Advertorial

Rising to meet the credentialing challenge

Security at airports has been changing for a while, but is merging physical and cyber-security the ultimate answer? Aura Moore, Deputy Executive Director – CIO at Los Angeles World Airports, explains how a converged cyber-physical security approach to identity and credential management is helping airports be more secure.

Vetting individuals before giving them access to secure areas is a top challenge for today’s airports. Los Angeles World Airport’s (LAWA) new Identity Management and Credentialing System (IMCS) at Los Angeles International Airport (LAX) will meet this challenge in a secure, intelligent and efficient way.

At LAWA, we work hard to provide a high level of safety, security and service for our customers, communities and stakeholders. Passengers show their identification and boarding passes at multiple points throughout an airport to verify identity. However, confirming the identities of those working at the airport is equally important.

Airport growth

Few airports understand growth better than LAX, where constant expansion creates a high demand for security credentials. The LAX badged population increased 60 per cent from 35,000 in 2009, to 56,000 in 2019.

Vetting individuals before giving them access to secure areas is a top challenge for today’s airports. Los Angeles World Airport’s (LAWA) new Identity Management and Credentialing System (IMCS) at Los Angeles International Airport (LAX) will meet this challenge in a secure, intelligent and efficient way.

At LAWA, we work hard to provide a high level of safety, security and service for our customers, communities and stakeholders. Passengers show their identification and boarding passes at multiple points throughout an airport to verify identity. However, confirming the identities of those working at the airport is equally important.

Airport growth

Few airports understand growth better than LAX, where constant expansion creates a high demand for security credentials. The LAX badged population increased 60 per cent from 35,000 in 2009, to 56,000 in 2019.

If the challenge of checking the backgrounds of the thousands of employees wasn’t enough, LAWA is amid a $14 billion capital improvement programme at LAX, expected to last through to 2023. The LAX modernisation programme is considered the largest public works programme in the history of the City of Los Angeles and requires construction workers and trades people of all types to be badged, exponentially increasing the workload in our badging office.

Badging office automation

Faced with a large volume of people coming through and needing to be processed, our badging office team works hard to provide a high level of service. With the new IMCS, LAX will be able to streamline and automate the entire badge lifecycle process, from application to badge printing and access provisioning. By automating core processes with role-based workflow and active policy enforcement, we can ensure real-time compliance, which helps to eliminate costly auditing efforts.

The IMCS deployment will include a secure, web-based portal that will enable LAX personnel to manage employees, vendors and visitors across our enterprise landscape. Applicants and authorised signatories will be able to start, save and submit applications, which include requesting access to critical areas that require additional approval. For example, if an airline is operating at the airport and they have hundreds of employees, someone with that airline performs as an authorised signer who can sign documents on behalf of the employee and get them into the system. Intelligent onboarding will define the right level of access before provisioning and manage access across all systems. Lost or stolen badges can be detected and access from the system removed.

Enhanced customer service

Though airports cannot control the time it takes to credential an employee, we can control the time it takes on our end through the use of advanced IMCS technology and processing software.

Newer technologies allow us to speed up the process dramatically. For example, with built-in schedule management, the new IMCS will help the LAX Badge Office streamline application processes and enhance customer experience, including reduced wait times, and application status visibility to applicants and authorised signatories.

Our goal is for the LAWA Badge Office to operate at gold-standard level, which includes 550 transactions per day under typical staffing. LAWA’s management shares this commitment and supports efforts that will streamline the badging processes and improve customer service while maintaining the integrity of the security programme.

Risk management, compliance and training

The new IMCS is designed to deliver active policy enforcement to help prevent violations before they happen. The solution automates compliance with key airport regulations and security directives.

In the U.S. the Code of Federal Regulations mandates credentialing transactions, which are designed to identify vulnerabilities and minimise risk to the airport community. Guidelines such as separation of duties and badge agent identity are designed to prevent malicious intent. Through the convergence of physical and cyber-systems, the new IMCS will provide a 360-degree view of risk across the airport enterprise. For instance, the system will proactively monitor badge status for any suspended badge and determines whether such badges are still being used to gain access to critical areas.

The new IMCS will also include aviation specific features comprised of tenant management, incident management, asset governance, compliance, industry reporting, badge auditing and process automation best practices. Background check services such as DACS, STA, CHRC, Rap Back will be built in.

Validating training and certification before issuing a badge is an essential component of our security and safety approach. The new ICMS features real-time learning management system (LMS) integration which is designed to assist LAX administration teams in tracking and enforcing mandatory training for personnel including active shooter, airside vehicle operating permit, and airport security awareness training. By integrating the IMCS with LMS, we will be able to automate policy enforcement for training and certification including periodic access review for expiring training, automatic reminders for expiring badges, automated removal of critical access, and reconciliation of identity background checks and training.

Conclusion

The age of the siloed badging system sitting independently in the security badge office has gone in favour of a converged credentialing system that serves the broader needs of an airport, offers regulatory compliance and performs identity management. In the era of digital transformation, a converged cyber-physical security approach to identity and credential management is helping to make airports like LAX more secure while creating a positive workforce and customer experience.

Biography

Aura Moore, Deputy Executive Director and CIO at Los Angeles World Airports, was appointed in July 2016. She oversees day-to-day information technology operations and serves as top technology infrastructure and systems leader at LAX and Van Nuys general aviation airports. Moore draws from a public service career of over 20 years at agencies throughout the City of Los Angeles. Her previous positions with LAWA included Network Infrastructure Program Manager, IT Project Management Director and Deputy CIO.

The view from the vendor

AlertEnterprise

The inevitable emergence of the cyber-physical insider threats

One might say it was only a matter of time: We have been digitising our physical world, blurring the lines between physical and cyber-spaces. Cyber-incidents can now have direct impact on physical assets and processes, and vice versa. New categories of insider threats have emerged, including expert insiders (personnel that are fully aware of security systems and processes), zero-day insiders (new staff with little to no background information), needle in the haystack and slow-poison threats; all of which are impossible to detect without deep data analytics and a cyber-physical approach to security.

Traditional airside crime will mostly rely on corrupted employees with airside access. The new starting point for mitigating this risk is an IT-physical system integrated approach to the identity access lifecycle. IMCS with built-in background-check services such as DACS, STA, CHRC and Rap Back, as well as real-time training and certification validation through LMS integration, can significantly reduce vulnerability and risk during airport staff selection and accreditation processes.

In February 2018, it was reported that a temporary security pass allowed Mohamed Abdullahi Mohamud, a former terror suspect with a string of convictions, to gain access to the runway and baggage-handling areas at Heathrow Airport. An IMCS with integrated and automated background checks would have shown that Mohamud had served five years in prison since 2003.

Blended cyber-physical risks require a converged approach and a holistic view of security to better defend against attacks. It is critical to have a centralised view of complex threats, events and incidents across cyber, physical and operational domains. By consolidating cyber, human and asset intelligence, airports can correlate threats and empower security operations centre personnel to make informed decisions and take appropriate action.

Looking forward, the future of insider threat protection is AI. AI-powered identity intelligence technology is dramatically reducing the time and cost needed for detecting and resolving risk by automating threat protection. Advanced machine learning capabilities can now automatically baseline identity profiles, allowing it to quickly sort through millions of events to detect behaviour anomalies and trends for an effective airport SOC response to potential malicious behaviour and policy violations.

Send this to a friend