Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing e-business Technology Contributions to Airline and Transportation Security William Crowell President and CEO Cylink Corporation.

Published byAngelina Jenkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing e-business Technology Contributions to Airline and Transportation Security William Crowell President and CEO Cylink Corporation."— Presentation transcript:

1 Securing e-business Technology Contributions to Airline and Transportation Security William Crowell President and CEO Cylink Corporation

2 Securing e-business Critical Rules for What We Do Next We have to make sure that we don’t fight the last war! We have to increase the productivity of the entire system to compensate for new processes and increasing complexity and to encourage travel We have to integrate proven technologies into complete solutions We have to create real deterrence for people who are not easily deterred

3 Securing e-business Outline of Presentation What are some of the Airline Business Needs? Vulnerability of Airline Business to Security Threats How Airlines Can Respond and Maintain Business Tempo Policy Issues Final Thoughts and Conclusions

4 Securing e-business Some Airline Business Needs

5 Securing e-business Some Business Forces Post 9/11 Demand for “Higher levels of Identification Verification” of airline and airport personnel with attendant costs and complexity Increasing difficulties and costs of controlling restricted areas increases sophistication of attacks involving fraudulent credentials Mobility of airport and airline personnel increase need for wireless connectivity with attendant security risks Complete Luggage screening coverage and throughput challenges Passenger matching with luggage per flight. Threats to Information and Systems are multiplying and systems must be secure

6 Securing e-business Candidate Technologies Access Control using strong authentication and Smart Cards to securely link authentication to computer and physical access systems 2D Barcodes with tracking information, biometrics and imbedded digital signatures Biometrics (including fingerprint, facial recognition, and iris matching) Wireless systems – particularly 802.11 and airborne data links Streaming video and audio surveillance data GPS and wireless tracking of vehicles within sensitive areas Programmable devices that allow the system to evolve with the threat

7 Securing e-business Key Challenges Consistency across airlines and airports nationally and internationally FAA approvals and standards Interoperability throughout the transportation system Information sharing among transportation providers and law enforcement Policy and legal issues – especially privacy

8 Securing e-business Vulnerability and Threats

9 Securing e-business Domestic and International Communications Vulnerabilities Communications between New York and Philadelphia may pass through dozens of countries, over satellites, and through hundreds of infrastructure points Your information passes through a variety of organizations or communications providers and their wiring closets There are hundreds to thousands of points of vulnerabilities, most of which can make passwords, routing tables, network architecture and other attack information available Many parties have direct access to this valuable content that will weaken your network based systems and businesses

10 Securing e-business Increased Vulnerability of Networked Systems Widespread system vulnerabilities because of use of common (open) technologies used in mission critical systems Operating systems, routers, Telco switches Interdependent and interconnected infrastructures – Airline Business Transactions are now conducted over Public Networks (e.g. reservations, E-Tickets, flight tracking, maintenance) Airlines connected to travel services, partners, and customers via the internet Global Communications Geographic Isolation is no longer a consideration – there are no oceans in cyberspace

11 Securing e-business Sources of Vulnerability to Networked Systems Operating Systems (NT, WIN2000, UNIX, LINUX) Management Systems (unencrypted SNMP) Applications (e-mail, TELNET FTP, HTTP) Modems (both front end and back end) Authentication Practices (passwords, tokens) Organizational Practices (No Security Policy, No Designated Security Officer) People – Insufficient User Training – Fragmented Access by Users to Security – Poor Security Administration and Management

12 Securing e-business Vulnerabilities of Airline Operations Access to sensitive areas and aircraft Access to sensitive computer systems (operations, maintenance, ticket and boarding pass issuing systems) Defeating screening devices for luggage and people Defeating on-board defenses (crew, Sky Marshals, passengers)

13 Securing e-business Some Viable Responses

14 Securing e-business Changing Expectations Yesterday: You Defined your Security & Trust Requirements Today: FAA Dictates Your Security & Trust Requirements Tomorrow: Your Customers will Demand Efficient, Trusted and Secure System of Travel Security becomes an Essential Marketing Tool Risk Management will have to evaluate the value of Trust

