Weitere ähnliche Inhalte
Ähnlich wie Airport Entry Management Systems and Security (19)
Mehr von Mestizo Enterprises (20)
Kürzlich hochgeladen (20)
Airport Entry Management Systems and Security
- 1. IP UtiliNET Airport Solution Brief
6825 Shiloh Rd E, STE-B-7
Alpharetta, GA 30005
404.513.3283
www.IPUtiliNET.com
A US Veteran Owned Business
Secure Concourse
By David Quinn, Managing Director
You are not an airport employee, you do not work for the airport, and you are not a
foodservice vendor or other vendor equipped with a badge that provides identity to the
TSA. You may be Henry Kissinger, who like you or any other American Citizen is a
suspect until proven otherwise. You are ever vigilant, a veteran, a law enforcement
official, sworn to protect, yet to the TSA you might as well be holding a loaded rifle.
Plainly put, what the average citizen endures in the name of security is simply an
inexcusable lapse in identity management.
5/23/2012 ©2010 IP UtiliNET LLC
- 2. Contents
There are individuals in the world that will
Introduction 3
violate life, liberty, and the pursuit of the
The AS-IS Process 3 next precious breath …for an ideal.
Suspects, Until Otherwise Proven 4
Concourses – Real and Present Threats 5
Risk Assessment - High 7
Define the Problem, Act to Resolve It 7
Getting Started 10
Continuous Improvement 11
About the Author 12
Airport and Security officers are forced into
action reactively while terrorists are
proactive, always planning, always trying
new and innovative ways to kill and maim
innocent civilian targets – this is proven by
planes used as missiles, planes with cargo
bombs (Pan-Am), liquid explosives, shoe
and underwear bombs, toner cartridge
bombs and a host of other past and future
attempts, each one seeking holes in the
system, each one creating maximum press
exposure. The US Government reacts
defensively and implements policies to
counter these threats. This is a result of;
A. Management of Public Perception
B. Defensive Posture & Tools
C. Standards based Defensive Approach
D. Lack of Information Continuity
E. Lack of Passenger Presence
Awareness
F. No Process Optimization
5/23/2012 2 ©2012 All Rights Reserved, IP UtiliNET LLC
- 3. Introduction
This brief provides a solution that leads to increased security and higher levels of
systemic benefit for the Traveling Public, the TSA, and Airport Operators. This
discussion is an American discussion about security that is acceptable to the traveling
public versus an overly expensive and vast police action that uses strong-arm tactics to
intimidate the average person. IP UtiliNET seeks to support Department of Homeland
Security, TSA, and US Government in all efforts to protect the nations critical airports
infrastructure and offers a path that reduces the current defensive posture. This briefing
document is intended for public consumption as it contemplates just one of many
potential scenarios that can occur at any one of the thousands of global airports.. This
document points to a potential scenario or combination of events that if applied could
disrupt passenger travel for days or months and undermine the trust and confidence of the
flying public, it is not intended to be a threat or anything close to that. There is no ability
to plan for terrorist innovation, there is only heightened traveler awareness, counter-
offensive reaction to these events, and further removal of personal liberties for the
purpose of assurance. This paper offers a solution that, by design is intended to converge
current disparate parts and lack of identity capability into an intelligent framework. The
Airport Entry Management System (AEMS) improves airport security while delivering
increased operational efficiency at reduced cost. TSA will improve intelligence and be
more prepared to react quickly in the event of the type of attack described in this
document, and other attacks at any one of the 3300 NPIAS “watchlist” or foreign
airports.
The AS-IS Process
TSA has interjected a classic defensive perimeter at a significant number of US and
foreign airports. The perimeter takes a typical 3 tier approach and consists of; Tier 1 in
which a live TSA agent obtains a mobile or paper boarding pass from an individual
traveler and compares it
to another form of
identification. With Tier
1 approval, the
passenger is then
allowed to proceed to
Tier 2 where baggage
and certain personal
items are separated and human and baggage are scanned. If an anomaly occurs at the
scanner, the person or bag is detained and further searches and questioning occurs – Tier
3. Employees and Contractors are “known” entities and current requirements allow for
badge and pin-code entry at the airport. This process separates the landside and terminal
from the airside concourse and creates a defensive barrier to the unknown landside
environments.
