Everything in an airport is in high-speed transit: pilots, passengers, luggage, as well as data. The problem with things in motion is they are challenging to monitor and control consistently, making it a high-risk environment. While aviation professionals have learned to utilize technology to reduce risk in complex procedures, physical security practitioners have not had such tools. Threat intelligence has been manual, from monitoring to mitigation and response. For this reason, airports like every other industry, have been simply maintaining mostly reactive security postures - until recently. Thanks to new risk-adaptive physical security technologies, critical infrastructure and high-risk environments can finally adopt proactive postures that provide intelligence in real-time, so complex and daily threats can be stopped before they turn into breaches.
Modern Day Physical Security Challenges
Lack of Visibility: Visibility is essential for aviation professionals. Pilots can’t fly and air traffic control can’t make decisions when they can’t see everything they need to. It should come as no surprise then that security professionals have the same struggle when trying to manage risk in high-traffic areas, such as airports with limited visibility across all their security systems.
No Common Language: Imagine trying to fly a plane with controls and buttons in 14 different languages – only one of which you know. This is how Security Operation Centers operate today. Early warnings are missed because the diverse signals become noise. This can create alarm fatigue for operators. That’s why security operators need a translation layer for their security technology – so they don't just see the different events, they speak the same language.
Unidentified Risks: Unfortunately, authorization, policies and procedures across physical security operations have been blind to risk. This has forced reactive security postures with static, one-size-fits-all security procedures – i.e., role-based access control. This is not due to lack of concern, but rather a lack of innovation – until recently.
These three challenges have forced airports, like every other industry, into a reactive security posture.
Getting Ahead of Threats with Risk-Adaptive Security
Airports are a vital piece of any critical infrastructure and to the safety of our society. For the first time, critical infrastructure environments can adopt risk-adaptive, or proactive, security operations with modern technologies. Here are a few key innovative technologies transforming physical security from reactive to proactive, blind to risk-aware, overwhelmed and unaware to intelligent and informed.
Data Fusion: Most people think of video surveillance as security. While video technologies have seen plenty of innovation, they simply address only part of a complex problem. Just as human eyes need other sensors to provide context and verify what is being seen, security operations need to be able to understand multiple technologies all at once, all in real-time. Data fusion platforms go beyond aggregating multiple interfaces. They normalize different risk inputs from a variety of systems into a common language that both operators and machines can understand – all in real-time.
Risk Analytics: Analytics are fairly new to physical security. While video analytics have been advancing at accelerating rates, including facial recognition and sentiment analysis, this is not the only analysis needed. These analytic feeds need a brain – or artificial neural network - to put this data into context and properly assign and assess risk. These cameras need a central intelligence with memory that can process multiple sensors to make sense of the view. With AI for risk analytics, operators are no longer forced to monitor and analyze everything simultaneously. Risk intelligence can detect early warnings across multiple data systems, compare it to policy, and determine the level of threat – all before a security breach occurs.
Adaptive Controls: Static tools are very limited in their ability to serve in dynamic environments. Yet our physical access control systems have remained static for decades. With modern risk-adaptive technology, airport doors and gates can become as connected and intelligent as flight planning systems and other IT applications in the airline industry. With this shift, we no longer treat every door like the same. We no longer treat every person in a group as if they are the same based on a role. Now we can assess all the activity together – access control and security technologies – in order to determine in real-time if granting access increases risk for the individual, the area or the entire airport. Finally, we can move toward proactive security with risk-adaptive access controls.
Let’s take a closer look at two real-world scenarios as we become open to how risk analytics and adaptive security can better prepare your airport security teams.
Insider Threat: In general, the greatest security risk is posed by organizational insiders. They have institutional knowledge of weaknesses and the trusted access to exploit. External adversaries are waking up to this fact, transforming many previously-open areas into low-trust environments.
Detecting abnormal activity driven by malicious insiders in the physical environment is essential to proactive security. Here are a few examples of activities that risk-adaptive technology can detect:
- A vehicle attempting to access a terminal roadway through an abnormal gate when military assets are present;
- Employee access portal activity increased 50% over last three days;
- Loitering when a particular contractor’s credential is used;
- A vehicle attempting access has a valid license plate, but its GPS tag is conflicting or the RFID tag is missing;
- Overall credential activity increases 200% during a specific operator’s shift; or,
- Employee access is denied multiple times from multiple access points with improper certification or authorization.
While any of the individual actions taken in these activities may be innocent enough, you can see that when they’re added up, they may be real evidence of an insider attempting malice of some kind. Being able to quickly synthesize these actions into a bigger picture and gain visibility into them is the key. When a risk-aware security system takes notice, the proper investigation or mitigation efforts can be implemented.
Multi-Vector Attacks: While the traditional threat vector of physical security cannot be forgotten, the convergence of new IT innovations within sensitive areas not only adds a new level of concern but multiplies it. This is because physical intrusion can lead to cyber-threats, and cyber-intrusion can lead to physical threat. The need for improved standards across both domains is needed. And, understanding the multi-vector threat landscape is an important place to start.
Real damage can be done from breaches – physical or digitally – into operational systems throughout an airport. Through physical access to IT assets, or through direct access to these systems, multi-vector attacks can wreak havoc quickly. For example, at the Bristol airport, a digital breach took down the flight display systems, creating chaos for all travelers. This resulted in missed flights and increased confusion, all while forcing employees to revert to manual procedures to communicate flight updates. Similarly, suspicious drones flying over the runway were able to seriously disrupt holiday travel plans for more than 10,000 passengers traveling through Gatwick airport in 2018.
Having risk-aware and proactive physical security technologies in place can help to identify those unknown unknowns before they disrupt flow of traffic and flights. And, if safety is at risk, time is of the essence so intelligent, adaptive controls are key to effective risk mitigation.
Expecting an On-Time Arrival of Risk-Adaptive Security
Advances in technology – physical, digital, and operational – provide airports with unprecedented capabilities. But without a unified understanding of all these capabilities – and their vulnerabilities – airports still face a complicated and low-trust risk environment. Thanks to recent innovation, insider threats are finally detectable, early warnings can predict an issue before a breach occurs and multi-vector threats can now have a common language to understand. Fortunately, new risk-adaptive physical security technologies are minimizing the complexity and therefore, the likelihood, of risks evolving into breaches. This will significantly improve airport safety and security and give passengers peace of mind when traveling in this brave new world.
As co-founder of ReconaSense, Clayton is helping the next-generation of security practitioners solve important issues surrounding data interoperability, access control and artificial intelligence. Since graduating from Southern Methodist University and discovering physical security’s need for intelligent security management, Brown has been identifying technology and corporate partners to make his vision of proactive security a reality. As a member of the SIA Data Privacy Advisory Board, Clayton balances privacy concerns and the strategic value of new technologies to help practitioners achieve current security objectives while preparing for future ones.
