On September 11, 2001 the concept of airport security was forever changed when several airplanes filled with unsuspecting passengers were hijacked by terrorists holding little more than box cutters and then used as weapons to destroy some of America’s most iconic government buildings. Although September 11th was not the first time an airport or airplane was targeted by terrorists, it certainly was the most devastating and memorable experience for Americans and many others worldwide. Many people were afraid to fly and the airline industry suffered financially as a result. A change in security had to be made. The Transportation Security Administration (TSA) was formed as a response and new technology along with heightened security processes have beenimplemented at airports everywhere(Coskun & Hoey, 2005).
Intruder detection systems and biometrics are now used to track employees, enhanced body scanners and x-ray technologies are the norm for passenger and baggage screening. The individual airline companies have also developed new technologies to identify passengers and check them in via kiosks and on in the internet. Some have also developed smart phone applications useful to track flights and allow paperless boarding at the gate. Wireless internet is available in the airport terminals and even on board the flight.These are the technologies that are obvious to customers, however there are countless other complex Information Technology and Systems (IT&S) present behind the curtain “which enable the airport and all of its intricate facets to efficiently and safely function minute-by-minute and day-to-day (Airport Consultants Council, 2008).”
While physical security may have improved a new threat has emerged with the increased use of new technologiesin the form of cyber attacks. Due to the complexity of different businesses operations and processes going on during daily operations, airport information systems consist of all types of technologies which have different maintenance practices and data owners (Transportation Research Board, 2009). With cyber attackson the rise, how is it possible to protect all of the different systems and technologies within an IT&S infrastructure as complex as an airport?
Focus of the Study
The purpose of this study is to identify those systems and technologies common to an international airport that are most vulnerable to cyber attack, explain the risks and vulnerabilities and recommend mitigation techniques. The infrastructure of the systems of an international airport will be generalized based on commonalities in the passenger and employee experience. The technologiesanalyzed will be broken up into the following categories:
- Biometrics and Access Control
- Flight tracking and information systems
- Passenger screening
- Baggage tracking and inspection
- Networks and Web Services
- Radios and Communication
The analysis of each technology will focus on the amplification of the following information:
Information –What is the device or technology used for? What kind of information is involved (i.e. financial, personal, business intelligence…)?
Data Ownership and Maintenance – What are the maintenance practices?Who owns the information? What stakeholders are involved?
Vulnerabilities – What are the vulnerabilities? How can the vulnerabilities be exploited? Does the lack of security in one system pose threats to another?
Consequences of breach – Why is it important to secure the information? What could happen if certain areas are breached? What is the potential loss?
Mitigation – What is the best way to secure the information? How to maintain secure information? What is the process?
Biometrics and Access Control
Biometric systems use a peripheral device to identify an individual by scanning a unique bodily feature such as an iris or finger print. After identification has been made the file can be used to check criminal databases or allow access to an area(Airport Consultants Council, 2008). Fingerprint scanners are currently in use at customs and border patrol workstations in many airports. After a finger print is added to the database it is used to verify travel documents and cross-check criminal databases and travel alerts(Find Biometrics, 2011). Some airports also use iris scanners in conjunction with finger print scans. This speeds up the processing of passengers through customs by allowing quick access to information without the border patrol agent having to manually type identification information into a database where errors could occur or mistakes could be made. Although there is the possibility of someone using an altered fingerprint or contact lens, the use of multiple identification procedures such as additional biometrics and confirmation of identity against passports by the border patrol agent lessens the chances of the biometric system being compromised. The largest vulnerability for biometric systems at airports comes from the backend of the computer system or database. If firewalls are not installed and access logs are not carefully monitored, the system could be cracked(Lee, 2006). The system should also be password protected, default user accounts should be deleted and users trained to keep passwords secure and complex. The compromise or alteration of this personal information could have devastating consequences. Customs may have to go to a back up database (assuming they have one) or shut down altogether, extremely limiting airport operations.
A common access control system used by employers and TSA in airports is a badge access system. Badges worn by personnel serve the purpose of identifying their name, position and access level and also allow or deny them access to various areas throughout the airport(Airport Consultants Council, 2008). The most obvious vulnerability to a badge system is the management of the system by security personnel. Employees must not be given more access than is required of their position, access must be monitored and systems must be maintained to ensure security and proper restriction on all levels. Outside attackers could easily replicate or confiscate a badge and gain access to the terminal or aircraft. Combining badge access with a pin or biometric system will improve the security of this access system.