15 Securing e-business In Ideal World - Business Drives Security You: Define the Business Model that is good for your business Define the Security Policies and practices that Support the Model Obtain FAA approval or Certification Implement Procedures for Supporting the Policies Monitor the Procedures Refine, Refine, Refine

16 Securing e-business Airline Industry Responses to Security in Airports Increase security of Airline and Airport Personnel Identity Systems Increase efficiency and effectiveness of the passenger and luggage screening process. Match luggage to passengers

17 Securing e-business Passenger ID – The Drivers License State Drivers Licenses are becoming increasingly sophisticated by incorporating identifying data into 2D Barcodes 900 - 2500 Bytes of data can be printed on the license, but current methods do not allow the verification of the information Incorporating a digital signature makes it possible to verify all of the data including a photograph Implementing such a system nationwide would make it possible to imbed photographs, and other identifying data into boarding passes and cross check other identification 2

18 Securing e-business Passenger ID’s – Voluntary Passengers are concerned about the increase in time required to clear airport security checks in advance of travel – currently two hours and more. The cost of increased security stations to ease the backlog is high Opt-in passenger ID’s would allow faster processing and another cross check on drivers license The system can be flexible and adapt to changing needs It can be cross referenced to other ID’s

19 Securing e-business Video, Audio and Data from Aircraft – Wireless networks can be used to collect video, audio and avionics data in real time and to authenticate and stream the encrypted data to the ground – The data can also be streamed to Sky Marshals on board – Panic buttons can alert crew members and the ground of pending dangers – The data is available for forensic investigation immediately

20 Securing e-business Policy Implications of Security Technology

21 Securing e-business Some Important Issues Regarding Security Technology The Big Issue: Privacy Business use of encryption: Who owns the Keys? Digital Certificates (PKI) One or Many? Who is liable? Digital Identification How good is good enough? Who is liable for mistakes – false positives/negatives Technology vs. solutions

22 Securing e-business Privacy Issues Central Issue: How can biometric information be used? When it is collected (e.g. in a public place)? After it is collected? How can identity information be used by the government and by private industry? How do we prevent identity theft?

23 Securing e-business Final Thoughts and Conclusions

24 Securing e-business Some Final Thoughts: Trends in Security Needs The New Environment Will Demand Even Stronger Security Consider the following trends… Key Services Outsourcing = more vulnerability Growth in Network based processes using multiple communications protocols including the Internet Consolidation of Critical Processes Consolidation of Information Proliferation and wide availability of Attack Tools

25 Securing e-business Security Requires Defense in Depth Strong, Robust Security Requires Defense in Depth If One Line of Defense Fails, other Lines can Take Over Two scenarios (Either is compelling): Contains a Breach Provides a Safe Environment for: Maintenance Support of Legacy (old) Services Deployment of New Services Secure the Process, the Network as well as the Application with both encryption and authentication

26 Securing e-business Security Management Security management is the #1 contributor to breakdown in security effectiveness Functions: Authentication of the Security Devices and Systems Expression and Distribution of Security Policy Monitoring and Auditing Separation of Security and Other Types of Management Security Features Interact with other Features Important to Support this Interaction, yet Protect Security Management

27 Securing e-business Conclusions Security is an absolute must for new situation of airline industry Security should be a business enabler rather than an impediment – technology can help Properly used security Increases the value of service and confidence of travelers Strong Encryption and Authentication are essential ways to combine strength, ease of use, & low cost of ownership

Download ppt "Securing e-business Technology Contributions to Airline and Transportation Security William Crowell President and CEO Cylink Corporation."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
BalaBit Shell Control Box

BalaBit Shell Control Box
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.

Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.
2003 1 Increased Security, while protecting Privacy ? True or False ? Christer Bergman, President and CEO, Precise Biometrics.

Increased Security, while protecting Privacy ? True or False ? Christer Bergman, President and CEO, Precise Biometrics.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Information Security Policies and Standards

Information Security Policies and Standards
BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 1February 2005 BioSec Biometrics & Security Orestes SanchezBioSec Coordinator Telefónica.

BioSec Biometrics & Security IST © 2005 BIOSEC Consortium 1February 2005 BioSec Biometrics & Security Orestes SanchezBioSec Coordinator Telefónica.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.

Similar presentations

Ads by Google