While not a complicated or strategic topic that I would normally highlight, this one bit of news is from my home airport and personally meaningful.
Basically the report shows that 1,600 badges were lost or stolen in a 2 year period. This seems like a big number (2.6%), but this is a control that should (and not highlighted in broadcast) secondary supportive controls, such as:
- Key card access review logs to prevent duplicate entries (i.e., same person cannot badge in 2x)
- Analytics on badge entries against the work shifts of the person assigned
- Access to areas not zoned for that worker
- Termination of employees who don’t report in 12 hours on lost/missing badge
There are safeguards highlighted in broadcast that are good, but easily modified to the point of not being any value, and include:
- Pin (can be easily observed due to tones and no covering)
- Picture (every movie ever shows how easy this is done)
- An old badge could be re-programmed and be a duplicate of another higher ranking / alternate security zone
Bottom line is organizations, especially those tasked with safety of human life, must have the primary and secondary controls in place. Hopefully the remarks of a minor risk are based on their security assessments with the considerations above (and more perhaps).
Article:
Hundreds of ID badges that let airport workers roam the nation’s busiest hub have been stolen or lost in the last two years, an NBC News investigation has found.While experts say the missing tags are a source of concern because they could fall into the wrong hands, officials at Hartsfield-Jackson Atlanta International Airport insist they don’t pose “a significant security threat.”
via Hundreds of Security Badges Missing From Atlanta Airport – NBC News.com.
Also thanks to the new new aggregator (competitor to AllTops) Inside on Security or the clean new interface.
Best,
James