hulls then fly to the destination to remove them.

“Illicit trafficking networks have evolved into increasingly industrialized criminal economies that exploit weaknesses in border security, customs controls and screening technologies,” Smiths Detection, aviation marketing manager for Smiths Detection, said. “This shift is creating distinct smuggling patterns across all major modes of transportation.”

He added, “While the methods differ across transport modes, they share a common thread: growing sophistication that poses significant new challenges for global border security.”

Smiths in October released the SDX 10080 SCT, the latest product in the global EDS line. It is a modular hold-baggage and air cargo screening system that combines advanced dual-energy computed tomography (CT) with an optional high-resolution dual-view line scanner that Smiths said “offers exceptional modularity, reliability and efficiency.”

Among its other products is the HCVM XL mobile scanner, which provides high-energy X-ray imaging for non-intrusive inspection of cargo to enable customs officers to rapidly and accurately identify illicit goods without disrupting the flow of trade. At the turn of the year, Smiths installed four with Trinidad & Tobago’s customs agency at Port of Spain and the Port of Point Lisas.

Efforts to counter new drugs and tactics are bolstered by greater counter-drug funding, particularly in the U.S. and Europe.

That increased funding “will institutionalize demand” in the narcotics-detection and related markets and support growth in them, said the CEO and co-founder of 908Devices, Kevin J. Knopp. “This is setting up not only in the United States, but globally.” One recent report forecasts the global market for narcotics detection equipment to grow from $3.76 billion last year to $5.05 billion by 2029, maintaining a compound annual growth rate of more than six percent.

Additional funding in the U.S. includes this year’s budget reconciliation law and last year’s DETECT Fentanyl and Xylazine Act, which should boost research and development of means to detect those drugs.

In October, 908Devices said the U.S. Coast Guard bought 23 of its MX908 handheld mass spectrometers for narcotics interdiction efforts and hazardous threat detection. The service now fields more than 35 of the MX908, which combines thermal desorption, chemical ionization and high-pressure mass spectrometry to detect hundreds of chemical substances at trace levels, including fentanyl, explosives and other threats. The MX908 can identify over 2,000 fentanyl analogs, the company said.

In Europe, funding boosts stem from increased defense funding by NATO members and others. Customers are showing greater interest in detection capabilities elsewhere in the world, too. For instance, Bruker Corp. saw a 30 percent year-over-year increase in orders for its airport-deployed detectors, related consumables and services through October.

“There are significant improvements outside of the U.S.,” Bruker president and CEO Frank Laukien said, including in Europe, Japan, China, South Korea and the Middle East. He added that the company’s Applied Markets segment is “growing very nicely” with “a pretty broad international distribution.”

Bruker’s products include the Road Runner, a 7.5-pound, handheld device to detect narcotics and explosives vapors and particles. It uses ion mobility spectrometry (IMS) with a compressed high-intensity radiated pulse (CHIRP) algorithm and guides its user step by step via a touchscreen display. Another product is the Mobile-IR II, a portable, battery-powered Fourier Transform Infrared (FT-IR) spectrometer that the company said delivers laboratory-level spectral performance with an intuitive workflow set-up for IDing illegal substances.

The greater funding also stems from Europe’s efforts to combat a spike in cocaine use there (which now may exceed that in the U.S.). “Belgium, the Netherlands and Spain have reported the highest volumes of seizures, reflecting their importance as entry points for cocaine trafficked to Europe,” said a March report by the U.S. State Department’s Bureau for International Narcotics and Law Enforcement. That has increased cross-border criminal activity, “with European organized crime groups expanding their footprint in Mexico and South America and vice versa.”

Facing such crime, geopolitical conflicts and terrorism, “governments worldwide are investing heavily in advanced systems to enhance detection, deterrence, and response capabilities,” said Ajay Mehra, president, CEO and director of OSI Systems. He added customers are addressing the growing threats by increasing their focus on technology innovation and shifting policy priorities, supported by targeted funding.

OSI Systems designs and manufactures specialized electronic systems and components for critical applications, serving customers in 170 countries. Its Rapiscan Systems unit offers a wide range of scanners and inspection systems for aviation security, cargo, and vehicles.

These include the MobileTrace simultaneous dual-mode narcotics/explosives detector, which uses the company’s patented Ion Trap Mobility Spectrometry. It has been deployed at airports, border crossings, military bases and other critical global checkpoints.

In September, Rapiscan launched its Orion Road 930DX-V mobile X-ray system. With a van-size footprint, the system is designed to detect narcotics, concealed weapons, explosives and other contraband for customs and border protection, critical infrastructure fortification, law enforcement and other missions.

