by Duncan Hine

The road less travelled

Apr 19, 2011
Security SoftwareTransportation and Logistics Industry

The sheer volume of data collected about every traveller means that the threat to transport data has become a key concern. Every time you swipe an Oyster card, check-in online for your flight or use your credit card to pay for the M6 toll road, nuggets of personal data are collected, stored and transmitted.

This volume of data and its multitude of touch-points make the transport sector one of the most complex environments for securing personal information.

The very nature of transport means that the data of every traveller is being collected on the move. Static defences simply don’t work and its difficult to identify where a security problem exists as a result.

In most cases, not only is the data generated in transit, but those collecting the data won’t have any prior knowledge of when or where they are going to receive it.

It arrives at the point a journey starts and finishes. People are also free to travel where they wish using any combination of transportation, so securing their journey data is made even more challenging when they move internationally between countries with different data protection laws.

Data collected by multiple transport organisations can easily be merged and extrapolated into meaningful information about personal trends and behaviours which other organisations, or individuals, can use for their own benefit. Today, even small bits of information about your journey are worth money.

Adding to this complexity, the transport sector is characterised by large facilities such as airports and road networks that are expensive to upgrade and therefore need to be made to work as hard as possible for their owners.

Automation is a key part of this because it increases the number of people that can use these facilities every day.

It also improves the customer experience and increases the information available to support decisions about how those facilities are used and what changes to make.

So, while automation enables transport facilities and systems to run more efficiently, it also increases the amount of data captured when people travel.

In short – data captured by the transport sector is valuable, it arrives through complex processes, and there is about to be a lot more of it. So identifying where the greatest threats in this sector lie is vital.

Achieving this is all about transport organisations being aware of what their people are doing with all this data.

In my experience, closely monitoring what is going in and out of the system is the key to getting an accurate answer.

Having a clear security policy is an essential foundation, but monitoring offers a clear course of action when someone gets caught making a mistake or intentionally breaking the rules.

The reality is that most organisations only deal with these issues when they happen upon them, not because they have proactively sought them out.

Creating a clear audit trail when data is captured, stored and shared is the only way to ensure a clear view of how data flows into and out of an organisation, enabling potential threats to be investigated at the earliest opportunity.

Regardless of whether the data is being moved for valid reasons, the crucial knowledge for me is an understanding of when this is happening and who is responsible.

Given the complexities mentioned above, this is of critical importance for the transport industry.

The more complex the industry and the more data it collects, the greater the threat that people will harvest information and use it in ways for which it was never intended, causing harm to customers, employees and brand reputation.

I support the use of monitoring technology and I know that transport is not the only sector where this approach must be applied.

In any industry where increased profitability or efficiency means the creation or collection of more sensitive data, it must be recognised that unless organisations can proactively identify the threat, they will never be able to drive down their residual risk.

Duncan Hine is Head of Security, Information Assurance and Resilience at National Air Traffic Services and an advisory board member to Dtex Systems

Pic: disparkyscc2.0