Addressing The Insider Threat
Modernizing systems enables better management of airport worker identities
Airline and airport workers require access to sensitive and restricted
areas every day. Ensuring that only authorized staff has access to
restricted areas is an important aspect of airport security, and one
that requires the same high level of attention as passenger security
threats.
Various airline employees, vendors and multiple tenants need to be authenticated
every day. Their physical access rights need to be controlled and managed
dynamically based upon their role and policies affecting their access. In
fact, airports present one of the most complicated scenarios when administering
restricted-area access control, identity verification and issuance of an access
credential. Many airports have siloed systems and processes used to manage employees’
access credentials.
Physical identity and access management operations are handled manually, leading
to potentially dangerous errors, a higher cost of operations, enrollment and termination
delays and a lower level of security. A multi-layer balance between security,
costs and practicality is required to address this issue. Leveraging technologies to
achieve security goals can also improve efficiencies and customer service.
Airport security policies and TSA (Transportation Security Administration)
and FAA (Federal Aviation Administration) regulations require airports to vet
and manage the lifecycle of their credentialed workers. Airports must consistently
and efficiently perform all required steps and procedures while balancing this requirement
against a timely and customer-friendly process.
Challenges of Managing Airport Identities
Several challenges stand in the way of maximizing the
Cost pressures, which have limited staff sizes and
man-hours in the air travel market, including less
available time to manage identity issues.
Wide variety of systems, often involving operators
to work in and out of multiple computer screens when
addressing identity and access control issues.
Extensive prerequisites to qualify for a credential,
which must be tracked and documented.
Dependence on manual processes, which are errorprone
and expensive.
Physical identity and access management software
can solve these and related problems by unifying identity
management airport-wide, integrating physical security
systems, automating processes and simplifying control
of employees, vendors and other identities.
Software allows airports to manage the lifecycle of
identities as they relate to physical access, including
synchronized on/off-boarding across all systems harboring
an identity record, access profile, zone management
and role-based physical access.
Automation Adds Efficiency
Identity management includes the fabric of systems,
policies and procedures that govern and streamline
the lifecycle of an identity and its relationship to an
enterprise or entity. This concept can be applied to
employers and employees who are issued credentials
to access and work in the various zones of an airport.
Many departments have touch points to these employees
and their identities in which various systems
and repositories are used. Commonly, these disparate
areas have relationships to one another. For example,
when an employer terminates an employee, the process
must flow through these areas to ensure all aspects
of that identity and all assets such as card and
keys are returned or billed for properly.
Software can replace off-line, non-automated processes,
which are not scalable and do not enable the
automated compilation of information. Software
systems can solve various airport pain-points and
combine the needed elements of low cost, customer
service, security and compliance. Off-the-shelf software
can streamline and automate each airport’s operational
processes.
Unified software systems enable operators to work
in a single Web-based interface that centralizes all identity
information across relevant systems into a single
view. The software interfaces seamlessly as needed with
various systems throughout the airport. If there are
prerequisites for an access control credential, software
can track and ensure those requirements—authorization,
I9s, security checks and training.
Also contributing to efficiency, special documentspecific
scanners for passports and drivers’ licenses
can store and manage PDF documents and monitor
for expiration dates. Paper file storage is not needed.
Software systems also can streamline time-consuming
and inefficient processes such as issuing ID
badges, managing various databases, adding new employees,
responding to terminations, changing work
assignments and assigning access privileges across
multiple physical access control systems. In the airport
environment, software can integrate and embrace the
specific requirements related to TSA compliance and
FAA regulations.
Boosting Overall Operations
There are many ways a software solution for airport
identity management can boost overall operational
efficiency and lower cost to achieve an acceptable security
level and meet regulatory requirements.
Software can leverage an existing Livescan solution
and automatically submit an applicant’s information
for automation of security threat assessment
(STA) results and notification of criminal history records
checks (CHRC) ready for review. Software can
monitor airport workers’ STA status in real-time and
tie a worker’s STA status to activation of an electronic
airport badge.
Software systems also enable operators to set employer
interaction prices for direct billing or regular
invoicing of charges such as badging, background
checks, penalties, violations, lost assets—keys and
cards—and training. Automation can recoup transactions
that would not be cost-effective to recoup using
manual methods.
Related to compliance monitoring, software can
generate reports on an as-needed basis—nightly,
weekly, monthly and on-demand—in the format required
by the Transportation Security Clearinghouse
and other channel service providers and provide realtime
audit capabilities, eliminating the need for manual
audits.
Another benefit is that changing systems, processes
and directives can be easily adapted in a software
environment. Previous investment in business policies
and operations is not lost if a system changes.
A Holistic Approach
Airports have allocated significant resources to reducing
the risk of passenger security threats in recent years,
including modernization of scanning technologies,
evolving behavioral techniques, risk-based approaches.
In this same timeframe, despite evolving regulations
and directives, less progress has been made in managing
the threats within the airport related to employees
with access to sensitive and restricted areas.
By applying tools that can streamline workflows,
automate processes and integrate disparate systems,
it is possible to reduce insider risks associated with
manual, error-prone systems and practices.
Deployment of multiple software systems can
be managed through a single Web-based database.
Policy-driven software provides a holistic approach,
combining global identity with compliance and risk
assessment. Benefits include greater
efficiency, lower costs, proactive management
of regulatory compliance
and safer airports for everyone.
This article originally appeared in the January 2013 issue of Security Today.