The Threat of Drugs is Broad and Changing

Fentanyl — the synthetic drug and most potent narcotic used by doctors (50-100 times more potent than morphine) — is highly addictive. Fentanyl analogs are synthetic opioids generally engineered to be more potent; carfentanil is 100 times more so. More potent ones can be small enough for hundreds of lethal doses in envelopes to be mailed — still a major smuggling method — or hidden on the body.

“Detecting narcotics concealed on the body under clothing is incredibly challenging,” said Heather Colby, who manages sales channels and alliances for Apstec Systems. “Technology has struggled to deliver effective solutions, and large-scale manual operations are intrusive, costly and generally impractical.”

Apstec develops high-throughput screening technology to detect narcotics, explosives and weapons. It said its products can screen large numbers of people and identify diverse threats while ensuring seamless, non-intrusive processing. It described its flagship product, HSS Falcon, as a powerful, AI-driven solution that provides comprehensive detection on people and in body-worn/hand-carried bags.

The first fentanyl analogs emerged in 2019. Last year, there were 688 reported variants, according to the United Nations. Today there are nearly 1,400.

“Drugs like fentanyl remain a deadly threat and drain on our country, consuming lives and resources across America,” said Dr. JihFen Lei, president of Teledyne FLIR Defense. In October, that company got an order from U.S. Customs and Border Protection (CBP) for 15 of its Griffin G510x portable chemical detectors, which are specifically designed to analyze and identify explosives and narcotics (such as fentanyl and its analogs) within five minutes. The instruments are to be fielded across the U.S. to help CBP identify the most challenging drug samples, such as those containing fentanyl in extremely low concentrations mixed with other compounds.

Those analogs are among a diverse group of lab-made compounds called novel psychoactive substances (NPSs). Most are created to mimic prescription or illicit drugs’ effects and to evade controlled-substances laws by slightly modifying an existing drug. With unfamiliar chemical signatures, these drugs can evade detectors until those signatures are added to devices’ libraries. Thermo Fisher’s Sweetin recalled that when traffickers began mixing fentanyl with xylazine, a pet sedative, detectors didn’t recognize it because its signature wasn’t in their libraries. Once it was added, investigators looked back and found it had been used widely.

“No matter how good the devices are,” he said, “if we don’t know to add an emerging drug to a device library, our customers can’t identify them.”

That need is one reason vendors are adding AI. In February Leidos said it was partnering the AI software company SeeTrue to improve the efficiency of airport security and customs screenings through AI-enabled algorithms for detecting prohibited items. Smiths has partnered with BigBear.ai, Deepnoid and other AI experts to hone its systems threat-detection capabilities.

The threat-detection company Autoclear offers proprietary AI Threat Assist software with its X-ray security screening systems. Its N2300 Fentanyl Trace Detector can be added to any Autoclear X-ray baggage scanner.

TactiScan’s pocket-sized narcotics scanners use cloud AI that taps advanced deep learning algorithms together with commonly used reference standards to analyze readings, identify substances and update its signature library. This reduces the risk that TactiScan will be confused by cutting agents and adulteration.

“AI and advanced analytics are transforming the detection landscape,” Smiths’ Kaufmann said. “These tools will be critical in busy logistics hubs, where authorities must assess large volumes with limited resources.

Old drugs still prevail. Around the world, the stimulants methamphetamine and amphetamine dominate the use of and trafficking in synthetic drugs, according to the U.N., and cocaine production and use is setting records year after year. The U.N. estimated worldwide illegal cocaine production in 2023 at 3,708 tons, 34.5 percent more than 2022 and 327 percent more than 2014. (Heroin production is dropping.)

Smugglers have long used aircraft, trucks and ships. They also are expanding their use of trains, which have been used mostly to traffic people. In one example, officials in India’s Kerala state said trains are now a prime narcotics smuggling method. In 2024, they said 1,232 pounds were seized on trains in the state. By this March, police had seized 928 pounds. Those totals were for only one of India’s 68 rail divisions.

That development is just one indication that drug smugglers are always seeking new markets and new ways of getting their products to them.

“Looking ahead, traffickers will remain exceptionally agile, exploiting distinct vulnerabilities across various sectors of international trade and travel,” Smiths’ Kaufmann said. “Global drug trafficking today is not constrained by geography, mode of transport, or concealment method. Countering this evolution will require next-generation detection capabilities.”

Insider threats are one of the most insidious dangers to face the transportation industry. This is because of the element of betrayal and surprise associated with them. The reason: “Insider threats are risks that originate from trusted individuals, namely employees, contractors, or third parties who have legitimate access to an organization’s systems, data, and infrastructure,” said Ryan LaSalle, CEO of Nisos (nisos.com, which helps organizations detect, prevent, and respond to insider threats before they escalate). “Historically, the term referred mostly to negligent mistakes, such as misconfigurations or mishandling sensitive information. Today, the definition is far broader. Insider threats now encompass deliberate acts of sabotage, theft, fraud, and policy violations, as well as negligent or accidental behaviors that expose the organization to risk. In transportation companies, this can result in financial leakage, smuggling or industrial espionage.”

