The Prevalence of Methodologies used to Counteract Insider Threat Security Risks Associated with the use of Radioactive Materials in Research and Clinical Settings
While many organizations maintain multiple layers of security controls to prevent outsiders from gaining unauthorized access to facilities, persons who have been granted legitimate access can represent an “insider threat” risk. Although the typical insider targets assets or data, in some cases their actions can also have significant impacts on workplace and environmental health and safety. Interestingly, some of the most notable radiological events involving the purposeful contamination of individuals all appear to have been perpetrated by insiders. In the academic and medical settings, radiation safety professionals focus their security efforts on (1) ensuring controls are in place to prevent unauthorized access or removal of sources, and (2) increasing security controls for the unescorted accessing of large sources of radioactivity (known as “quantities of concern”). But these controls may not address the threat insiders represent when they have unfettered access to sources in labs or clinics. The goal of this research was to characterize the methodologies currently employed to counteract the insider security threat for the misuse or purposeful divergence of radioactive materials used in the academic and medical settings. The study included the development of a web-based survey which assessed how the practicing radiation safety professionals in academic and medical settings anticipate, evaluate, and control insider threat security risks within their institutions. Though all of the respondents indicated that there are sources below the quantities of concern used in their research laboratories, clinics and hospitals, in only 16% of the cases are there no students present (attending or conducting research). The survey results found that in fifty-four (54%) percent of the participating organizations there are no extended background checks performed for the users on the sources in category 3 and below. After the data analysis, the author identified statistical significance when the organizations with established background check practices were compared to those without established background check practices based on student enrollment. In eighty-seven (87%) percent of the institutions the radiation safety professionals do not consider the insider threat security issues as part of the protocol review for the use of general radioactive materials. The radiation safety training in 89% of the organizations addresses the necessary security of the radioactive materials, but the insider threat risk factors and mitigation are not parts of the training at almost all (96%) of the participating institutions. The results also indicated that almost half (46%) of the participating radiation safety officers have never been trained on specific insider threat oversight or security risk assessment, but many (53%) consider that such training would be helpful for their radiation safety programs. Thus, the results of this work demonstrate the clear need to increase awareness of insider threat risk in academic and clinical institutions. The data collected from this study can be used as a foundation for the development of insider threat security training, which can be tailored specifically for the radiation safety professionals who are working at institutions where radioactive sources below the category of concern are present.^
Tsenov, Boris Grigoriev, "The Prevalence of Methodologies used to Counteract Insider Threat Security Risks Associated with the use of Radioactive Materials in Research and Clinical Settings" (2017). Texas Medical Center Dissertations (via ProQuest). AAI10272246.