- Email: [email protected]
Security in the clouds
Technology Stephen Pritchard
London Heathrow’s Terminal 5 handles 35 million passengers a year – equivalent to the entire population of Canada going on holiday. Securing this quantity of information requires both resources and skill
TECHNOLOGY
Security in the clouds Carbon footprint be damned, the number of travellers taking to the skies each year is colossal, and evolving biometric technology at airports is helping to cut down on paperwork. However, as escalating amounts of personal data are gathered and stored, Stephen Pritchard looks into how these gateways to the skies can keep security firmly on the radar Imagine an environment where you have to give out your home address, passport number and credit card details. One where you will be watched by CCTV, have your photograph taken and stored, and your fingerprints captured. Computers will log and record your recent movements, and there is a good chance you will have your iris, or even your entire face, scanned, and your body x-rayed. This is not some Orwellian vision of the future, but a description of today’s airport experience. Each of these technologies is in use at one, or more, European airports right now. Increasingly data capture and analysis, as well as biometric authentication, are being used by airport operators and governments to prevent terrorism, crime and customs and excise fraud. At the same time, biometric measures are being used to improve passengers’ airport experiences, by removing some of the manual checks and queuing that blight the modern traveller.
However, the more information airport operators gather, the more prone they are to information security attacks or inadvertent data leaks. The sheer volume of information that is collected each day presents a real challenge. London Heathrow’s Terminal 5, for example, handles 35 million passengers a year – equivalent to the entire population of Canada going on holiday. Securing this quantity of information requires both resources and skill. Airport authorities and their tenants, such as the airlines, are being forced to step up information security measures, not least in the light of revised government guidelines following recent, high-profile data security breaches. But as information security experts warn, with budgets under pressure, airport operators across Europe are unlikely to agree to significant additional information security spending – until, of course, a data leak occurs.
Protecting commercial data In addition to the need to secure passenger data, including the growing quantity of
biometric information, there is also the separate issue of securing commercial data. Although less visible than passenger security measures such as biometric identification, airports are increasingly run using a “shared service” business model. Shared service means that instead of having dedicated gates or check-in areas, for example, airlines share infrastructure including check-in desks and kiosks, baggage handling systems and ticketing offices. Infrastructure such as telephones, networks and even staff terminals are shared, sometimes on a flight-by-flight basis. Airlines might also share supporting services such as wireless LAN for their staff and in their business lounges, with commercial WiFi hotspot providers, other airlines and airport services companies. The commercial impetus for moving towards shared service cannot be overstated. Although some airports continue to be built with facilities dedicated to a single airline – such as Heathrow’s Terminal 5, which is only used by British Airways – aviation industry
JANUARY/FEBRUARY 2009
35
TECHNOLOGY observers believe that will increasingly be the exception rather than the rule. Single-use terminals work best where one airline, usually a national or ‘legacy’ national carrier, has a very large percentage of takeoff and landing slots. In airports where no one single airline has a majority of flights, and especially in newer or regional airports, shared service is more cost effective, more flexible and makes better use of scarce, physical capacity. At Las Vegas International, for example, the entire airport is run on a shared ‘common use’ system. It’s the largest airport in the US to run totally on common use lines, with airlines sharing ticketing and check-in desks. Even signage at the gates is virtual – with images sent from servers over the airport LAN to plasma screens at each gate. According to Samual Ingalls, the airport’s chief information officer, common use brings direct benefits in terms of both efficiency and cost. The IT infrastructure needed to support common use, including IT security, cost the equivalent of the outlay for building one additional physical gate. Yet it has freed up the capacity of 10 to 15 gates. Such measures will only attract the support of airport users – and airlines in particular – if every network user is confident that its data is kept separate from others. Few in the industry have forgotten the BA ‘dirty tricks’ scandal of the 1990s, for example, which included allegations that the airline had hacked into the computer records of its rival, Virgin Atlantic. “Before that incident, everyone had said that would never happen,” points out Guy Bunker, chief scientist at Symantec, the security vendor. “Now, everyone has become a lot more strict.” Fortunately, security measures unavailable to airlines in the early 1990s make it easier for them, and other airport tenants to make use of shared infrastructure such as local-area networks. VPN tunnelling, for example, allows airlines to keep traffic private as it moves across the network and to its data centre, which is usually “off airport”. Other measures, such as running checkin or ticketing terminals as virtual sessions on thin clients (a computer which depends primarily on the central server for processing activities) also help to separate users’ data
