April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Predictive Security for Aviation Safety
By Ajay Jain, President/CEO Quantum Secure
Given their large areas and continual stream of travelers, staff, vendors, visitors, security and law enforcement personnel, airports are one of the most complex environments to secure. At the same time, there is an intense focus on security at these facilities as they work to address the evolving challenges they face from terrorism and other threats. And while security is tight around gate areas, airport facilities by their nature are open to the public, which adds another layer of complexity to the physical security puzzle.
This combination adds up to a major challenge for airports to address security issues. Traditionally, physical security has been mainly a reactive process across all applications. Something happens, an alarm sounds and an alert is sent to security staff, who determine the appropriate response. Unfortunately, by that time, the damage has already been done, leaving only the investigation process to be completed. This sequence of events, along with the potential severity of results, is not acceptable for airports (or indeed many environments).
Airports are also subject to a host of rules and regulations governing security clearance, identification and access for airline employees, vendors and tenants. For example, TSA regulations dictate that certain facets of security must be addressed in specific ways, but in some cases these requirements have further complicated the security process. The manual processes many airports once employed made it difficult, if not impossible, for them to meet even the minimum baseline requirements, both internally and those mandated by the TSA and FAA. Simply put, many airports found it challenging to meet their security thresholds, a process that was complicated even more by siloed systems and processes used to manage necessary credentials and access privileges for various areas of the facility.
The more complications that exist in any system, the harder it is to monitor, understand and, most important, respond to events or anomalous incidents. Within the airport ecosystem, there are many security and non-security systems in place, each of which generates data which may or may not be shared with other systems. Additionally, these multi-faceted security and operations programs are often operated manually, making them highly susceptible to errors and not readily accessible on the enterprise level. However, there are solutions available to address these issues.
Capable of being deployed across the enterprise, unified physical identity and access management (PIAM) solutions can seamlessly interface with a variety of systems throughout the airport to enable formerly disparate security systems and assets to be used with extreme levels of effectiveness and cost-efficiency – all while moving security closer to a proactive function.
Using the emerging science of predictive analysis, PIAM correlates the vast amounts of data from these systems to uncover connections between events and actions that may not have been apparent without a high level of integration and automation. From this information, a clearer picture emerges regarding predictors, also known as indicators of compromise (IOCs), which could indicate that an event may be about to occur. The intelligence gleaned from predictive analysis can help airport security and management identify abnormalities in behavior to help isolate potential problems before they can occur, alerting security staff when any previously identified IOCs, or any anomalous behavior or events, are detected. Staff can then take action to avoid or minimize a potential event.
Because PIAM software solutions seamlessly interface with the various systems throughout an airport, they can help to streamline time-consuming and inefficient – but vitally important – security functions such as issuing ID badges, on-boarding new employees, responding to changing work assignments and assigning access privileges across multiple physical access control systems. In an airport environment, PIAM can also integrate and embrace specific requirements related to TSA compliance and FAA regulations to ensure the strength and integrity of security.
The potential for insider threat is a very real and growing concern for all enterprises. PIAM solutions provide the security infrastructure to manage and govern access throughout airports by employees and contractors who may not go through the same level of screening that passengers do. A collaborative approach to insider threat and ultimately passenger safety and allows all parties across an airport – federal agencies, carriers, tenants, vendors and the airport itself – to perform their role in protecting that airport using an intelligent solution. PIAM ensures that each airport identity has been properly authenticated per TSA requirements, while also ensuring in real-time that if there are any updates to the identity record, such as termination, failed background check, anomalous facility access patterns or changes in status, they will instantly be reflected in the worker’s physical access profile and will alert authorities immediately.
Standardization of policies and procedures across the entire airport ecosystem reduces complexity, and reduced complexity allows for better control, better information and faster response times. With a unified PIAM solution in place, airports can manage multiple systems through a single web-based database and take a holistic approach to security that delivers greater efficiency, lower costs and automated management of regulatory compliance and identity management while moving security closer to a proactive, rather than reactive, process. The result is a safer airport environment, which is the job of security in the first place.