sabre airline solutionssabre airline solutions · 2015. 7. 14. · sabre airline solutionssabre...
TRANSCRIPT
-
Sabre Airline SolutionsSabre Airline SolutionsSabre Airline SolutionsSabre Airline SolutionsSecuring Airline Information Securing Airline Information on the Ground and in the Air
7 November 2012
Kuala Lumpur Malaysia
on the Ground and in the Air7 November 2012
Kuala Lumpur MalaysiaKuala Lumpur, MalaysiaKuala Lumpur, Malaysia
Confidential
-
Brief
Paul FeheleyPaul FeheleyyyPrincipalPrincipalSabre Airline SolutionsSabre Airline SolutionsSouthlake, Texas USASouthlake, Texas USA
Confidential 2
-
Common Threats Across All Industries
Some threats on airline computer systems not unique to the travel and transport industry
• Hacking, hijacking of data• Threats including service disruption
Th ft f l i f ti• Theft of personal information
Confidential 3
-
Common Responses
Preventative – avoid the threat before it becomes a threatActive – continuous and realtime detection of threat or fraudPost-mortem – investigate, communicate and refine
Confidential 4
-
What Does Make Airlines Unique / Cybersecurity?
• The nature of legacy airline systems• Sabre reservations system introduced: 1962y
• 50 years is a long time in IT
Confidential 5
-
What Does Make Airlines Unique / Cybersecurity?
• The complexity of the global network required to serve airlines (and inter-airline), travel agencies, and passengers themselves
• The threat to human safety inherent in travel and transport and the spectacular nature of mishapsspectacular nature of mishaps
• The unique relationship required between government agencies and travel and transport providers• Airlines carry passengers across country and state borders and therefore
have special responsibilities not tied to other industries
• The amount of personal passenger data required to be collected by travel providers – and the “chain of care” for that data
Confidential 6
travel providers and the chain of care for that data
-
What Does Make Airlines Unique / Cybersecurity?
• Sheer volume of passengers• …and transactions
• Larger, faster aircraft
2011: 2 3 billion passenger air trips (est )*2011: 2.3 billion passenger air trips (est.)
2020:“forecasts indicate that passenger traffic will grow at the rate of 4.1% per annum equating to 7 4 billion passenger air trips byequating to 7.4 billion passenger air trips by 2020”**
Source: *Collaborative Forum of Air Transport Stakeholders ** Airports Council International
Confidential 7
-
© planefinder.net
Confidential 8
-
Passenger Data – a Wealth of Private Information
Confidential 9
-
Passenger Data – a Wealth of Private Information
Typical international travel records contain• Names of all travelers and “Biodata”: age, nationality
• Including travel partners – with whom are you traveling?
• Personal data: home and overseas addresses, credit card data, emergency contact detailsg y
• Passenger journey details (air, rail, cruise, hotel, car)• ATC - authorization to carry (government permission such as visa)• Seating data (where will you sit when you travel and with whom are
you seated)• Baggage data (how many pieces, weigh of each, owner of each)Baggage data (how many pieces, weigh of each, owner of each)• Special requests of the airlines (meals, wheelchairs, special needs)
Literally hundreds of data items collected, transmitted, reviewed, stored
Confidential 10
-
Passenger Data – a Wealth of Private Information
Future - travel records may also contain - ?• IP address(es) of your interactions with agencies,
i liairlines• Biometric passenger data points for airport or aircraft door
verification (face, iris, fingerprint)• Images
(face, bags)
Confidential 11
-
Chain of Care – Passenger Data
Can be quite complex• Passenger to travel agency (online or in person)g g y ( p )• Agency to airline or airline booking system
• Booking system to payment system or gateway
• Airline booking system to airport check-in system• Check-in system to onboard staff and other local service providers• Airline to government• Airline to government
Confidential 12
-
Baseline Definitions
GDS – Global Distribution Systems (bookings – travel agencies)CRS – Central Reservations Systems (bookings – airlines)y ( g )FFP – Frequent Flyer Systems (passenger data – airlines)DCS – Departure Control Systems (airport check-in – airlines)
IndustryIATA International Air Transport Association• IATA – International Air Transport Association
• Governments – local, national and regional travel governance authorities
• Customs, immigration, police, cybersecurity, quarantine/biosecurity
Confidential 13
-
Risk Assessment Across The Travel Journey
The Customer Travel Process
Customer
Initiation Reservation Embarkation Conclusion
Airport Check-in Physical Border Arrival
Reservations System CRS/GDS
Frequent flyer System
Touch Points
Web Site, Call Center, In-person
Departure Control System DCS
Airline CRM Database
Border Crossing Database
Departure Control System DCS
Data Sources
Other Domestic and International Authority Data Sources
Journey
Confidential 14
-
Threat Assessment And The Passenger Travel Process
Ch k i /P b d P t b d/ P t i l
Threat Assessment From Reservation to Post arrival
Check -in/Pre -board Analysis
PNR, Check -in Record Border Crossing Record
Border Control
Post -board/Pre -arrival AnalysisReservation Analysis
Post -arrival Analysis
PNR, Profile, FFP, CRM Data
Reservations System CRS (“Res”)
Border Control
Reservations System CRS ( Res ) Frequent Flyer System
Working Air Crew Database
Departure Control System (DCS)Border Crossing Database
Departure Control System (DCS)
Other Domestic and International Authority Data Sources
QikQik AnalysisQikThreat Analysis
Reservation Booked Check -in Boarding ArrivalIn Air Post Arrival
+3 days-1 yr.