36
JANUARY/FEBRUARY 2009
and ensure that no information is left behind on the client device when the user logs out. Such technologies can also be extended to mobile devices, including laptops and PDAs, which are being used more and more in airports and other transportation hubs. This way, an airline or airport service provider can use essentially the same technology both to secure sessions on shared terminals, and to protect data that is being viewed on mobile devices. As well as thin clients such as Citrix, a number of airlines are understood to be investigating whether desktop or other client virtualisation technology could be used to make IT both more portable and more secure. Airlines, though, might also need to do more to ensure that policies surrounding
STAYING SECURE AT AIRPORTS It’s not just information about passengers that can be at risk in transport hubs such as airports; sometimes, it is the information that passengers carry that goes astray. According to Pricewaterhouse Coopers, the professional services firm, a staggering 3 300 laptops go missing each month from the eight largest airports in EMEA. The firm gives this advice to travellers on staying secure: 1. Never discuss confidential information in the airport lounge; do not broadcast sensitive information on your mobile. 2. Remember to be on guard when a WiFi hotspot, as these are relatively easy to hack. If you don’t have encrypted links back to the office, then don’t send emails. 3. Remember that thieves operate in airports. Watch out for the ‘similar laptop bag switch’ routine – you may not be aware of it until you reach your destination. 4. If you travel anywhere with a laptop, ask your IT department to implement hard drive encryption. 5. Always remember to separate your documents such as your passport from your computer, otherwise you won’t just be giving your trade secrets away, you’ll also be the next victim of identify theft. 6. Always carry your laptop with you - don’t be tempted to leave it in the car or with someone you don’t know – it is your responsibility.
Source: PwC
access to passenger data is controlled. Airlines increasingly make use of handling agents, not just for baggage but also for ticketing, check-in and to operate facilities such as business or VIP lounges. “Airlines and other airport users do need to make sure they lock down their processes,” Bunker advises. “They need to ensure that staff are only looking at the information they need to look at, that they have access to the minimum amount of data. If you are in a shared services environment, it might be necessary to see the name of a passenger, but not necessarily the address.” Staff might work for several airlines in any one day, so airlines will want to make sure that they can only access the information they need for that airline, and only during that particular shift. Measures such as rolebased access controls and limits on viewing private information are also an important tool for airlines looking to protect their data. “Organisations will need to place a degree of trust on staff,” says Richard Keighley, senior manager in Deloitte & Touche’s Enterprise Risk Services division. “The fact that they might be working for British Airways on one day then KLM the next means they have to know not to disclose one party’s information to the other. But workflow and access controls are an important part of enforcing that.” Ideally, information security measures should comply with standards such as ISO 27001 and be subject to regular SAS70 auditing reports, he says.
Biometrics and borders If airlines and airport operators need to upgrade security in order to promote efficiency and growth, they must also gear up to an environment where more and more personal data – especially biometric data – is being collected to ensure physical security. This raises some important concerns. Law enforcement agencies rightly want access to passenger information, in order to check identities or (terrorism) watch lists. Passenger profiling, although controversial, is likely to grow in importance. Work in Israel, as well as tests in the UK, have shown that profiling can be very effective in detecting terrorist suspects. But while legitimate passengers might be comfortable providing
TECHNOLOGY
The more information airport operators gather, the more prone they are to information security attacks or inadvertent data leaks
background data – such as the Advanced Passenger Information now required for flights to the USA and to Spain – to the authorities, they might be less comfortable handing it over to airlines, travel agents or other intermediaries. Research on passenger behaviour, however, suggests that travellers broadly welcome biometric security measures, especially where technology improves convenience. In Scandinavia, a voluntary scheme for fingerprint checks on passengers with hold baggage has seen 93% of travellers opt in to the scheme. “Typically, passengers want to use these systems because it makes it quicker to board. You don’t have to pull out your passport again,” says Cyrille Bataller, director of Accenture Technology Labs in Europe. He points out that airport automation - in combination with biometric systems and often, frequent traveller programmes - work when they offer passengers a clear incentive, such as reduced paperwork or shorter queues. In the UK, the miSense biometric trials based on fingerprint recognition at London Heathrow, and the ongoing facial recognition trial at Manchester Airport, have proved popular with passengers. This is despite the fact that some passengers might consider biometric identification, and especially facial recognition, to be intrusive. The move to capture more biometric information in passports and identity cards should make such measures easier to implement in the future, as airport operators will not need to bear the cost of setting up their own enrolment systems or creating their own identity documents. Implementing such systems, in a way that preserves security and public trust, is more difficult. Any biometric system creates a potentially valuable source of confidential