“While some organizations may have a robust security posture, all that it takes is just one employee to conduct their own security controls assessment to identify weaknesses in an attempt to evade detection,” added Jim Henderson. He is CEO of the Insider Threat Defense Group (ITDG, www.insiderthreatdefensegroup.com). It has assisted more than 700 organizations in developing, implementing, managing and optimizing their insider risk management programs. “The damages inflicted by these insiders have caused billions of dollars of damage. Some affected companies have suffered large layoffs or gone out of business as a result.”

Three Types of Insider Threats

Although there are many kinds of insider threats, the experts interviewed for this article generally agreed that they can be classified into three main categories:

• The Malicious Insider: This is an employee who intentionally damages systems, steals data, or sabotages operations.

• The Negligent Insider: This is an employee who unintentionally causes harm through mistakes like clicking phishing links, mishandling credentials, or ignoring procedures.

• Third-Party Insider: These are an organization’s vendors or partners who have access to the organization’s systems and misuse this privilege, sometimes for profit, other times through carelessness.

Dealing with negligent insiders is a matter of detection, education, and — if they then refuse to improve — possible termination. It is the malicious and third-party insiders that constitute the real risks.

So why do they do it? Their motivations vary as widely as the crimes they commit. But there are some common threads. “Malicious insiders are often driven by motivations such as personal gain, revenge, ideology, or coercion, but these motives rarely appear in isolation,” said Ashleigh Diserio, president of Diserio Consulting (https://www.diserioconsulting.com), which specializes in behavioral consulting, insider risk detection, and risk management. “They can be influenced by factors in a person’s professional or personal life, such as job dissatisfaction, financial hardship, burnout, feeling undervalued, or unresolved conflicts with management or coworkers. For example, a frustrated employee who feels overlooked for promotion or mistreated by leadership might rationalize leaking sensitive data to a competitor or sabotaging logistics systems as a form of payback or self-justified justice.”

Third-party insiders, such as contractors, vendors, or technology partners, can be motivated by similar pressures. “Financial strain, loyalty to another organization, or even social manipulation can lead them to share or misuse access,” Diserio told TSI. “In some cases, their weak security habits or personal vulnerabilities make them easy targets for coercion or exploitation by external actors.

Detecting Insider Threats

Detecting insider threats is a daunting task, especially for transportation companies that cover great distances and often have multiple locations to monitor. But it is a task that can be done — and must be.

“Transportation companies operate with large, distributed workforces and high access environments, from logistics centers to maintenance shops and drivers in the field,” said Col (Ret) Brian “Patton” Searcy, president and founder of The Paratus Group (www.paratus.group), which trains people to recognize and respond to threats. “This makes insider threat awareness essential.”

So how can an organization generate insider threat awareness internally? “Train employees to look for changes in behavior, unusual stress, sudden wealth, rule-bending, isolation, and who to report it to,” Searcy replied.

“Detection begins with visibility,” added Diserio. “Transportation companies must understand who is accessing what, when, and why. Given the scale and complexity of logistics operations, insider risk detection cannot rely on guesswork. It requires structured policies, layered monitoring, and a clear framework for accountability.”

Being aware of what is happening in the organization at all times is paramount. “The key is to monitor all three potential dimensions of insider threat: behavioral, technical, and organizational,” LaSalle noted. “Behavioral signals might include sudden changes in work hours, unexplained conflicts with colleagues, or controversial activity on social media. Technical signals could be large, unauthorized data transfers, use of personal devices on the network, or attempts to disable security controls. Organizational signals include declining performance reviews, disciplinary actions, or notice of resignation.”

“Detecting insider threats involves more than just monitoring the network,” said Henderson. “Comprehensive insider risk management involves many key stakeholders: the Insider Threat Program manager, the Insider Threat investigator-analyst, the FSO, CSO, CISO, human resources, CIO – IT, network security, counterintelligence investigators, mental health/behavioral science professionals, and the legal department. These stakeholders must work together sharing employee risk and threat information, as no one individual within an organization is positioned to see every single employee risk factor or behavioral indicator. Collaboration among key stakeholders is a critical element for detecting and mitigating insider threats.”

To maximize the value of these actions, transportation companies should have monitoring policies that integrate their internal detection results with external intelligence. “For example, detecting unusual financial behavior, side employment, or suspicious online affiliations outside the company can provide early warning before an insider escalates to harmful actions,” LaSalle said. “Once risks have been identified, companies need clear escalation paths — often through a collaboration between HR, security, and legal teams — to investigate quickly, attribute activity accurately, and take proportionate action.”