11/22/2010 3 ©2010 IP UtiliNET LLC
- 4. Suspects, Until Otherwise Proven
Airport Security is a tough business. Threats can come from any direction and there is no
way to guarantee absolute safety for the traveling public. Measures to counter proven
threats must be taken, but to what end? Bombers that exit on a layover, trained pilots
flying airplanes into buildings, liquid bombs in shampoo bottles, underwear bombers,
shoe bombers, PETN in toner cartridges … what next? A skullcap bomber, a prosthetic
bomber, liquid explosives in a colostomy bag, can bombs in the food service trolley, ….
there is no end to the possibilities. With physical security, especially the type that is
implemented today, all passengers and law enforcement travelers are subjected to
increasing levels of scrutiny. All passengers and even law enforcement personnel that
transport prisoners are assumed to be guilty and treated as suspects until otherwise
proven. Airport, Airline, and Vendor services personnel are “known”. As employees they
are deemed to be “not guilty” at least until one of them becomes part of an attack on
airport infrastructure.
The airports security methods that are employed today are defensive in nature to include
the scanners that remove clothing. When something is detected or a passenger opts out it
leads to a more intrusive physical “pat-down” which the public is now objecting to.
Because there is a lack of presence awareness and a lack of concern for wait times as a
result of the security processes, the flying public is subjected to a “search and seizure”
approach that
discriminates from
treatments afforded to
TSA and other members
of airport, airline, and
contractor staff. US
Citizens and travelers
entering US Airport
systems en masse are
profiled as suspects until TSA owned airport security approves concourse access.
For those with intent to harm, the opportunity to do so at any one of the top 30 airports is
only a paper ticket or a commuter flight away – where security is not as intensive. At
some point, those with intent will realize this gap, make an attempt, and cause a
reactionary expenditure that dwarfs the existing equipment and manpower expense. The
dilemma is that security at primary, secondary, and reliever airports must continue to
increase because the “bad” people in our world are continuing to test and attack the
system externally as well as internally. They will and are targeting employees and
encouraging their supporters to gain employment in the airport systems. They are
seeking a trusted relationship that will lead to further attacks. When that happens, will the
answer be to shut down the entire system?
5/23/2012 4 ©2012 All Rights Reserved, IP UtiliNET LLC
- 5. Concourses – Real and Present Threats
The following simple scenario is but one of the many potential risks that airports face
today. It is submitted as an observation only and is intended to establish dialogue that can
lead to systemic improvements in data continuity, improved intelligence, and security.
It is no secret that paper boarding passes can be captured, modified, and reprinted. With
enough time and effort, any paper boarding pass can be modified to match the date of
entry while maintaining or modifying the identity of the person carrying the boarding
pass. In the scenario below, the paper boarding passes are modified and used to gain
entry to the landside environment, and are complemented by mobile and paper boarding
passes that link to actual flights.
As terrorists learn more about airport operations, and gain access to the airside
environment through employees there will come a time when a large airport will be
attacked. It will come from the inside and it will happen using multiple resources.
The scenario unfolds simply. Boarding passes are obtained and copies are sent to a
forger or each of the attackers are provided
instructions to make modifications to a paper
boarding pass. Modifications can include
name, date and other information on the paper
boarding pass. The terror organization has
placed 2-3 employees at airline, airport, or
contracted service positions. They do not
know each other and 1 will be selected for this
mission. Boarding passes, strike date, and time are coordinated via hardcopy (not e-mail).
Planning occurs months in advance.
Once dates are set, two orders are placed:
http://buyaes.com/catalog/product_info.php?products_id=2162 rechargeable spray can
and http://www.lurelogik.com/gear.html timer for spray can.
Atlanta has 6 concourses and 3 security entry points, therefore, if Atlanta is the target 6
recruits that do not know each other and 1 employee are what will be needed. This is a
primary and a backup strategy with a timeline that supports fill-ins if needed. 3 of the 6
will enter the concourse through the TSA perimeter. The other 3 will arrive at the airport
on redeye flights.
3 forged paper boarding passes are for the landside attackers and each of the other 3 will
purchase redeye flights a month or so in advance.
5/23/2012 5 ©2012 All Rights Reserved, IP UtiliNET LLC
- 6. The spray cans are obtained and filled with a liquid organophosphate such as Sarin. Once
filled, the cans are charged. The airport employee, who has been known to bring a
shoulder bag to work daily takes receipt of the cans early in the morning of the attack.
Placed into the bag, the employee goes through the normal routine and accesses the
airside environment via the standard employee process.
