The cyber security of the border controls operated by Dutch border guards at Amsterdam Schiphol Airport

Cyber security of border controls at Amsterdam Schiphol Airport is inadequate

Our audit showed that the cyber security of border controls operated by Dutch border guards at Amsterdam Schiphol Airport is not as effective in practice as it could be. For the purpose of safeguarding the cyber security of border controls, the Minister of Justice and Security makes use of the expertise and IT infrastructure of the Ministry of Defence and Schiphol N.V. Although the Ministry of Defence possesses the expertise needed to guarantee a high level of cyber security, the Ministry does not always make use of this expertise in practice in accordance with the arrangements made in this respect and with its own guidelines. In the light of all the impending technological developments, we believe that the current level of cyber security in relation to the border controls is neither adequate nor future-proof.

Recommendations

We have formulated a number of recommendations for the responsible ministers in order to enhance the cyber security of border controls carried out by border guards at Amsterdam Schiphol Airport.

We urge the Minister of Defence to:

• ensure that the requisite security procedures are adopted as swiftly as possible in relation to the IT system used for the manned passport-control desks, so that the approval procedure can be completed in accordance with the Ministry’s security policy;
• connect the two IT systems used for the border controls for which the Ministry of Defence is responsible as swiftly as possible to the detection capacity of the Ministry’s Security Operations Centre, and give priority to the pre-assessment system (classified as ‘critical’) in this respect.

We urge the Minister of Justice and Security to:

• ensure that the IT system for the self-service passport gates is subjected as swiftly as possible to the approval procedure prescribed by the Ministry of Defence’s security policy, that Schiphol N.V. adopts, both now and in the future, all the requisite security procedures, and that the system is approved by the security authority at the Ministry of Justice and Security;
• reassess whether the planned transfer of ownership of the self-service system to Schiphol is accompanied by adequate cyber security safeguards;
• connect the self-service system as swiftly as possible to the detection capacity of Schiphol N.V.’s Security Operations Centre.

We urge the Minister of Defence and the Minister of Justice and Security to act jointly in:

• subjecting the three IT systems used for border controls as swiftly as possible to annual security testing in accordance with the Ministry of Defence’s security policy;
• ensuring that the Ministry of Defence and the Ministry of Justice and Security work together with all relevant partners in the supply chain in conducting exercises in managing crises caused by a cyber attack directed against the three IT systems used for the border controls at Amsterdam Schiphol Airport.

Why did we audit the cyber security of border controls operated by Dutch border guards at Amsterdam Schiphol Airport?

Due to the importance of Amsterdam Schiphol Airport and the huge volume of personal data involved, the border controls could well form an attractive target for hackers. Handling almost 80 million passengers every year, Amsterdam Schiphol Airport is not merely the country’s main airport, it is also a vital gateway to Europe and the European Union (EU) – and Europe’s second biggest transport hub. For the purpose of these border controls, the border guards make use of personal data on passengers from all over the world. Such data include information on nationality, itinerary, travel companions and also (in some cases) on criminal records. A number of incidents in the past bear witness to the fact that attackers are interested in obtaining this type of data. For example, the personal data of millions of passengers were stolen in cyber attacks directed against the US border protection agency and US airlines.

What audit methods did we use?

Our audit centred on the following six audit questions:

1. hat is the context of the border controls operated by the border guards at Amsterdam Schiphol Airport? What processes are involved? What IT systems are used to support the border controls?
2. What preventive cyber security measures have been taken in relation to the IT systems used for the border controls?
3. What measures have been taken for detecting cyber attacks and are these adequate?
4. How do these detection measures operate in practice? Do they offer sufficient protection?
5. What response scenarios have been developed for cyber incidents? Are they adequate?
6. How do the response scenarios operate in practice? Are they adequate?

We used the cyber security framework adopted by the National Institute of Standards and Technology (NIST) as our guide in answering audit questions 2-6. The NIST is part of the US Department of Commerce. Its cyber security framework is widely used all over the world and has links with security standards and models such as ISO 27001 and COBIT. The framework consists of five main functions two of which, i.e. Detect and Respond, are particularly relevant to our audit. We used the categories into which these two main functions are divided as tools for analysing the wide range of activities performed in relation to the cyber security of border controls. Our final opinion on the cyber security of the border controls is not based exclusively on whether or not it meets the specific criteria listed in the NIST framework. Our opinion is a qualitative opinion, based on our findings in a broad sense in relation to each category.

Current status

The Minister of Defence and the Minister of Justice and Security responded to our report on 27 March 2020. Our audit report contains the full text of their responses.