How the Experts Do It

Transportation companies exist to move people and goods. Dealing with insider threats is not their core business, which is why hiring an outside expert to do this for them can often make sense. We asked the experts we interviewed how their companies do this.

“At Diserio Consulting, we take a full-lifecycle approach to insider threat management, from prevention and early detection to investigation, response, and long-term resilience,” said Ashleigh Diserio. “We understand that insider risks are not just a technology problem but a human one. That’s why our services combine behavioral science, analytics, and organizational strategy to address risk from every angle.”

This is how Diserio Consulting helps transportation and logistics companies protect their people, assets, and operations from insider threats.

The process begins by compiling insider threat risk assessments at the client company. To do this, “we conduct comprehensive assessments that evaluate vulnerabilities across an organization’s systems, workforce, and vendor ecosystem,” Diserio told TSI. “Our process involves structured interviews, behavioral risk mapping, and analysis of access controls and workflows. For transportation companies, this often includes reviewing logistics management systems, driver access points, cargo tracking data, badging data, and maintenance records to uncover where insider risks are most likely to emerge.”

Having done this, Diserio Consulting starts monitoring and assessing employee activities on an ongoing basis. “Our behavioral analytics platforms go beyond standard cybersecurity monitoring,” said Diserio. “By establishing individual and team baselines for everyday activity, we can identify deviations that indicate emerging risks, such as increased data downloads, sudden changes in work patterns, or behavioral red flags like frustration or disengagement. Our team integrates these tools with existing IT and HR systems, ensuring seamless insight across both digital and human data points.”

Of course, the transportation sector depends heavily on vendors, contractors, and logistics partners, all of whom can introduce third-party insider risks into a client’s business environment. To mitigate these risks, Diserio Consulting assists organizations in establishing a structured third-party risk management framework. “We conduct vendor security assessments, review access controls, and develop standardized onboarding and offboarding protocols to minimize exposure to external partners and ensure a secure environment,” Diserio explained.

Whenever an insider incident does occur, Diserio Consulting’s response team is ready to investigate and contain it. “We use digital forensics and behavioral analysis to identify root causes, preserve evidence, and recommend remediation steps,” said Diserio. “For transportation clients, this may involve tracing unauthorized access to routing systems, shipment databases, or employee credentials, while maintaining operational continuity.”

Beyond the above, Diserio Consulting develops tailored training programs that educate employees, supervisors, and contractors on how to identify and report potential insider risks. They also conduct behavioral workshops that teach leadership teams how to spot early warning signs of stress, burnout, or dissatisfaction, factors that can precede malicious or negligent actions. “In addition to training, we help companies build supportive, transparent workplace cultures that reduce the motivations behind insider threats,” Diserio said. “Our consultants work with HR and management to develop employee engagement strategies, confidential reporting channels, and intervention processes that address personal or professional issues before they escalate into security incidents. By combining behavioral insights with advanced analytics, we help transportation organizations shift from a reactive stance to a proactive one, predicting and preventing insider risks before they impact operations.”

The Insider Threat Defense Group (ITDG) offers similar services to its clients. “A first step for any organization, to include transportation companies, is to have a baseline and much deeper understanding of what insider threats are, and what is involved in insider risk management (IRM) — including extensive training,” said Henderson. “Key stakeholders must have a comprehensive understanding of the collaboration components and responsibilities required by them, and the many underlying and interconnected components that are essential for a comprehensive IRM program. Key stakeholders must be universally aligned from an enterprise/holistic perspective to detect and mitigate employee risks/threats. As well, an IRM program must be built on a solid framework of non-technical and technical security controls for the program to be comprehensive and effective.”

Worth noting: In addition to its IRM services, ITDG publishes a fascinating free monthly newsletter that details the latest happenings in insider-related crime. Available at www.insiderthreatdefense.us/insider-threat-incidents-reports-news, this newsletter provides insights into insider threat activities (much of it sourced from U.S. Department of Justice news releases), including the following: “Operations Manager Charged For Role In Embezzling $500,000 From Trucking Company.” In this report, ITDG explained how an operations manager at a large trucking business filed fraudulent truck driver reimbursement requests. This insider activity happened for over three years before the fraud was detected and stopped.

As for Nisos? “Our Insider Threat solutions combine technology with white-glove analyst services to provide holistic coverage,” said LaSalle. “By integrating external intelligence, continuous monitoring, and AI-driven attribution, Nisos helps organizations detect, investigate, and prevent insider threats before they manifest internally.”

Nisos’ Insider Threat services include:

• Early Risk Identification: Detecting potential indicators of insider threat – from concerning financial behavior, to social media, to undisclosed side employment — before they can escalate.

• Accurate Attribution: Connecting digital accounts and external signals to real-world individuals with AI-powered attribution and confidence scoring, to reduce false positives.