information for criminals to access. Identity theft is one concern; another is that criminals might somehow fool the system into letting unauthorised people through the perimeter, by interfering with the authentication algorithms that analyse the data. As Steve Wright, a senior manager and member of the Risk Advisory Practice at PriceWaterhouse Coopers, points out, organisations also need to consider security arrangements for all the parties that might handle sensitive data. “When it comes to personal data from passport scanners, for example, we have to ask whether we can trust the administrators of a central storage system to ensure the integrity of that information,” he cautions. “We only have to look at recent data leakages to realise that it is not necessarily the government at risk here, it’s their trusted third parties. Yet our Global Information Security Survey from this October found that only 28% of organisations polled conducted due diligence on third parties,” he says. This is an issue that governments and commercial airport operators will have to address, if security measures being introduced for aviation are not to cause an information leakage problem further down the line. Systems that store biometric information on a chip in the passport or ID card – as is the case with UK biometric passports – are generally considered to be more secure than those that hold the full biometric identity data on a central server, not least because there are fewer places where data is transmitted or stored. Local systems work by checking the scan (typically retinal, fingerprint or face) against the information on the ID card or passport’s chip, verifying that the traveller is the person
Research on passenger behaviour suggests that travellers broadly welcome biometric security measures named on the document. Only lower-grade information, such as the passport or ID card number, needs to be transmitted off site. This is the architecture deployed for the facial recognition system at Manchester Airport. Systems such as the UK Border Agency’s IRIS, on the other hand, are based on a server that stores the biometric information. This has the advantage that passengers do not have to hold a biometric passport and can pass through immigration without actually presenting their documents. Organisations wanting to roll out similar systems need to invest heavily in measures, such as high-grade encryption, to protect their networks and databases from unauthorised use, as well as strong enforcement policies. Such measures are likely to be designed in from the outset for border control systems - governments will not want to run the risk of a data security breach, much less the chance that terrorists and other criminals could use information security weaknesses to exploit systems. But commercial organisations, including airport operators, ground handling agents and, of course, airlines, will need to budget for equally robust security if convenience is not to come at the cost of safety.
RESOURCES: miSense http://www.baa.com/portal/site/baa/ menuitem.6a4740fe62e293a4b03f78109 328c1a0/ UK e-Borders: http://www.bia.homeoffice.gov.uk/ managingborders/technology/eborders/
JANUARY/FEBRUARY 2009
37
London Heathrow’s Terminal 5 handles 35 million passengers a year – equivalent to the entire population of Canada going on holiday. Securing this quantity of information requires both resources and skill
TECHNOLOGY
Security in the clouds Carbon footprint be damned, the number of travellers taking to the skies each year is colossal, and evolving biometric technology at airports is helping to cut down on paperwork. However, as escalating amounts of personal data are gathered and stored, Stephen Pritchard looks into how these gateways to the skies can keep security firmly on the radar Imagine an environment where you have to give out your home address, passport number and credit card details. One where you will be watched by CCTV, have your photograph taken and stored, and your fingerprints captured. Computers will log and record your recent movements, and there is a good chance you will have your iris, or even your entire face, scanned, and your body x-rayed. This is not some Orwellian vision of the future, but a description of today’s airport experience. Each of these technologies is in use at one, or more, European airports right now. Increasingly data capture and analysis, as well as biometric authentication, are being used by airport operators and governments to prevent terrorism, crime and customs and excise fraud. At the same time, biometric measures are being used to improve passengers’ airport experiences, by removing some of the manual checks and queuing that blight the modern traveller.
However, the more information airport operators gather, the more prone they are to information security attacks or inadvertent data leaks. The sheer volume of information that is collected each day presents a real challenge. London Heathrow’s Terminal 5, for example, handles 35 million passengers a year – equivalent to the entire population of Canada going on holiday. Securing this quantity of information requires both resources and skill. Airport authorities and their tenants, such as the airlines, are being forced to step up information security measures, not least in the light of revised government guidelines following recent, high-profile data security breaches. But as information security experts warn, with budgets under pressure, airport operators across Europe are unlikely to agree to significant additional information security spending – until, of course, a data leak occurs.
Protecting commercial data In addition to the need to secure passenger data, including the growing quantity of
biometric information, there is also the separate issue of securing commercial data. Although less visible than passenger security measures such as biometric identification, airports are increasingly run using a “shared service” business model. Shared service means that instead of having dedicated gates or check-in areas, for example, airlines share infrastructure including check-in desks and kiosks, baggage handling systems and ticketing offices. Infrastructure such as telephones, networks and even staff terminals are shared, sometimes on a flight-by-flight basis. Airlines might also share supporting services such as wireless LAN for their staff and in their business lounges, with commercial WiFi hotspot providers, other airlines and airport services companies. The commercial impetus for moving towards shared service cannot be overstated. Although some airports continue to be built with facilities dedicated to a single airline – such as Heathrow’s Terminal 5, which is only used by British Airways – aviation industry
JANUARY/FEBRUARY 2009
35
TECHNOLOGY observers believe that will increasingly be the exception rather than the rule. Single-use terminals work best where one airline, usually a national or ‘legacy’ national carrier, has a very large percentage of takeoff and landing slots. In airports where no one single airline has a majority of flights, and especially in newer or regional airports, shared service is more cost effective, more flexible and makes better use of scarce, physical capacity. At Las Vegas International, for example, the entire airport is run on a shared ‘common use’ system. It’s the largest airport in the US to run totally on common use lines, with airlines sharing ticketing and check-in desks. Even signage at the gates is virtual – with images sent from servers over the airport LAN to plasma screens at each gate. According to Samual Ingalls, the airport’s chief information officer, common use brings direct benefits in terms of both efficiency and cost. The IT infrastructure needed to support common use, including IT security, cost the equivalent of the outlay for building one additional physical gate. Yet it has freed up the capacity of 10 to 15 gates. Such measures will only attract the support of airport users – and airlines in particular – if every network user is confident that its data is kept separate from others. Few in the industry have forgotten the BA ‘dirty tricks’ scandal of the 1990s, for example, which included allegations that the airline had hacked into the computer records of its rival, Virgin Atlantic. “Before that incident, everyone had said that would never happen,” points out Guy Bunker, chief scientist at Symantec, the security vendor. “Now, everyone has become a lot more strict.” Fortunately, security measures unavailable to airlines in the early 1990s make it easier for them, and other airport tenants to make use of shared infrastructure such as local-area networks. VPN tunnelling, for example, allows airlines to keep traffic private as it moves across the network and to its data centre, which is usually “off airport”. Other measures, such as running checkin or ticketing terminals as virtual sessions on thin clients (a computer which depends primarily on the central server for processing activities) also help to separate users’ data
36
JANUARY/FEBRUARY 2009
and ensure that no information is left behind on the client device when the user logs out. Such technologies can also be extended to mobile devices, including laptops and PDAs, which are being used more and more in airports and other transportation hubs. This way, an airline or airport service provider can use essentially the same technology both to secure sessions on shared terminals, and to protect data that is being viewed on mobile devices. As well as thin clients such as Citrix, a number of airlines are understood to be investigating whether desktop or other client virtualisation technology could be used to make IT both more portable and more secure. Airlines, though, might also need to do more to ensure that policies surrounding
STAYING SECURE AT AIRPORTS It’s not just information about passengers that can be at risk in transport hubs such as airports; sometimes, it is the information that passengers carry that goes astray. According to Pricewaterhouse Coopers, the professional services firm, a staggering 3 300 laptops go missing each month from the eight largest airports in EMEA. The firm gives this advice to travellers on staying secure: 1. Never discuss confidential information in the airport lounge; do not broadcast sensitive information on your mobile. 2. Remember to be on guard when a WiFi hotspot, as these are relatively easy to hack. If you don’t have encrypted links back to the office, then don’t send emails. 3. Remember that thieves operate in airports. Watch out for the ‘similar laptop bag switch’ routine – you may not be aware of it until you reach your destination. 4. If you travel anywhere with a laptop, ask your IT department to implement hard drive encryption. 5. Always remember to separate your documents such as your passport from your computer, otherwise you won’t just be giving your trade secrets away, you’ll also be the next victim of identify theft. 6. Always carry your laptop with you - don’t be tempted to leave it in the car or with someone you don’t know – it is your responsibility.
Source: PwC
access to passenger data is controlled. Airlines increasingly make use of handling agents, not just for baggage but also for ticketing, check-in and to operate facilities such as business or VIP lounges. “Airlines and other airport users do need to make sure they lock down their processes,” Bunker advises. “They need to ensure that staff are only looking at the information they need to look at, that they have access to the minimum amount of data. If you are in a shared services environment, it might be necessary to see the name of a passenger, but not necessarily the address.” Staff might work for several airlines in any one day, so airlines will want to make sure that they can only access the information they need for that airline, and only during that particular shift. Measures such as rolebased access controls and limits on viewing private information are also an important tool for airlines looking to protect their data. “Organisations will need to place a degree of trust on staff,” says Richard Keighley, senior manager in Deloitte & Touche’s Enterprise Risk Services division. “The fact that they might be working for British Airways on one day then KLM the next means they have to know not to disclose one party’s information to the other. But workflow and access controls are an important part of enforcing that.” Ideally, information security measures should comply with standards such as ISO 27001 and be subject to regular SAS70 auditing reports, he says.