Qik Analysis Qik Threat Analysis Threat Analysis Threat Analysis
Confidential 15
Qik yQik eat a ys s y y y
-
Physical Document Threats
Physical documents are still very much a part of airline culture• Airline-issued such as boarding passes and baggage tagsg p gg g g• Government issued – including passports, visas• Right-to-travel for example unaccompanied child, doctor permission
Authenticity of these documents –critical because fraudulent documentscritical because fraudulent documents can pose national security threats, flag immigration fraud, aid in human trafficking and more
Airlines often responsible for validating such documents
Confidential 16
such documents
-
Physical Document Threats – A Progression
Confidential 17
-
Physical Document Threats – A Progression
Confidential 18
-
The Way Forward - Electronic Documents?
• Becoming more popular with passengers• …but carry their own level of threaty
• Mobile boarding passes
• NFC / touch / tap check-in
• RFID permanent bagtag
• Bluetooth-aware systems
Confidential 19
-
The Way Forward - Electronic Passenger Processing
Airlines and passengers embracingelectronic passenger processing
SITA – Airline IT Trends Survey 2012
www sita aero
Confidential 20
www.sita.aero
-
Fraud
Confidential 21
-
Cards: Airlines Accept Billions in Payments
PCI compliance: critical• Challenges via telephone: airline call centersg p• Via websites: booking, electronic ticketing• In person: travel agencies, airport and city ticket offices• Using physical devices: airport kiosks• Onboard aircraft: duty free, purchases services (food/upgrade)
Each point of purchase carries its own threatEach point of purchase carries its own threat• Fraud against the airline• Credit card abuse against the passengerg p g
Confidential 22
-
In-flight – Unique Cybersecurity Considerations
As on-ground technology advances, so does in-air technology
Avionics, better and smarter
“Fly-by-wire” and “glass cockpit”
Passenger centric onboard systemsPassenger-centric onboard systems• IFE, wired and wireless• In-flight wifi, ground-based and satelliteg , g• In-flight mobile: SMS, voice and data
Confidential 23
-
In-flight Wi-Fi and Mobile
Confidential 24
-
In-flight and digital / electronic flight bag
Passenger in-flightg gtechnology must notinterfere with in-flightsystems
Confidential 25
-
In Conclusion – Thank You !Thank You !
Airlines, travel and transport companies face several unique challenges in regard to data security
Mix of legacy and new technologies must all adhere to IT security policies and practicespolicies and practices
Inter-operability among competing companies and government agencies is critical and complex
Travel volume and passenger demand for faster better processing leadTravel volume and passenger demand for faster, better processing lead us into a digital future
Confidential 26
-
Brief
[email protected]@sabre.com
Confidential 27
-
Sabre Holdings
Sabre Airline Solutions, the Sabre Airline Solutions logo, Sabre Holdings, Qik, Qik Analysis, and Sabre, are trademarks and / or service marks of an affiliate of Sabre Holdings Corp. All other trademarks, service marks and trade names are the property of their respective owners.
© 2012 Sabre Inc. All rights reserved.
Confidential 28