Cyber security border control Amsterdam Airport Schiphol
The Netherlands Court of Audit investigated the cyber security of the border controls operated by the Dutch border guards at Amsterdam Schiphol Airport.
The cyber security of the border controls operated by the Dutch border guards at Amsterdam Schiphol Airport is neither adequate nor future-proof.
Very few, if any, security tests are performed on the IT systems used for border controls.
Two of these systems are currently in operation despite not meeting all the relevant security requirements.
None of the systems are linked up to the detection capacity of a Security Operations Centre.
As a result, there is a risk of digital espionage, cyber crime or sabotage either not being detected or not being detected in time.
The IT systems used for border controls could be disabled by a cyber attack.
This would prevent the border guards from operating proper border controls, resulting in long passenger queues forming at the airport and in flights being delayed or cancelled.
Our auditors found that a sophisticated cyber attack could be also used to manipulate passenger information, thus enabling wanted persons to get past the border undetected.
Action has now been taken to resolve this vulnerability.
In the knowledge that border controls are of vital importance and are set to undergo further automation in the coming years, an adequate level of cyber security must be guaranteed.
It is beyond belief that this has not been the case to date, especially as the Ministry of Defence possesses the necessary expertise.
For this reason, our recommendations are all about ensuring that everything possible is indeed done.