The most recent Border Force People Survey reveals “a dissatisfied workforce which is a breeding ground for insider risk to grow and become insider acts, enabled by privileged access”. That is according to a new report from the Independent Chief Inspector for Borders and Immigration that looks at how internal threats are managed at the Home Office, specifically Border Force. The report states that “at present, no one is able to see the full picture of insider threat across Border Force”.

Background

Border Force is the part of the Home Office that checks people and goods at the border, as well as patrolling the coastline, gathering intelligence and alerting the police to people of interest.

Insider threats are categorised by the National Protective Security Authority as:

• deliberate insider: someone who obtains employment with intent to abuse their access to the organisation
• volunteer or self-initiated insider: someone who obtains employment without deliberate intent to abuse their access to the organisation, but at some point, decides to do so
• recruited or exploited insider: someone who obtains employment without deliberate intent to abuse their access to the organisation, but at some point, is recruited or exploited by a third party to do so

A study (not limited to Border Force) in 2013 found the main motivation for insiders is financial gain (47%), followed by ideology, desire for recognition, then loyalty, down to revenge being the motivator in 6% of cases. Often there is more than one motivating factor.

Key findings

Border Force has a dedicated team working in this area, known as the insider threat and integrity team. This has two sections, one working on projects to mitigate internal risks, and the second is the operational side.

The dual nature of Border Force, as a uniformed law enforcement organisation but which is governed by Civil Service rules and leadership, was identified as an issue by inspectors. An example of where this caused a problem was when Border Force wanted to make changes to drug and alcohol testing of staff. This was unsuccessful, partly because of concerns about how it may impact wider Home Office policy on drinking while on duty. Another example was that the Home Office’s social media policy was unsuitable for a law enforcement organisation and so this is being updated with Border Force input.

Another key finding was that there are issues with data sharing between Border Force and the National Crime Agency that affect the ability to properly monitor insider threat. Attempts to identify trends by commissioning external analysis were of limited success due to the difficulties in sharing data with the analyst. Similarly, data provided to inspectors did not allow them to objectively analyse trends in intelligence and investigations.

Inspectors found that allegations, behaviours or concerns relevant to insider threat can be raised in a number of different ways. However limited ability to share data between teams means that notification of insider risks is heavily dependent on line managers notifying the insider threat team. Staff at Border Force and at the Home Office agreed that the full picture regarding insider threat is not available to anyone.

One surprising finding is that insider threat training is optional for staff and is not part of the induction process. Despite this, 78% of staff had completed it.

Recommendations

Eight recommendations were made, one of which was redacted. Those we can see involve suggested improvements in processes, data sharing and training. The Home Office partially accepted two of the recommendations and fully accepted another five in their response.

As for the redacted one, who knows?

Concerns raised about use of redactions

The report was presumably a lot more interesting before the Home Office got hold of it. There are 105 redactions. In his comments on the publication of the report, the Chief Inspector was highly critical of the level of redactions made by the Home Office.

Section 50 of the UK Borders Act 2007 provides for material to be left out of the reports where it is “undesirable for reasons of national security”. The Chief Inspector has rightly raised concerns about what oversight there is of these decisions. It is something to keep an eye out for in future reports, as it is easy to imagine the Home Office doing more of this, particularly if there is little the Chief Inspector can do to stop them.

Conclusion

The Immigration Minister stated recently that “lawyers found to be coaching migrants on how to remain in the country by fraudulent means will face a sentence of up to life imprisonment”. Based on this report it seems that the minister should consider redirecting some of his concerns.

Earlier this year a Home Office employee was convicted of conspiracy to assist unlawful immigration and they are not the first. Insider risk is not limited to Border Force and it would be very interesting to see a similar report covering the decision making side of the Home Office.