Once inside the fenced, secure, airside environment, the employee enters the
concourse through any number of available doors. The 3 landside entrants have
passed through security and the other 3 have landed and had breakfast. Beginning at
0900, the six meet the airport employee in pairs every 15 minutes – A, C, and E
concourses. The meetings occur in the bathrooms that are south of the concourse
entry point. Exchanges are made at the baby changing stations where it is normal
to see people with open bags. All are recognized by a Bluetooth headset with a
custom mark worn on the right ear.
The pairs break off and at 10AM set their cans to operate from bathroom stalls
beginning at 1015. Timers are set to release 1-3 second blasts every minute. The
cans and timers are wiped down to remove fingerprints. The doors to the stalls
are locked by each terrorist who crawls out from under the door.
The terrorists exit the airport using the normal exit process. The airport employee
has a hectic day as people begin to get sick in all airport terminals. It takes 45
minutes from the originating time to begin a full airport evacuation. The airport
is shut down as panicked people evacuate the airport from all available exits.
The attackers exited the airport as the first blasts begin and same day, three of
the group drive in one direction, the other three in another direction, or flights
that leave at 10:15 are in place for three or four of the attackers. These attackers
are headed to the next airport where the process will be repeated at another
airport, later in the week, later in the month, or in time for second shift.
The papers would later report that a coordinated attack occurred at airport/s in
which several people were severely affected. This was due to a lack of disaster planning
for concourse environments and a lack of data continuity that led to a breech in
intelligence, ineffective and unproven local evacuation methods and controls, and lack of
coordinated agency responses. Airport services would be disrupted for weeks if not
months.
This is a scary scenario and is not intended to be a threat. It is an observation that is based
on several years of working in and around airports. While an attack from within is the
most difficult to thwart, the security problem can be reduced with good information
management.
5/23/2012 6 ©2012 All Rights Reserved, IP UtiliNET LLC
- 7. Risk Assessment - High
Airline, Airport, and Service Contractor employee with a RAMP badge and pin can enter
the concourse using only an employee id. Airline, Airport, and Contractor employees
entering from off-site parking or through entry gates can gain access to the concourse,
fuel depots, aircraft and other airport elements – typically without passing through the
scanning process. Several of the employees carry shoulder bags, lunch boxes, etc. on a
daily basis and these items do not normally go through scanners of any type. Airline
equipment such as trucks and buses routinely leave the fenced airside area of the airport
thereby providing ample opportunities for the introduction of any types of harmful
technologies. All packages that enter the airfield and concourse environment should be
scanned or inspected prior to entry. Airside employees and contractors that enter the
concourse with personal baggage should be required to submit to a secondary search
prior to entry. The secondary search should be conducted in full view of a surveillance
system.
Define the Problem, Act to Resolve It
TSA has implemented a set of physical controls that supplant the ability to identify the
individual passengers as they are passing through the security perimeters. Passengers, to
include law enforcement transporting prisoners, are unknowns to TSA and this occurs as
a direct result of a lack of integrated process and airline/airport business systems. This
leads to inadequate and ineffective intelligence. The model below illustrates the security
processes in alignment with the business processes. It illustrates the intelligence gaps
that create the need to implement increased physical security measures. Until these gaps
are resolved and data continuity contributes to intelligence efforts, the physical security
measures and related manpower expenses will only increase.
5/23/2012 7 ©2012 All Rights Reserved, IP UtiliNET LLC
- 8. Securing the concourse requires alignment between business process and the underlying
systems architecture.
IP UtiliNET offers the Airport Entry Management System or
AEMS. There are three subset elements;
1. Passenger Identity Management System (PIMS)
2. Aviation Worker Identity System (AWIS)
3. Accompanied Transport Identity System (ATIS)
AEMS is intended to scale beyond the existing 3 tier perimeter and is designed to
incorporate domestic positive passenger bag match. Each one of the subset elements has
different connectivity, integration, security, and registration requirements. The
application and underlying systems are common and the software can use certain
deployed video cameras. Extending the first perimeter to entry doors, kiosks, and
ticketing counters - even public transportation – is a matter of gaining agreement with the
airport authority to extend the capabilities of the Operational Services Network.
For entry points, IP UtiliNET offers a smart electronic device that is
packaged for single entry points, multiple entry points, tabletop,
tablestand, and pedestal. This “platforming” approach reduces
management cost and deployment headaches while allowing for multiple
use cases. The software that drives the camera and facial biometric
decode is the same whether it is used in this fixed form factor, a mobile
form factor, or deployed and operating in passive mode as a component
of the surveillance system.
