Airport information systems security

Airports are unique as no two airports are designed the same and, while each is a single facility, each is occupied by many different tenants who provide many different services. Each service may include one or more information systems, both automated and manual, running independently from all others. Because of high visibility events such as the bombing of Pan American Flight 103 in 1988, the explosion of TWA Flight 800 in 1996, and the most recent catastrophic events of September 11, 2001, increased security measures have been put in place to protect the flying public from terrorists. The need to share and exchange information effectively and in a timely manner between airport services and systems, with other airport facilities, outside organizations and government agencies, becomes greater each day. The increased requirements defined by previous policy, threat, vulnerability, and risk assessments can be used to derive security services for NAS Air Traffic Control (ATC) operations, as well as Airport Facility (AF) operations. However, conventional solutions may not be suited to the unique needs of an airport environment and may be operationally unacceptable in some cases. This discusses some of the ways that information systems security can help ensure that key security services, including access control and authentication, are available and implementable in all systems as needed in these unique airport environments.