How Airport Design Can Help Us Deliver IT Security: From Device to Cloud

How Airport Design Can Help Us Deliver IT Security: From Device to Cloud

Most of us don’t have responsibility for airports but thinking about airport security can teach us lessons about how we consider, design, and execute IT security in our enterprise. Airports have to be constantly vigilant from a multitude of threats; terrorists, criminals, rogue employees, and their security defenses need to combat major attacks, individual threats, stowaways, smuggling as well as considering the safety of passengers and none of this can stop the smooth flow of travelers as every delay has a business knock-on effect. Whew! And this is just the start.

The airport operators are a lesson in supply-chain and 3rd party communications. They cooperate with airlines, retailers, and government agencies, and their threats can be catastrophic. They also need to consider mundane problems like how do you move a large number of people around quickly, what to do when someone leaves a bag to go shopping and how to balance risk reduction with traveler comfort - many needs to be considered, planned for, and the execution when a risk is identified needs to be immediate. All before thinking about IT-related issues, thefts from retailers, employee assessments and training, building safety, people tracking, and … the list seems almost endless.

Our business IT security needs might not seem so complex; however every enterprise has its external and internal attackers; hackers, ransomware, DDoS attacks to take down your systems and rogue employees, or inadvertent actions by good employees who don’t realize what link they are clicking on or data they are over-sharing. At the same time, the business needs to be able to enable the newest and most effective apps and systems and employees hate anything that appears to get in their way.

So, let’s see what airports can teach us about thinking about possible threats and appropriate safeguards to deploy a layered approach that protects your data, users, and infrastructure.

If you take just one threat; terrorism as – this image shows that US airports have more than 20 layers of security – a mixture of human and technological measures. https://en.wikipedia.org/wiki/Airport_security#/media/File:Security_layers.jpg

 

Chart, bar chart

Description automatically generated

 

 

 

There’s no silver bullet, there’s not one piece of security awareness or technology that will solve all problems – but if integrated, they can all build together to draw a picture of the possible threat.  Our defenses shouldn’t rely on just one technology either, but when we have multiple capabilities working together, we can evaluate, identify and address our security needs.

Here’s my table of some of the needs of an airport and equivalent areas in general IT security. Just as in an airport, individual pieces are of limited benefit unless they are brought together. Even though each item improves overall security, a single management console that can correlate all these pieces of knowledge and suggest or make policy decisions is crucial to ensure you get maximum benefit.

 

Airport

Enterprise IT

Check ticket against passport

Global SSO and multi-factor authentication for every app (including cloud)

X-ray baggage

Scan attachments for malware

Security gates and hand baggage check

DLP for confidential data loss control

Facial recognition comparing security gate and plane gate with a ticket

Zero trust – keep checking at all times

Baggage weight check

Review email attachments – treat previously unseen executables as a suspect

CCTV as passengers move around airport

User behavior analytics for risky behavior

Database of travelers, prior travel, destination information

Logging / analytics

Temperature tests for COVID

Block surfing to high risk web sites

Visa requirements

Access control to sensitive areas or sensitive data

Check expiry date on passport

Reconfirm credentials after a period

History of prior travel

User behavior analytics to understand “normal traffic” for each individual user and alert on unusual patterns.

Open Skies Initiative – sharing data with destination – allowing arrest on landing

Insights to check and implement defenses before attacks based on other organization’s threats

Landing card (where staying, reason etc.)

Employee justification for actions – feedback loops when challenged

Fingerprints on landing – check against previous travel history

Insights

Security guards, customs agents, check-in staff, people monitoring CCTV

The personal touch – the SOC team investigating threats and defining and implementing policies

Different security lines for additional checks

Remote Browser Isolation

Overall SOC center to correlate all inputs

Global management

What have we learned?

First, the job of securing an airport is complex and involves a lot of planning, cooperation with 3rd parties, and a vast mixture of people and technology-based security.

Second, we cannot rely on one defense, just like airports.

Third, concepts like zero trust, MITRE ATT&CK framework, Cyber Kill Chain are all aiming to look at threats in the round – we need to look at threats from every angle we can and implement the best technology we can.

The best solutions will be integrated, you need to be able to collate activity patterns to evaluate risks and define defenses.  McAfee’s Device to Cloud Suites is designed to bring together multiple systems all under one umbrella and let you accelerate cloud adoption, improve productivity and bring together more than ten different security technologies all managed by McAfee ePolicy Orchestrator (ePO).

www.mcafee.com