The Passenger Identity Management system is the recommended starting point. With this
technology, pedestals can be deployed in place of the first perimeter TSA agent.
Passengers who desire to be treated in a similar manner to airport employees could enroll
in the system prior to entering the security line. At the first perimeter, the passenger
would scan their electronic or paper boarding pass and could enter a pin that is unique to
them. The boarding pass validation would coincide with a facial biometric scan in which
the customer name is matched to the ticket and pin and the face is validated. If the system
could not find the individual, it would prompt for a secondary form of identification such
as a license or passport. If the passport or license data match the paper or electronic
boarding pass and the person is not enrolled, they would be involuntarily enrolled in the
security management system for the next 12 hours. The system ties back to the airline
reservation system ( identified ), and to the Baggage Reconciliation System (identified)
which provides the positive passenger bag match.
5/23/2012 8 ©2012 All Rights Reserved, IP UtiliNET LLC
- 9. Various discussions as they relate to multi-modal biometrics have been undertaken over
the years with the most recent being iris scans. Of the three modalities; fingerprint, facial,
and iris, iris is now getting the most press.
Fingerprint is typically rejected by the traveling public as they are associated with
criminal work and a question exists as to who and how the database is managed. What is
needed is fingerprint as a validating factor – deployed at Tier 3 – when a persons identity
is questionable. Using mobile or fixed devices, after establishing probable cause, the
fingerprint could be scanned and sent to the AFIS system in the state, the terrorist watch
list, the 16 databases that make up NCIC and Interpol. IP UtiliNET Engineered Access
Control Systems are based on a platform approach and includes fixed and mobile
technologies.
IRIS can be associated with health. Take the example of a former CIA employee,
Angelique, that could not pass the IRIS scanners on the way into work one day. At the
entry point, the scanners did not allow her to pass because something health-wise had
changed and it was reflected in the backs of her eyeballs. The IRIS scanners could not
identify the reason for the change, only that a change had occurred. Later that day, she
discovered that she was pregnant. The last thing anyone or any business will want is non-
specified health related information being passed to insurance companies for risk based
adjustments.
Everyone has a face and facial biometrics is the only technology that is effective at entry
choke points, airplane gates, and as a passive system operating unobtrusively behind
existing surveillance systems. Facial biometrics that are 2D or 3D have proven to be all
but useless as they attempt to use computational capabilities to replicate the way that the
eye and the “fusiform” part of the brain work. Computers “think” in numbers which is
not the way the human brain processes images.
What is needed, and what is
available and proven with
existing installations at the VA
and other state/local customers
for many years is Fusitronic
Facial Biometrics.
Fusitronic facial biometric
systems that are coupled with integrated airline passenger management offer increased
levels of passenger intelligence, process automation and airport security. Offered as an
Airport Entry Management System (AEMS) it will provide TSA with improved
operational intelligence, less invasive security, reduced cost of operations, and better
response capabilities.
5/23/2012 9 ©2012 All Rights Reserved, IP UtiliNET LLC
- 10. A properly integrated facial biometric system will unify ticketing with identity
management and assist TSA and local law enforcement with criminal identification. It
will also unify employee access while offering the capability to constantly cross check
current law enforcement status. When a passenger ticket can not be matched to a facial
identity the suspect identity can be confirmed using tertiary tools such as license,
passport, fingerprint, and direct questioning.
The facial biometric software is passive and capable of complementing existing
surveillance systems. Using this function the database is constantly updated with last
known location for individuals. When law enforcement is seeking an individual, the
system goes into trakker mode where it originates from the last known location and
intelligently searches from that location outwardly to the furthest points on the network.
Once trakker locates, it alerts and hands off to the surveillance system for recording
purposes. It is critical to note that this is not a surveillance toolset, it is a Presence
Awareness toolset. Presence Awareness is concerned about the “who” not the “what” that
is currently occurring in front of a camera system.
Getting Started
IP UtiliNET has the available technology and relevant experience with company owned
credentialing and facial biometric systems. The company has created a framework and
recommended integration capability for business processes that affect and unify the
information services for passengers, law enforcement, and aviation workers. The
company has significant experience in airport passenger management and baggage
systems. The solution and recommended approach include a capability to integrate a
domestic positive passenger bag match solution that will add benefit to the industry and
the traveling public. A service
bureau approach is required
and IP UtiliNET is in a
position to undergo security
clearance approval, led by
the founder, a US NAVY
Submarine Service Veteran.