Biometrics and borders If airlines and airport operators need to upgrade security in order to promote efficiency and growth, they must also gear up to an environment where more and more personal data – especially biometric data – is being collected to ensure physical security. This raises some important concerns. Law enforcement agencies rightly want access to passenger information, in order to check identities or (terrorism) watch lists. Passenger profiling, although controversial, is likely to grow in importance. Work in Israel, as well as tests in the UK, have shown that profiling can be very effective in detecting terrorist suspects. But while legitimate passengers might be comfortable providing
TECHNOLOGY
The more information airport operators gather, the more prone they are to information security attacks or inadvertent data leaks
background data – such as the Advanced Passenger Information now required for flights to the USA and to Spain – to the authorities, they might be less comfortable handing it over to airlines, travel agents or other intermediaries. Research on passenger behaviour, however, suggests that travellers broadly welcome biometric security measures, especially where technology improves convenience. In Scandinavia, a voluntary scheme for fingerprint checks on passengers with hold baggage has seen 93% of travellers opt in to the scheme. “Typically, passengers want to use these systems because it makes it quicker to board. You don’t have to pull out your passport again,” says Cyrille Bataller, director of Accenture Technology Labs in Europe. He points out that airport automation - in combination with biometric systems and often, frequent traveller programmes - work when they offer passengers a clear incentive, such as reduced paperwork or shorter queues. In the UK, the miSense biometric trials based on fingerprint recognition at London Heathrow, and the ongoing facial recognition trial at Manchester Airport, have proved popular with passengers. This is despite the fact that some passengers might consider biometric identification, and especially facial recognition, to be intrusive. The move to capture more biometric information in passports and identity cards should make such measures easier to implement in the future, as airport operators will not need to bear the cost of setting up their own enrolment systems or creating their own identity documents. Implementing such systems, in a way that preserves security and public trust, is more difficult. Any biometric system creates a potentially valuable source of confidential
information for criminals to access. Identity theft is one concern; another is that criminals might somehow fool the system into letting unauthorised people through the perimeter, by interfering with the authentication algorithms that analyse the data. As Steve Wright, a senior manager and member of the Risk Advisory Practice at PriceWaterhouse Coopers, points out, organisations also need to consider security arrangements for all the parties that might handle sensitive data. “When it comes to personal data from passport scanners, for example, we have to ask whether we can trust the administrators of a central storage system to ensure the integrity of that information,” he cautions. “We only have to look at recent data leakages to realise that it is not necessarily the government at risk here, it’s their trusted third parties. Yet our Global Information Security Survey from this October found that only 28% of organisations polled conducted due diligence on third parties,” he says. This is an issue that governments and commercial airport operators will have to address, if security measures being introduced for aviation are not to cause an information leakage problem further down the line. Systems that store biometric information on a chip in the passport or ID card – as is the case with UK biometric passports – are generally considered to be more secure than those that hold the full biometric identity data on a central server, not least because there are fewer places where data is transmitted or stored. Local systems work by checking the scan (typically retinal, fingerprint or face) against the information on the ID card or passport’s chip, verifying that the traveller is the person
Research on passenger behaviour suggests that travellers broadly welcome biometric security measures named on the document. Only lower-grade information, such as the passport or ID card number, needs to be transmitted off site. This is the architecture deployed for the facial recognition system at Manchester Airport. Systems such as the UK Border Agency’s IRIS, on the other hand, are based on a server that stores the biometric information. This has the advantage that passengers do not have to hold a biometric passport and can pass through immigration without actually presenting their documents. Organisations wanting to roll out similar systems need to invest heavily in measures, such as high-grade encryption, to protect their networks and databases from unauthorised use, as well as strong enforcement policies. Such measures are likely to be designed in from the outset for border control systems - governments will not want to run the risk of a data security breach, much less the chance that terrorists and other criminals could use information security weaknesses to exploit systems. But commercial organisations, including airport operators, ground handling agents and, of course, airlines, will need to budget for equally robust security if convenience is not to come at the cost of safety.
RESOURCES: miSense http://www.baa.com/portal/site/baa/ menuitem.6a4740fe62e293a4b03f78109 328c1a0/ UK e-Borders: http://www.bia.homeoffice.gov.uk/ managingborders/technology/eborders/
JANUARY/FEBRUARY 2009
37