Me and You Education is a collaboration between two companies with divergent backgrounds that provides deep insights into the murky and complex world of Counter Terrorism.
Chris Phillips, managing director of the International Protect and Prepare Security Office and Hugh Boyes, project manager at The Institution of Engineering and Technology explain their views.
Well the whole country, and probably the rest of the world has just breathed a huge sigh of relief. The fantastically successful London Olympics has just passed off without any major scares or terrorist attacks. Most commentators including myself felt that the Olympics were too good an opportunity for any ‘would be’ terrorist to miss. Well maybe we have a lot of people to thank.
The soldiers who have been busy decapitating AQ in their bases have paid heavy sacrifices to reduce the threat, and the fantastic work of the security services and police in dealing with the local threats, making sure that those who may wish to attack us realise now that they are being watched. This seems to have taken over as the new means of deterring would be attackers. Whatever the tactics we should be thankful for their efforts, we really don’t appreciate them enough.
But has the threat of terrorism really disappeared into memory? That’s pretty unlikely. The terrorist threat seems to have shifted its location to Africa. There are more UK passport holders in Somalia learning and honing their terrorist tactics. So we need to remain vigilant and keep reviewing our vulnerabilities. The high paced changes in the way we do business and travel around the globe bring new issues.
Mostly, we deal with them, often we identify the issues and are able to put measures in place to reduce our vulnerabilities. Often however the gaps become apparent after an incident. The transport hubs and the very means of travel itself is always going to be a favourite target for any terrorist or activist. Shutting down an airport or causing delays can cause incredible disruption and distress. So it may be a good time to examine the issues of intelligent buildings and the vulnerabilities they bring.
The increasing demand for transport at both international and national levels places pressure on transport terminals, for example airports and railway stations, to efficiently and safely handle the passenger numbers. Economic and environmental factors require the owners and operators of these terminals to reduce the cost of ownership and operation of these terminals. The transport industry’s solution has been to seek innovative IT-enabled solutions to facilitate energy savings and increase the capacity of the terminal buildings. In a world where any IT system is potentially at risk, regardless of whether it is standalone or part of an integrated system, use of these innovative solutions is not without risk.
Given the increased level of systems integration and the complexity of the systems, these transport terminals should be regarded as intelligent buildings, where the combination of technologies and inter-connected systems are essential for the smooth operation of the transport operation. We need to recognise that these intelligent buildings are complex systems and put in place appropriate practices to ensure the safety and security of the buildings’ users. This article examines the issues related to the increasing automation and integration of systems in transport terminals, identifying a number of steps that may be taken to ensure that benefits offered are not offset by the risks potentially inherent in their design and operation.
In the past the physical and networking layers would typically comprise a number of different cabling systems, in a variety of configurations delivering connectivity using a mixture of open and proprietary protocols. The pressure to reduce costs has led to technology convergence with the systems now using industry-standard communications and networking protocols which can be distributed over a common physical infrastructure. New and refurbished buildings will typically use a common cabling structure to support a variety of operational, business and facilities management systems. Whilst this makes it easier to manage and reconfigure the flow of data it also creates the risk of inadvertent creation of unauthorised paths between systems.
The need for operational efficiencies has also created a demand for increased integration of the applications, the objective being to streamline the capture of data and reduce the opportunities for errors. The provision of a systems integration layer provides the means to share data between the systems and can include access to common data stores or direct messaging interfaces between systems to allow for user access and the exchange of data. An example of this integration is the interaction between systems handling transportation data (e.g., train or aircraft movements) and the passenger information systems displaying arrivals and departure information, where the provision of automated updates can be used to information passengers of changes of delays and boarding locations. This can allow the terminal operators to efficiently manage delays and scheduling changes and improve the handling of passengers within a terminal.
Whilst this integration of systems can offer significant business benefits by providing passengers with accurate up-to-date information on departures from the terminal, it also creates a number of potential risks. The increasing dependence on correct, interruption and error free operation of a range of integrated systems can lead to simple problems having a disproportionate impact on terminal operations. For example the problems with baggage handling systems at Denver Airport and Heathrow Terminal 5 demonstrate how critical the systems are for smooth terminal operation.
A secure environment
Terminal buildings increasingly fulfil multiple roles, supporting the basic transport function, local and national security functions (e.g. immigration control and customs), and housing extensive retail and catering outlets. The building systems have an increasingly important role in the efficient operation of terminals, to provide a comfortable, safe and secure environment for passengers and staff. The control of building systems is achieved using building management systems (BMS) which typically uses an open protocol running over an IP-based network for all data acquisition and control functions. Terminal security will rely on CCTV systems which are increasingly IP-based irrespective of the physical or data transport layer and on electronic access control systems which control access to restricted and staff only areas.
The introduction of a converged infrastructure and integration of building, business and operational systems within transport terminals potentially creates a range of new risks associated with aspects of the personnel, technology and operations.