Additionally, the company
has a relationship with a
break/fix services provider
that supports airports in 130
countries today. In order to
move forward, funding will
be required.
5/23/2012 10 ©2012 All Rights Reserved, IP UtiliNET LLC
- 11. Continuous Improvement
IP UtiliNET offers LANvisn™ connectivity solutions for airport
environments. It is based on industry recognized standards and delivers
the industries first, truly non-fragmented network architecture. This unifies the security
and surveillance environment. HUBvisn, based on the AXS1800 platform is a 25 terabit
platform with entirely passive distribution capabilities over a 20 KM radius (12.4 Miles).
A single chassis supports more than 7,000 active end point devices and can scale in a
non-fragmented, grid fashion to 50 chassis using a single control and management
platform. It is the optimal solution for Command and Control Centers and for airport
security environments. It is more secure and cost effective than existing structured
cabling systems. With this technology, all manner of connected security elements –
throughout the airport campus - become possible – at reduced up front and long-term
costs reductions that increase as the number of end-point connections increase.
The network is a transport method for data that is collected at the edge and managed at
the core. The biometric software operates on the device, on distributed appliances, or on a
centralized appliance. The application that manages the core is an intelligent, multi-tenant
software framework that connects to other systems via it’s intelligent connectors. It is
specific to the task at hand, airport security, and can be configured to support client
specific edge functionality and supports zoning. As a client specific technology, TSA can
use it to improve relationships with passengers and airports that are served, and airports
can use it to implement loyalty programs that do not yet exist. From a TSA perspective,
the first perimeter can be pushed to the entry doors and ticketing stations. If TSA
chooses, the system can be pushed to public vehicles that frequent the airport. This
functionality will allow the TSA and first responder team to incorporate inbound
intelligent traffic management and outbound coordination of evacuation resources on an
as needed basis. It is scalable, inherently configurable, and capable of migrating physical
security to environmental intelligence and well coordinated first responder capability.
IP UtiliNET launched “IP UtiliSAFE” in January 2011. This
unique offering is available uniquely with a LANvisn™ network.
UtiliSAFE grants the ability of licensed first responders to
immediately access selected elements such as video cameras via a
private, dedicated, licensed path. An “IP UtiliSAFE” airport
campus network is a significant strategic benefit to first responders.
It includes any number of optional triggers - an analytic system,
shot detectors, a concourse or desktop 911 call … If any of these
triggers occur, the licensed path is automatically opened and immediate priority access to
video resources, controlled doorways, etc, is granted – even when the power is out. This
feature is embedded in the daily operating system for the security network.
5/23/2012 11 ©2012 All Rights Reserved, IP UtiliNET LLC
- 12. About the Author
Mr. Quinn is the founder of IP UtiliNET and is a US NAVY Veteran. He has coupled his
military systems training, to include battle planning and systemics with advanced degrees
in business and computer technology /robotics. In industry, he has consistently applied
his education and work experience to technology integration and business process
automation. He has spent most of the last six years assisting Delta Airlines in its efforts to
gain better control of the baggage management check-in, baggage handling and tracking,
and baggage security processes at airports. His work and support for Delta Airlines, as
reported publicly by its CEO in 2009, Richard Anderson, contributed to a 28%
performance improvement in year/year results. Mr. Quinn acted as a Sales Consultant for
Delta Airlines and participated in time studies, business process engineering, and
business process improvement specific to passenger process management, and baggage
management systems. Mr. Quinn and the Delta team were instrumental in driving
“incremental improvements” throughout the baggage management process and his vision
helped to shape a longer term strategy that will lead to automation. These innovations led
to improved passenger baggage services, induction efficiency, ramp efficiency, and
increased levels of security at baggage carousels. Mr. Quinn helped the Delta team
initiate the mobile barcode project with TSA. For a number of years at Motorola, Mr.
Quinn was responsible for the Air and Sea Ports Vertical Markets business. He is the
author of the Motorola solution brief entitled “21st Century Transportation Hubs
(see; www.motorola.com/ports). Mr. Quinn left Motorola in April 2010 and acquired the
facial biometrics technology and key resources that have led to the recent launch of the
most advanced and accurate facial biometrics solution available. Mr. Quinn continues to
serve the airports business while working to grow his Veteran-owned small business
enterprise.
For More Information, please contact:
David Quinn
dquinn@iputilinet.com
404.513.3283
5/23/2012 12 ©2012 All Rights Reserved, IP UtiliNET LLC