Airport information systems security

The Information Technology Management Reform Act of 1995 (ITMRA), also known as the Clinger-Cohen Act, requires the Chief Information Officers (CIO) of the executive agencies of government to develop, maintain, and facilitate the implementation of a sound and integrated information technology architecture. The CIOs are responsible to ensure that information security policies, procedures, and practices are adequate to effectively protect information systems. The National Airspace System (NAS) is made up of hundreds of facilities across the country that provide the services required to operate and maintain the air transportation system (Figure 1). Airports are unique in this network as no two airports are designed the same and, while each is a single facility, each is occupied by many different tenants who provide many different services. Each service may include one or more information systems, both automated and manual, running independently from all others. Because of high visibility events such as the bombing of Pan American Flight 103 in 1988, the explosion of TWA Flight 900 in 1996, and the most recent catastrophic events of September 11, 2001, increased security measures have been put in place to protect the flying public from terrorists. The need to share and exchange information effectively and in a timely manner between airport services and systems, with other airport facilities, outside organizations and government agencies, becomes greater each day. The increased requirements defined by previous policy, threat, vulnerability, and risk assessments can be used to derive security services for NAS Air Traffic Control (ATC) operations, as well as Airport Facility (AF) operations. However, conventional solutions may not be suited to the unique needs of an airport environment and may be operationally unacceptable in some cases. This discusses some of the ways that information systems security can help ensure that key security services, including access control and authentication, are available and implementable in all systems as needed in these unique airport environments.