• Actionable Investigation Insights: Transforming risk signals into investigation-ready insights, to enable informed decision-making and speed up threat responses

• Continuous Monitoring: Maintaining real-time awareness of emerging insider threats with dynamic, always-on coverage that complements internal telemetry and reduces blind spots.

Finally, the Paratus Group provides a full range of threat detection services, staff training programs, and surveillance technology solutions to help their clients detect and defeat insider threats. Brian Searcy contextualizes these offerings in terms of the practical steps that transportation organizations can take to protect themselves:

• Behavioral Observation and Communication: Train employees to look for changes in behavior, unusual stress, sudden wealth, rule-bending, isolation, and know who to report it to.

• Micro-Learning and Scenario Training: Short, consistent awareness sessions are far more effective than one-time lectures. The Paratus Group uses five-minute daily and weekly drills that fit seamlessly into operations.

• Integrated Monitoring: Combine human awareness with technical monitoring. Systems can detect unusual logins; people can recognize unusual attitudes or motives.

• End-of-Shift “Hot Wash” Reviews: Encourage teams to share observations before they forget, because small concerns often connect to larger patterns.

• Faith and Purpose Mindset: When employees understand the higher purpose of their work, that they’re protecting people, not just property, it strengthens both ethics and performance. This approach transforms employees from passive observers into active protectors of the mission.

• An important point: “All of this requires buy-in at the highest levels,” said Searcy. “If they continue to conduct ‘check the box information events’, then nothing will change.”

Success Stories

Deploying a comprehensive insider threat defense program takes time, effort, and money. So, is it worth it? To answer this question, Ashleigh Diserio offered the following two success stories.

Case 1: Airline Industry

An airline approached Diserio Consulting after noticing inconsistencies in maintenance scheduling and access logs. “Our behavioral analytics platform flagged an employee who was repeatedly accessing sensitive aircraft maintenance data outside regular working hours and from an unusual geographic location outside the United States,” Diserio said. “This employee was not authorized to take their work computer outside the United States.”

After some digging, Diserio Consulting detected a pattern suggesting both insider knowledge and external coordination. “Our investigation revealed that the employee had been approached by a third party offering financial incentives to share internal system access credentials,” said Diserio. “By combining data analytics with behavioral profiling, which identified sudden changes in the employee’s work habits, communication tone, and stress indicators, we were able to alert the airline’s security and HR teams before any data was leaked. The individual was removed from their role, and the incident was contained without operational disruption or public exposure. The airline was later able to utilize our findings to enhance employee wellness programs and improve communication between maintenance and management teams, thereby addressing the root causes of insider risk.

Case 2: Bus Transportation

A bus transportation company faced a potential insider threat when Diserio Consulting’s continuous monitoring system detected irregular data activity from an operations supervisor’s account. The account had begun accessing passenger manifests and route scheduling data at irregular intervals, an activity that didn’t align with the employee’s role or prior work behavior.

“Our response team immediately launched a forensic review, uncovering that the employee’s access credentials were being used to gather and sell data related to competitor routes and operational schedules,” Diserio told TSI. “Motivated by personal financial stress, the insider had been approached through social media by an external buyer. Due to early behavioral flagging, which included signs of disengagement, attendance issues, and changes in communication tone, our system alerted leadership before any significant data was shared.”

Working closely with HR and law enforcement, the company managed to contain the incident. “Notably, our consultants helped management implement new employee support channels and financial wellness initiatives to mitigate similar motivational risks across the workforce,” she said.

The Paratus Group has its own success story to offer. “In one transportation maintenance operation, a team we had trained noticed a pattern that didn’t sit right: an employee was repeatedly accessing restricted maintenance records and working after hours without authorization,” said Brian Searcy. “Instead of ignoring it or assuming it was harmless, they used the Paratus Process: Identify, Assess, Predict, Decide, Act. They verified the pattern, documented what they saw, and escalated appropriately. The investigation revealed a contractor attempting to exfiltrate operational data. The issue was stopped before any damage was done. That’s what true awareness looks like; not paranoia, but informed observation and confident action.”

Actionable Expert Advice

Based on the experts’ insights, it is possible for transportation companies to successfully detect and defend against a wide variety of insider threats. To conclude this story, TSI magazine asked the experts for actionable advice that transportation companies could implement on their own. Here is what they told us.

“The best defense against insider threats starts with building a trusted workforce,” LaSalle said. “That means looking beyond traditional background checks to adopt proactive vetting strategies — verifying identities, validating credentials, and using modern tools to uncover hidden risks or fraudulent employment attempts. Equally important is adopting a lifecycle approach, monitoring for risk ethically and proportionally from pre-hire to exit. Transportation companies should also expand their visibility beyond the firewall. Internal telemetry alone won’t reveal hidden affiliations, online behavior, or financial stressors that often precede insider threat activity. By combining inside-the-network monitoring with external intelligence, organizations can connect the dots earlier, investigate with greater clarity, and take swift action.”

