FAQs to IoT/RFID Scenario Risk Assessment

Similar documents
Flying 2.0 Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology

CONNECTED EXPERIENCES

BEREC Strategy

Communications Engineering. Connecting Lives

BoR (17) 175. BEREC Strategy

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. of

ITS Action Plan- Internet Consultation

Passenger-centric air transport: a European perspective. Christoph Schneider, Munich Airport 2018 Euro Air Transport IT Summit, 27-Sep-2018

Towards the Smart World

Benoit Verbaere, SITA

Three Prespectives on Data Sharing

15050/17 VK/nc 1 DGE 2A

E-GNSS applications and market opportunities

CONNECTED GROUND SERVICE EQUIPMENT (GSE) HCL s IOT-enabled solution for tracking and monitoring airline assets

THE ROADMAP FOR DELIVERING HIGH PERFORMING AVIATION FOR EUROPE. European ATM Master Plan

Ride Sharing and Multimodal Transportation in Connected Environments

Moving towards an EU harmonised policy on logistics. Lina Konstantinopoulou- Head of dpt of Transport & Logistics, ERTICO

API EXPERIENCES FROM A STATES PERSPECTIVE 31/10/17

7 th APRAST SMS/SSP Workshop Outcome 31 August 2015 Bangkok, Thailand

The CHOReOS FP7 project and the Future Internet OW2 initiative Pierre CHÂTEL Thales Communications

Transforming the Airline Passenger Journey

An EU coordinated approach to R&I in the rail sector under H2020

UNI Europa ICTS position on the European Single Market for electronic communications

IDENTIFICATION SOLUTIONS

easyjet s experience of our first safety culture survey Future Sky Safety Public Workshop, 2017 Siân Blanchard and David Cross

End-to-end digitalization for passengers, baggage and cargo siemens.com/logistics

ICAO Global Trust Framework A Unified Approach for a Single Sky

Executive Summary. 1

Tracking Aircraft Parts; An Industry Vision

Project Overview: SMALL AIR TRANSPORT ROADMAP

EUTRAIN Europe Neighbourhood Cooperation Countries (incl. Russia, CIS, Black Sea, Balkan States) 3rd Regional Workshop Moscow, Russia

Appendix III: INSTRUMENTS OF THE WCO AND ICAO ON API

Solution Overview : The IBM Government Industry Framework

GSMA REGULATORY POSITION ON DRONES. August 2017

Security of the supply chain Specific focus on air transportation. Interest of industrial platforms

Disaster Response & Drone Airspace Security

Single Window Implementation Guide (Draft)

Research and Innovation for Europe's future mobility

Corporate Climate Leadership

Cross Industrial IOT Application Stephen Wai Sr. Mgr. Business Development

WORKPLACE ENVIRONMENTS WORKPLACE

Public Consultation Standardisation

A Bag s Life. Chris Diorio 1 Impinj, Inc. 1. This presentation represents my views, and not necessarily those of Impinj, Inc.

The Internet of Things and the Digital Opportunity for Industries IOT Regional Forum - Brasil

Gemalto Visa Management System

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION STAFF WORKING PAPER. Annex to the COMMUNICATION FROM THE COMMISSION

Available online at ScienceDirect. Transportation Research Procedia 14 (2016 )

FP7 topics linked to the Transport theme in 2011

ACI EUROPE POSITION on AVIATION AND CLIMATE CHANGE

A CER Statement on Brexit

2014 Report of the. Task Force 2 on Enablers and barriers

Trusted KYC Data Sharing Standards Scope and Governance Oversight

Can We Personalize Our Everyday Experiences in Public Venues, Without Compromising Security?

AIMS Airport Integrated Management System. FACT SHEET GTP Tecnologia

The IATA Control Authorities Working Group (IATA/CAWG) ADVANCE PASSENGER INFORMATION (API) STATEMENT OF PRINCIPLES

Smart Airport of The Future. Planning for Innovation at Airports

''Developing transport infrastructure for your citizens and for your economy''

NSW DIGITAL GOVERNMENT STRATEGY. digital nsw DRIVING WHOLE OF GOVERNMENT DIGITAL TRANSFORMATION DESIGNING IN OUR NSW DIGITAL FUTURE

FACILITATION PANEL (FALP)

Paperless Aircraft Operations; IATA s Vision

Smart Security CyCop Technology Integration

European Workshop: Facilitating Automated Driving and ITS TECHNOLOGIES TO ENHANCE ITS FOR ROAD TRANSPORT AUTOMATION

Pinellas County Business Technology Services

Achieving a Single European Railway Area and reinforcing the attractiveness of the rail sector: The vision of the European Rail Supply Industry

Lufthansa accelerates the progress of travel innovation. DXC Technology services designs and implements Open API for leading German airline

Understanding the Impact of the Analysis Exchange Model 1.0

An integrated sustainability platform

Establishing security cooperation among Arab Civil Aviation Commission members states, Abu Dhabi, 7-9 February 2006

Swissport Tanzania Training Centre

The table below compares to the 2009 Essential Elements and the 2018 Enhanced Data Stewardship Elements

AGRIFOOD FRONTRUNNER IN IOT

Passenger Rights in Multimodal Transport - MaaS Alliance Vision Paper

Intelligent Transport Systems and Services a solution to improve road safety

The passport as the token in the future airport processes

Blueprint. What is U-space?