Flight tracking and information systems
Throughout the airport there are various Flight Information Display Systems (FIDS). FIDS which allow passengers and airport personnel to monitorcurrent flight tracking data, gate information, weather information, delays and other pertinent information. These FIDS are connected to various databases from various internal and external sources(Airport Consultants Council, 2008). The stakeholders of this information are many. Various airlines control databases as well as the Federal Aviation Administration (FAA) and Air Traffic Control (ATC). If the databases feeding the information to FIDS were to become compromised airport operations would come to a screeching halt. Passengers would not know what gate to go to, flight crews would not know where to park planes, the tower would have trouble prioritizing departures and arrivals and multiple airports would be affected.
Exploitation of databases often occurs in the form of hijacked or spoofed client sessions where an attacker can formulate queries of a database that disclose unauthorized information. In the case of flight information databases a hacker could create a virus or VBS script commanding an application to perform certain actions (such as to show all flights as delayed or delete all database information). Because the information flows over a complex network of collocated servers, an attacker could use a TCP attack and a password cracker to gain access(Dulaney, 2009). In 2011, the Department of Transportation issued a report that unauthorized users were able to gain access to the FAA’s ATC tracking system due to unauthorized information disclosure, systems not being securely patched, the use of unsupported operating systems, and improper network configurations(Hall, 2011). Security of these databases to outside access is of utmost importance because of the potential loss to the stakeholders involved including the safety of airline passengers. Servers must be patched, back-ups to databases maintained, and access to systems limited and configured properly.
When passengers arrive to the airport they must check-in using a kiosk, airline ticketing desk or print their boarding passes online prior to airport arrival. Individual airline ticketing/check in counters track customers using Common Use Passenger Processing Systems (CUPPS). “CUPPS allow multiple airlines at an airport to share data on common workstations but also tie into an airline’s back-office systems and preferred front-office passenger processing applications(Airport Consultants Council, 2008).” CUPPS are only as safe as the back-office systems and other applications they are connected to. If an airline’s office systems are not secure, the vulnerabilities to the CUPPS are even greater. If the CUPPS is compromised, passenger processing for all airlines could be affected along with passenger lists and flight data. Airline kiosks and web check increase access and possible depredation of the CUPPS because anyone with flight information, a frequent flier number or access to e-mail could check in with fake identification and gain a boarding pass under another name. TSA agents can become complacent and photo identification can take on many formats. The potential for unauthorized access to the terminal and a flight is very high. One case reported by a United Airlines passenger who didn’t pay attention to the prompts on the kiosk screen and ended up with the wrong boarding pass. The same news report mentioned several cases where passengers had accidentally entered an incorrect letter and were given several names of people to choose from. As was pointed out in the report, what is to stop a person from acquiring fake identification and boarding the wrong flight(San Diego News, 2007)? The stakeholder in this case is primarily the individual airline as it is their responsibility to protect the private data of their customers, but it could turn into a major incident if a criminal were to board a plane under another name and someone was harmed in the process. Airlines must do a better job of ensuring boarding passes do not land in the wrong hands. This means assessing and increasing the security of their office hardware and software, company websites and most importantly monitoring what goes on at the kiosk. Requiring a web password at the kiosk rather than just flight information or a confirmation code could improve security as well as securing online check-in options by requiring customers to login to the website to access boarding passes rather than by simply clicking a link in their e-mail inbox.
Another common passenger screening tool used and recently implemented at most airports is the full body scanner. This scanner uses Advanced Imaging Technology (AIT) similar to that of an x-ray machine in a hospital to view any objects a passenger might be carrying under his or her clothes, in pockets or even in body cavities. The scanners are controlled and monitored by the TSA and are vulnerable in that they are controlled by software which could have glitches or be hacked and images stolen or manipulated and the scanners could also lose power due to an electrical outage(Swafford, 2011). It is important for the TSA to ensure the computers controlling the software have access control in place in the form of passwords, smart cards, or biometrics and also to ensure a back-up power supply and proper climate control is available to mitigate these vulnerabilities.
Baggage tracking and inspection
The Baggage Handling System (BHS) is one of the most critical ground systems in an airport as it is responsible for tracking bags from ticketing to the gate, to follow on flights, and all the way to the passengers destination. If the BHS is inoperable, flights are grounded(Airport Consultants Council, 2008). In a 2008 study of 13 world-wide airports, Airtight Networks found that many airports were using wireless WEP systems with out of the box configurations to operate their baggage tracking systems(Airtight Networks, 2008). This is a concerning report considering there are so many unsecured wireless network users within the airport that could easily gain access to or unknowingly allow their computer to be used as a vehicle for access to the BHS. Even a wired BHS has vulnerabilities as servers must be patched and locked down, clients must have access restrictions and most importantly the information protected from intruders via access controls. Employees must also be trained on the importance of securing peripheral scanning devices and passwords.