“You need to start with education for all key stakeholders involved in managing and supporting the Insider Threat Program,” said Henderson. “The success of a program is largely dependent on key stakeholders collaborating with the Insider Risk Program manager, and sharing employee risk and threat information of concern. This proactive approach is critical to ensure that everyone is universally aligned from an enterprise/holistic perspective for identifying, responding to, preventing and mitigating insider risks and threats.”

“Start with a clear framework: define what ‘insider risk’ means for your organization, including the scope of employees, contractors, and vendors,” Diserio said. “Insider threats often intersect with behavioral or workplace issues. So, HR, legal, finance, civil liberties, and security teams must work hand in hand. Leverage automation but keep the human element. Technology should assist, not replace judgment, so combine AI-based monitoring with human oversight. You should also create a culture of security awareness because employees are your first line of defense while regular training builds vigilance and trust. Finally, insider risk programs should grow with the company and adapt to new technologies, regulations, and threat landscapes.”

Brian Searcy delivered his advice in the following list:

• Start with Culture, Not Technology. Technology is an enabler, but awareness is the foundation.

• Empower Every Employee. Make security everyone’s responsibility, not just IT’s.

• Train Continuously. Replace long, once-a-year training with short, real-world refreshers that build muscle memory.

• Lead with Values. Whether that’s faith-based or organizational values, grounding people in purpose creates accountability.

• Review and Adapt Regularly. After incidents or near misses, conduct “hot washes” to capture lessons learned and reinforce awareness.

“At the end of the day, insider threat prevention isn’t about surveillance, it’s about stewardship,” said Searcy. “It’s about empowering your people to protect what matters most.” That’s a thought worth remembering for anyone tasked with protecting their organization against insider threats.

Improving security across borders but privacy concerns persist.

Biometric technologies are changing the way people move across borders, redefining both passenger convenience and security assurance. Facial recognition and multimodal biometric systems are integral to airport operations worldwide. From automated eGates to digital identity credentials, these systems are accelerating passenger throughput while reinforcing border integrity. Yet, their growing adoption raises complex questions around privacy, compliance and data protection. As innovation advances, regulators, technology providers and airport authorities must strike a careful balance between operational efficiency and the responsible use of personal data.

Measurable Improvements

Facial recognition is part of a broader spectrum of video image processing techniques, according to resources available from the European Data Protection Board (EDPB). “Some cameras can capture images of people within a defined area, particularly their faces, but they cannot be used as such to automatically recognize individuals. The same goes for simple photography; a camera is not a facial recognition system because photographs of people must be processed in a specific way to extract biometric data,” the team says.

Françoise Bergasse, border marketing manager at Thales, points out that implementation of biometric authentication at airports and border checkpoints shows an average time saving of 30% to 40% for travelers. “Biometric authentication achieves what was once thought impossible — increased security with faster processing. Real-time facial recognition at automated eGates combines the best of both worlds: speed and certainty. Travelers enjoy a smoother journey, while operators benefit from a highly reliable and tamper-proof identification process,” she says.

Data from various sources show that biometric systems have improved processing efficiency at border checkpoints while maintaining high security standards, affirms Rob Sutton, director of solution enablement for aviation at HID. “For example, automated eGates in Europe can verify a traveler’s identity in less than 20 seconds, compared to several minutes for manual checks. In the United States, programs such as Global Entry and the Biometric Entry-Exit Program have reduced wait times by up to 70%, thanks to facial recognition enabling rapid, document-free verification,” he says. “Multimodal systems, which combine face, fingerprint, iris, and voice recognition, add redundancy, ensuring reliability even if a biometric trait is compromised. Furthermore, decentralized identity frameworks and real-time data sharing between agencies help maintain productivity without compromising privacy or compliance. However, processing speed and productivity represent only one dimension of the benefits.”

IDEMIA Public Security’s biometric deployments at major airports in the Middle East and Asia have demonstrated the ability to process millions of traveler’s annually with minimal manual intervention, affirms Marwan Elnakat, technology and marketing strategy manager at IDEMIA Public Security. “Today, over 15,000 passengers are processed per hour at UAE airports using automated multi-biometric eGates for border control. The system ensures border security with a comprehensive traveler database, enabling the secure storage of facial, iris, and fingerprint biometric data,” he says. “To balance security requirements and traveler demands, we collaborate with individual clients and regulatory agencies to identify the best solution. Most of our solutions enable contactless identity verification and can be seamlessly integrated into existing systems. The balance between security and productivity is achieved through intelligent system design.”

Risk-based orchestration ensures that pre-registered, low-risk travelers quickly pass through automated checkpoints, while those who trigger alerts or have poor-quality matches are seamlessly redirected for secondary screening by human agents, according to Elnakat. “Adaptive quality and match thresholds, an approach supported by NIST research on biometric performance, allow systems to dynamically adapt based on context, maintaining low false alarm rates and rapid throughput. Pre-registration programs and mobile or digital identity verification also contribute to speed. By pre-verifying traveler’s identities via secure digital travel credentials (DTC) or mobile IDs, border systems offload part of the verification process, maintaining security and minimizing bottlenecks at physical checkpoints,” he says.

Deployment Strategies

Sutton observes that airports and border agencies are implementing advanced security measures to prevent breaches and misuse of biometric information, such as facial images and fingerprints. “These biometric data are protected through a multi-layered approach that includes data transformation, encryption, strict access control, and policy-based reporting. The most critical security measure is not storing the raw biometric image. Instead, the raw data is converted into a biometric template. This template cannot be reverse engineered back into the original image, making it unusable to fraudsters in the event of theft. Many systems also feature vitality detection and anti-spoofing capabilities to prevent fraud attempts such as the use of masks or synthetic supports,” he says. “A key innovation for protecting privacy is the biometric passport, which securely stores a traveler’s facial and fingerprint data on a chip embedded in the passport itself. This means that personal biometric identifiers are not stored in centralized databases, reducing the risk of mass data breaches and giving travelers greater control over their information.”

Airport operators and airlines around the world are increasingly experimenting with systems that allow passengers to more easily pass through various security checkpoints, the EDPB resources illustrate. “It is important to be aware that biometric data is particularly sensitive and that its processing can pose significant risks to individuals. Facial recognition technology can lead to false negatives, bias and discrimination. The misuse of biometric data can also have serious consequences, such as identity theft or impersonation. Individuals should have maximum control over their biometric data. In the EU, there is no uniform legal obligation for airport operators and airlines to verify that the name on a passenger’s boarding pass matches the name on their ID, and this may be subject to national laws,” the EDPB says. “Therefore, where no verification of passengers’ identity with an official identity document is required, such verification should not be performed using biometric data, as this would result in excessive data processing. We assessed the compliance of the processing of passengers’ biometric data with four different types of storage solutions, ranging from those that store biometric data exclusively in the hands of the data subject to those that rely on a centralized storage architecture with different modalities. In all cases, only the biometric data of passengers who actively register and consent to participate should be processed.”

The only storage solutions compatible with the principles of integrity and confidentiality, data protection by design and by default, and security of processing are those in which biometric data are stored in the hands of the data subject or in a central database, but with the encryption key held exclusively by that person, according to the EDPB resources. “These storage solutions, if implemented with a list of recommended minimum safeguards, are the only methods that adequately counteract the intrusiveness of processing, offering data subjects maximum control. The solutions based on storage in a centralized database, either within the airport or in the cloud, without encryption keys held by the data subject, cannot be compatible with data protection requirements by design and by default,” the EDPB says. “Regarding storage limitation, data controllers must ensure they have sufficient justification for the intended retention period and limit it to what is necessary for the proposed purpose.”

International regulations, such as the European Union’s General Data Protection Regulation (GDPR), will continue to further shape implementation strategies and the evolution of privacy-protecting technologies, standards, and certifications, affirms Sutton. “For example, the GDPR classifies biometric data as ’special category’ information, requiring explicit consent, transparency, and strict purpose limitation. These regulations have led to privacy-by-design approaches, decentralized identity frameworks, and minimum data retention policies in global aviation systems,” he says. “Furthermore, biometric systems are rapidly adapting to digital identity credentials, such as IATA’s One ID and ICAO’s DTC. These initiatives aim to create seamless, paperless travel by connecting biometric verification with mobile-based digital identities.

Thales designs its solutions to be cyber-secure by design, meaning data protection is built into every layer, from capture to storage and transmission, Bergasse affirms. “Biometric data is end-to-end encrypted, stored in secure environments and accessed only with strict role-based controls. Advanced encryption and anonymization ensure that, even in the unlikely event of a breach, data remains unusable outside of our secure infrastructure,” she says. “Global standards like the GDPR and similar frameworks around the world have established a clear direction: citizens must maintain control of their data. We believe that cyber resilience is about anticipating, not reacting. It is not about knowing if a system will be attacked, but when, and ensuring that, when that happens, sensitive data remains protected and trust intact.”

IDEMIA Public Security applies multi-layered security measures, including end-to-end encryption, hashing and template transformation techniques, ensuring that biometric images are never stored in an accessible format, Elnakat explains. “Role-based access control, rigorous audit logging, and real-time monitoring strengthen data protection throughout the system’s lifecycle. Templates are typically retained only for the minimum time necessary to complete the verification process, in accordance with privacy-by-design principles. To further ensure data integrity, we maintain compliance with international standards, including regular audits and independent benchmarking to ensure the security and reliability of all its solutions,” he says. “Our research teams are strategically located across the EU, particularly in France and Germany, to ensure full compliance and a thorough understanding of the GDPR and the upcoming EU Artificial Intelligence Regulation. Algorithms are constantly being realigned to keep pace with evolving biometric regulations. Furthermore, international regulations such as the GDPR have significantly shaped the way biometric systems are implemented.”

HID’s cutting-edge facial recognition portfolio is transforming the airport experience, offering travelers a seamless and secure journey powered by innovation and design excellence. Deployed across major international airports, the system integrates Red Dot Design Award-winning Facepods and eGates to deliver a smooth, intuitive, and aesthetically refined user experience. Built on a modular architecture, HID’s solution ensures effortless integration into existing airport infrastructures. It combines ethically trained AI algorithms with advanced multispectral imaging to provide industry-leading facial recognition accuracy and robust security. This fusion of technology and design sets a new benchmark for biometric travel, redefining how passengers move through airport environments Biometric identifiers fall under the “special category data” category under the GDPR, which requires a legal basis and robust data minimization measures, affirms Elnakat. “European data protection authorities have pushed implementers to conduct formal Data Protection Impact Assessments (DPIA) and apply retention and deletion rules that define when and how biometric data can be used,” he says. “At the same time, emerging regulations such as the EU AI Act are introducing additional transparency and accountability requirements for biometric technologies. These regulatory frameworks have encouraged developers such as IDEMIA Public Security to strengthen documentation, auditing, and third-party testing, referencing NIST benchmarks to ensure responsible and compliant use of biometric AI in border environments.”

Implementation Initiatives

While there is no official ranking for the adoption of biometric border controls, several regions stand out in terms of both infrastructure and traveler flow, Sutton affirms. “The EU leads the way in terms of reach and implementation, with its entry/exit system (EES), implemented in the 29 Schengen countries. This system requires biometric registration; namely facial images and fingerprints, for non-EU travelers, replacing manual passport stamping with automated checks. With millions of travelers crossing EU borders each year, the EES will likely become the most comprehensive biometric border system in the world,” he says. “In terms of traveler volume, the United States leads the world. U.S. customs and border protection (CBP) has implemented facial recognition at over 50 airports and border crossings, processing hundreds of millions of travelers through programs such as Global Entry and the Biometric Entry-Exit Program. The United Arab Emirates are also piloting high-flow biometric corridors.”

Several regions are leading this new era of safe and seamless travel, according to Bergasse. “India, with its DigiYatra initiative, is a pioneer in offering biometric travel experiences at scale. Singapore and other major Asian hubs are setting global benchmarks for seamless AI-powered passenger processing. Thales’ biometric border control solutions have been recognized internationally, earning a Frost & Sullivan award for its eGate automated border control (ABC) technology and for its leadership in next-generation border management,” she says. “With deployments in Europe, the Middle East, Latin America, Africa and North America, we support governments in strengthening border integrity, ensuring interoperability and preparing their systems for the era of digital travel credentials and secure digital identity.”

Elnakat points out that several countries and regions are now recognized as leaders in the adoption of biometric border control. “Australia has implemented IDEMIA Public Security’s automated border control solutions at several airports, ensuring swift and secure processing for both incoming and outgoing travelers. Major U.S. airports are conducting real-time trials of biometric verification to streamline immigration and boarding. We have also collaborated with the rise of mobile identification on additional solutions to continue simplifying travel processes. In the U.S., we have partnered with the transportation security administration (TSA) to upgrade its credential authentication technology (CAT Solution), which now accepts state IDs and mobile driver’s licenses at security checkpoints,” he says.

Pioneering implementations share key characteristics such as clear regulatory frameworks, significant investments in national entry/exit systems, and a willingness to experiment with technologies that integrate airlines, airports, and border agencies into a unified traveler verification ecosystem, according to Elnakat. “Biometrics are replacing the era of paper travel documentation and manual identity verification, evolving rapidly to support new forms of identity credentials. Biometric systems are being upgraded to verify DTCs and mobile IDs, in line with ICAO standards,” he says. “These digital documents are protected by cryptographic keys and linked to the issuing authorities, allowing travelers to authenticate their identities using their smartphones or digital wallets, offering a simple and secure extension of traditional electronic passports.”

An Evolution

The global rollout of biometric border control represents an evolution in transport security where speed, accuracy, and trust must coexist. The successes seen across Europe, the United States, the Middle East, and several Asian hubs highlight how intelligent system design and rigorous governance can deliver measurable benefits for both operators and travelers. However, sustainable progress depends on continued alignment with privacy frameworks such as the EU GDPR and emerging AI regulations. As biometrics become embedded in digital identity ecosystems, the challenge ahead lies not only in technological advancement, but in preserving public confidence through transparency, security, and respect for individual rights.