Questions and Answers about the Proposed Use of RFID for U.S. Border Crossing Documents

SOUTH EAST EUROPE TRANSNATIONAL CO-OPERATION PROGRAMME

Compass Intelligence IoT Innovator Awards

Air Carrier Eligibility Requirements

2 ND ANNUAL CAREER DEVELOPMENT STAKEHOLDERS CONFERENCE. 28 June 2018

SESAR & NextGen Working together for Aviation Interoperability

Collaborative Decision Making in Aviation

Strategic Plan

C-Roads Platform Terms of Reference

Eu Public- Private Smart Move High Level Group

Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications

Queensland Airports Limited. Role Description

C-Roads Platform Terms of Reference

Form 1: Proposal for a new field of technical activity

PRIME Meeting no 8 24 th October 2014 Madrid (E)

The Future of Airport Information Technology (IT) Presentation to, ACI-NA Airport Board Members and Commissioners Conference April 28, 2009

APPLICATION OF THE GLOBAL STAR RATING SYSTEM FOR SERVICES. In Collaboration with

Final Publishable Summary

Digital Transport and Logistics Forum (DTLF) Electronic Freight Transport Information (EFTI) European Maritime Single Window environment (EMSWe)

Shift2Rail and rail research within Horizon 2020

Innovation Task Force

Managing Innovation to Sustain Growth and Prosperity

An eid Card to Bank the Unbanked Rolan Jahn, NXP

Swissport Tanzania Training Centre

ICB Industry Consultation Body A high level vision for achieving the Single European Sky

Transcription:

FAQs to IoT/RFID Scenario Risk Assessment What does IoT mean? The Internet of Things (IoT), sometimes referred to as ubiquitous networking or pervasive computing environments, is a vision where all manufactured things can be network enabled, that is connected to each other via wireless or wired communication networks. Why has ENISA conducted this report? The Internet of Things is envisaged to bring many benefits, but it also poses many new challenges and risks. In view of this, ENISA undertook the task to identify and assess emerging and future risks of a particular IoT/RFID scenario, also in the context of ENISA s role in this specified in EC Communication Internet of Things An Action Plan for Europe. What does the report include? This report contains the result of an extensive risk assessment effort on a comprehensive scenario involving IoT and RFID usage in the context of air travel. The assessment involved extensive detailed identification and measurement of the vulnerabilities and emerging threats for the entire scenario. Moreover, the report also includes appropriate recommendations to address the risks identified. This report explains how potentially this technology can be used in an air travel scenario; in the scenario we look at the benefits of this technology and environment, particularly in future air travel, and we identify the major security risks. We also cover the privacy, social and legal implications. Finally, we make concrete recommendations on how to address the risks, so as to maximise the benefits. Why did you choose the air travel scenario? The air travel scenario was selected to illustrate the convergence of these IoT technologies and the issues that arise as a result of this convergence and interoperability. Given that we are already seeing the introduction and use of smart technologies and applications in air travel, such as RFID-enabled passports, electronic boarding passes sent using SMS and displayed using cell phones, etc. we consider this as a representative, realistic yet emerging,

FAQs to IoT/RFID Scenario Risk Assessment showcase scenario within which we can identify and highlight important risks and challenges posed by IoT technologies. Amongst the technologies, applications and devices considered in this scenario, in addition to RFID, are smart phones, netbooks and location-based services (LBS). The power of these technologies is greatly leveraged by their convergence and interoperability. What does this air travel scenario look like? This scenario is explorative and is set in the future, approximately five years from now in the year 2015. It follows three passengers of different nationalities (EU, US, Japan), age and IT literacy skills flying from European airports. The scenario depicts emerging automated procedures typically used in normal air travel, such as check-in and boarding. Different criteria have been used to select the passengers starring in the scenario. The scenario has formed the basis of our assessment and can be found in Annex II. What are the procedures that you look at in this scenario and what does these IoT devices do? The scenario tracks and is divided into several phases based on the air travel process and involves the following: - Getting to the airport and pre-flight arrangements - Getting ready to fly: airport check-in, boarding, security controls - In flight - Arrival and transfer To give some examples, smart IoT devices can interact with various established services in helping passengers get to the airport safely, on time and cost effectively. These services can include on-line selection of travel options based on current position, traffic road conditions, flight schedules and updates, car-pools and airport parking assistance.