The human elements of a terminal’s operations are potentially the greatest risk. Whether deliberately or accidentally, individuals may seek to bypass security controls or incorrectly operate systems. The integration of systems can significantly magnify the impact of errors or omissions. Systems integration brings together IT and facilities management teams who may have different priorities, cultures and reporting chains. All of these can inhibit an effective response to incidents or faults.
From a technology perspective, integration may introduce new failure modes, where the terminal’s building systems can interfere with business and operational systems and vice versa. For example, it is normal for office computers to run the latest anti-virus software and be regularly patched. This may not be true for the BMS, access control system or computers used for safety critical systems, thus leading to potential vulnerabilities from malware introduced over the network or from infected media.
The use of IP-based technologies creates opportunities for operational savings through the centralising and outsourcing control and monitoring stations. But this can lead to a loss of local knowledge and control. The problem is exacerbated if the support personnel are only deployed in response to incidents as they may not be familiar with the layout and operation of individual buildings.
From a security perspective the key issues are protecting the security and privacy of a terminal building’s owners and users, maintaining the integrity of the building and operations within it, and ensuring the continuing availability of the terminal for its owners and users.
The security and privacy of the terminal’s occupants and owners may be compromised when the convergence of the technical infrastructures and integration of systems creates unplanned or unauthorised pathways, allowing unauthorised access to systems or data loss. For example, unauthorised access to ticket booking and seat reservation systems may reveal personal data such as the presence of a visiting VIP or celebrity.
The integrity of the building may be compromised if third parties gain access to or control of critical building systems. If a third party were able to disable or take control of building systems it may no longer be safe to continue to occupy the building. This could be due to physical damage (e.g., fire or flooding) or due to threats to the health and lives of occupants. Disabling security and access control could put lives at risk if it allowed access to sensitive areas and may necessitate personnel being redeployed to implement manual checks in place of the automated systems. For energy efficient terminal buildings, integrity might be compromised if the operation of the energy management functions was degraded or disrupted by the actions of a third party, whether by direct manual interference or the deployment of malware.
The availability of the terminal may be seriously affected when building systems are disrupted, thus preventing the building from delivering the required functionality. The nature of the availability risk will depend on the type of building and the criticality of the affected building service. As an example, where a BMS became inoperable and allowed the temperature to stray outside acceptable limits, the areas of the building could become inhospitable for the occupants, damage equipment through excessive temperatures, or result in damage to stored materials. This would be critical in an airport terminal for spaces such as the airside lounges and waiting area, where the passengers have already been screen by customs and airport security.
Terminal buildings are mission critical environments and as such the risks associated with people, systems and operations need to be appropriately managed and mitigated. The people risks will arise from three constituencies: The owners who need to consider what degree of systems integration is required during the specification, design, construction and the commissioning of the terminal; The operators, including transport, security, catering and retail, and the facilities management operations, the actions of any of the parties can to some degree compromise the integrity of the overall integrated system; Third parties who support the terminal’s operations and its IT systems, particularly if they have privileged remote access to any of the terminal’s systems.
The system and technology risks have already been discussed. The mitigation of these risks needs to include an assessment of which features of the terminal and its use are critical and therefore in need of the greatest protection. The mitigation of system risks must also take account of the appropriate use of technology, for example Wi-Fi is susceptible to interference and jamming and should be avoided in safety critical and security systems.
The operational risks need to be assessed and understood from both business and technical perspectives. Training and knowledge of the terminal’s facilities management team should be commensurate with the sophistication of the systems integration and the impact that system failure will have on the occupants.
There should be cross-training of some IT and facilities support staff to facilitate collaboration during incidents and fault diagnosis. The operations team need to collect feedback from operational users to understand whether the terminal is supporting or hindering them. This is important as regular users will often seek to bypass controls if they feel they hinder rather than support the user.
The risks and their mitigation should be addressed in a holistic fashion for all implementations, but are essential for multi-occupancy and multiple-use buildings where the needs and priorities of the users will vary.
To safely and economically handle the increasing demand for transport at both international and national levels, transport terminal operators will need to maximise the capacity of their terminals to support larger aircraft and faster trains. In response to these pressures, the terminals are and will continue to become increasingly intelligent with more integration of the IT systems. This introduces new or novel risks in the terminal environment, some arising from the integration of traditional separate systems, others as a result of the increasing risk of cyber-attacks on any IT-based solution. This is a relatively new and evolving area, so there is a need for terminal owners and operators to ensure that currently novel risks are fully understood and addressed throughout the terminal’s lifecycle.
There are a few things that we can be confident about: Our desire to travel is not likely to reduce in the foreseeable future; We are going to want to travel, faster, cheaper and with less disruption; The use of technology will move at a frightening pace; Unfortunately there will still be people and groups out there who want to cause us harm.
We must ensure that all vital technology is secure. Buildings that are so vital to our evolving society must consider future threats to ensure they are secure and protected.
International Protect and Prepare Security Office (IPPSO)