With the volume of baggage passing through an international airport on a daily basis it is important to have a secure and accurate method of quickly scanning baggage for explosives or other dangerous materials. If a baggage scanning system were unknowingly compromised, the consequences could be devastating. The Aviation and Transportation Security Act of 2001 mandates that 100 percent of checked baggage be screened using explosion detection systems. The most common screening system used today is the Explosives Detection System (EDS) scanner. This scanner uses computer-aided tomography (CT) adapted from medical technology to automatically detect high density signatures of threat explosives without human interaction. Bags are loaded into the scanner by TSA personnel and the EDS indicates whether or not there is a threat. If a threat is indicated, the machine alarms and the agent reviews the images to determine if further inspection (a physical search of the baggage contents) is necessary. If no threat is detected, the bag moves on(Semp Inc., 2005). Although the EDS are stand-alone systems with a lessened cyber-attack threat, TSA personnel must ensure bags are being properly screened. Recently 28 bag screeners were fired from their jobs at the Honolulu International Airport after an inspection revealed that bags were consistently not being screened for explosives. Workers reported they were under pressure to get flights out on time(McAvoy, 2011). It is clear the TSA will need to conduct some retraining of baggage screening personnel to emphasize the need for secure practices despite pressured timelines.
Networks and Web Services
International airports have complex wired campus networks that allow data access through secondary and tertiary levels of distribution. These networks are the information technology backbone of the airport and their design and management are critical to operations(Airport Consultants Council, 2008). Nearly every system in the airport is connected to the campus network and securing that network from internet or external attacks is extremely important. The first step in securing the network is to have solid security policies and ensure that employees are trained and that network configuration supports these policies. These policies will have to be coordinated with any outside airline or business interconnected networks so that breaches do not occur regardless of internal security. Equally important to implementing policies is frequently self-assessing compliance with policies. Self-assessments should also be run on the network to check for vulnerabilities. This can be done by looking at firewall configurations, ensuring anti-virus software is up to date, and downloading and installing the latest patches on a regular basis. The network must also be encrypted requiring all outside connections to utilize a VPN for access. Outside networks connecting via VPN should also be required to meet the minimum security practices. E-mail sessions, hard drives and file transfers among many other items on the network can be encrypted relatively easily using the appropriate tools. Assets on the network should be given a replacement cost and security should be prioritized according to the protection of the most valuable assets. Lastly, disaster recovery and back-up plans should be in place and practiced on a regular basis(Miliefsky, 2007).
More recently wireless networks have become commonplace and are relied upon by airport personnel and customers alike. In 2008 Airtight Networks Inc. conducted a security assessment of the wireless networks of 13 airports worldwide, 9 located within the United States. The goal of the report was to “assess the vulnerabilities of airport wireless networks and the information security risk exposure of laptop users while they are transiting through airports(Airtight Networks, 2008).” The study found that 80 percent of wireless networks were open or WEP versus the more secure WPA/WPA2, only 3 percent of hot-spot users were encrypting their data, those not using hot-spots were leaking network information and 10 percent of laptops connected to the network were infected with viruses(Airtight Networks, 2008). Many public free wireless networks were not encrypted and had open SSIDs allowing viral SSIDs to spread from the U.S. all the way to sites in Europe. Baggage handling systems and customs networks were found connected to Bangkok’s International airport wireless network. Three clients were also found connected to the customs network via this wireless connection. This assessment was a follow up of best practices previously recommended and vulnerabilities in the core systemswere found to be worse during this assessment than when originally identified(Airtight Networks, 2008). How can WI-FI be secured when there are so many different broadcasters located across many sections within a large airport? Frequencies are also in short supply and must be managed across the spectrum. Strict policies must be put in place to detail security practices for wireless networks and define who is allowed to broadcast service in specific areas(Airport Consultants Council, 2008). The same protocols for securing the wired network can be followed for the wireless network. Other mitigations to vulnerabilities are to change the out of the box default configurations, ensure SSID are not broadcasted, and use WPA encryption with complex passwords changed on a regular basis(Airtight Networks, 2008). Each network should also define and minimize the physical radius of the wireless broadcast to prevent unauthorized outside users from connecting.
Radios and Communication
Airports use many forms of radios and telephones for communication. Most vulnerable to cyber-attacks are Voice over Internet Protocol (VoIP) communications. VoIP is a telephone like system that accepts a voice transmission and converts it into a packet which travels over the network to its destination whether internal or external(Airport Consultants Council, 2008). VoIP systems are a convenient, cost-effective wayof communicating within a large campus like environment without the need to run complex telephone lines. The vulnerability of a VoIP system is the ability of a cybercriminal to eavesdrop on conversations to collect confidential information or use for blackmail purposes. Criminals can conduct VoIP hopping attacks to compromise the VLAN from a remote location and use a computer to mimic an IP phone. After the network has been breached it is easy to spoof caller identification features of the VoIP phone system or flood the system with bogus transmissions disabling communications(Hickey, 2007). It is important for employees using VoIP systems to be aware of these vulnerabilities and report suspicious activity on the network immediately. There should also be implementation and awareness of Critical Information List (CIL) detailing information not to be discussed over unsecure lines.
Airport information systems infrastructures are complex; derived from and connected to a seemingly untraceable number of sources. New technologies are coming about faster than IT professionals can fully understand how to properly utilize and protect them from cyber-attacks. Each technology or system used within an airport has unique uses, value, stakeholders, vulnerabilities and mitigations. It is important for airport owners and management to ensure personnel are trained, security policies are in place and enforced, emergency back-ups are prepared, and systems are assessed for vulnerabilities on a regular basis.
Airport Consultants Council. (2008). Best Practice Guidelines for the Airport Industry. Airport Information Technology and Systems, 110.
Airtight Networks. (2008). Wireless Vulnerability Management. Retrieved September 30, 2011, from Airtight Networks: http://www.airtightnetworks.com/fileadmin/ppt/AirTight-Airport-Scan-Results-Part2.ppt
Coskun, E., & Hoey, J. (2005). Airport Security Complexity: Problems With the Information Security Components. 2nd International ISCRAM Conference (pp. 61-66). Brussels, Belgium: LeMoyne College Business Department.
Dulaney, E. (2009). CompTIA Security + Study Guide. Indianapolis: Wiley Publishing.
Find Biometrics. (2011). Border Control / Airport Biometrics Gets a Fast Boarding Pass. Retrieved September 30, 2011, from Find Biometrics Global Identity Management: http://www.findbiometrics.com/border-control-airports/
Hall, S. (2011, April 22). DOT Issues Vulnerability Report On The FAA’s ATC System. Retrieved September 30, 2011, from AvStop Online Magazine: http://avstop.com/april_2011/dot_issues_vulnerability_report_on_the_faa_s_atc_system.htm
Hickey, A. R. (2007, December 18). Top 9 VoIP Threats And Vulnerabilities. Retrieved September 30, 2011 , from CRN: http://www.crn.com/slide-shows/networking/205100204/top-9-voip-threats-and-vulnerabilities.htm?pgno=7
Lee, V. M. (2006, September 20). Vulnerabilities of Biometric Technologies. Retrieved September 30, 2011, from International Biometric Group: http://www.biometrics.org/bc2006/presentations/Wed_Sep_20/Session_III/Biometrics_and_EAuth/20_Lee_e-auth.pdf
McAvoy, A. (2011, September 16). TSA fires 28 Honolulu bag screeners after probe. Retrieved September 30, 2011, from The Associated Press: http://news.yahoo.com/tsa-fires-28-honolulu-bag-screeners-probe-005755308.html
Miliefsky, G. S. (2007, January 17). The 7 best practices for network security in 2007. Retrieved October 1, 2011, from Network World: http://www.networkworld.com/columnists/2007/011707miliefsky.html?page=8
San Diego News. (2007, November 20). Airport Kiosks — Convenience Or Security Risk? Retrieved September 30, 2011, from 10 News: http://www.10news.com/news/14654657/detail.html
Semp Inc. (2005, April 2). How the TSA Is Strengthening Baggage Screening Systems to Improve Aviation Security. Retrieved September 30, 2011, from Suburban Emergency Management Project: http://www.semp.us/publications/biot_reader.php?BiotID=194
Swafford, S. (2011, June 29). International Airport Cyber Security Challenges. Retrieved September 30, 2011, from Radical Development: http://radicaldevelopment.net/2011/06/29/international-airport-cyber-security-challenges/
Transportation Research Board. (2009). Integrating Airport Information Systems. Washington D.C.: Airport Cooperative Research Program.
Tyson, J., & Grabianowski, E. (2001, June 20). How Airport Security Works. Retrieved September 27, 2011, from HowStuffWorks.com: http://science.howstuffworks.com/transport/flight/modern/airport-security.htm