In future air travel, we envision that much, if not all, of the check-in process will be conducted via the Internet. A large percentage of the check-in process will involve IoT smart devices. The scenario depicts a seamless smart boarding process aiming at enabling efficient and secure passenger management. This process is based on the same principle that is used at the check-in stage, namely verifying 2D barcodes or tokens and biometrically authenticating passengers to prevent the exchange of boarding passes. Combined with the increasing prevalence of Internet in the air services, smart devices will have significant impact to both airlines and passengers. Upon arrival, passengers claim their luggage and proceed to local transportation to head toward their final destinations. IoT and smart devices are expected to further facilitate this process and, in particular, enhance services related for example with assistance on local arrangements for visitors. What is out of scope? The following fall outside the scenario s scope: - ENISA works in first pillar activities of EU, so it cannot enter into issues of national security that fall within the third pillar. For this reason, border control issues fall out of the scope of this assessment. - The focus is mainly on passengers. Due to limited time and resources, the scenario does not consider in detail security personnel, airline crew and other airport personnel, who may have different access requirements. - Aircraft security and general aviation maintenance, repair and overhaul (MRO) procedures are not considered, as they would considerably increase the complexity of the scenario. Who is the report for? The intended audience of this report is: - European Commission and European policymakers, to assist them on setting research policy (to develop technologies that mitigate risks) and to assist them in deciding on appropriate policy and economic incentives, legislative measures, awareness-raising initiatives, etc. visà-vis IoT/RFID technologies and applications; and in particular, on air travel; - Industry, to encourage them to secure their technologies and services, to make transparent to citizen-consumers their purposes and practices

in collecting and processing personal data and to identify any third parties with whom they share such data; - Air transport stakeholders, such as airports, Airport Council International (ACI) and IATA; - Individuals or citizens, to enable them to evaluate the costs, risks and benefits of using the consumer version of these applications. How did you assess these emerging and future risks? The methodological approach used in this project to identify and assess emerging and future risks was based on the standard ISO/ IEC 27005:2008 Information technology Security techniques. The following major steps were performed in the process of assessing the emerging and future risks: - Assets identification and valuation - Vulnerabilities identification and assessment - Threats identification and assessment - Identification of existing / implemented controls - Identification of final risks Following the identification and assessment of risks, the risks where ranked from very high to very low. Therefore, as the next step, the group identified possible controls and safeguards that could reduce those risks. For the purposes of this analysis, the risk mitigation step has been limited to the recommendation of potential controls to mitigate the risks identified. For example, acceptance levels have not been identified, as is the case in a usual risk mitigation exercise. What are some of the risks you identified in this report? The analysis resulted in the identification of many individual risks; for presentation purposes, we have grouped these individual risks into 18 major compound risks. Some of these 18 major risks include: - Failure of reservation, check-in and boarding procedures - Problems in issuing / controlling electronic visas - Loss / violation of citizen/passenger privacy - Compromise and abuse of state-owned citizen/passenger databases - Repurposing of data / mission creep - Health process-related concerns - User frustration and low user acceptance - Aggressive profiling and social sorting leading to social exclusion - Legislation lagging behind rapid technological advancements - Non-compliance with data protection legislation

What are ENISA s conclusions and recommendations? The three policy recommendations, in brief: 1. Rethink existing business structures and introduce new business models. Air transportation actors (e.g. airlines, airports, logistics, aviation security agencies, etc) should proactively stay alert for new business models. 2. User-friendliness and inclusiveness of devices, processes and procedures - we need to be inclusive. 3. Develop and adopt policies for data management and protection Five research recommendations: 1. Data protection and privacy, 2. Usability, 3. Multi-modal person authentication, e.g. biometric procedures, 4. Proposing standards of light cryptography protocols, and, 5. Managing trust as a central consideration: an enterprise should understand its own trust framework. Three legal recommendations: 1. Support for users, e.g. for data subjects to better exercise their rights. 2. Placing a high value on information and data. 3. Harmonisation of data collection by airport shops and efforts to raise awareness, among travellers of the collection and processing of data. Three recommendations are given specifically to the European Commission: 1. Enforcement and application guidelines for the European regulatory framework. 2. Alignment of research with both industrial and societal needs, e.g. ethical limits research. 3. Need for security and privacy impact assessment and trials of new technologies before deployment. The full report The press release see: http:///media/press-releases/flying-2.0-study-of-internet-of-things-rfid-in-air-travel For further details contact: Ulf Bergström, Spokesperson, ENISA press@enisa.europa.eu, Mobile: +30 6948 460143 Barbara Daskala, Risk Management Expert, RiskManagement@enisa.europa.eu

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback