The cyber security of the border controls operated by Dutch border guards at Amsterdam Schiphol Airport

The cyber security of the border controls carried out by Dutch border guards at Amsterdam Schiphol Airport is neither adequate nor future-proof. The IT systems used for these border controls are subjected to very few, if any, security tests. The software for two of these IT systems is currently being used despite not having passed the requisite approval procedures. And the systems are not linked up to the detection capacity of the Ministry of Defence and Schiphol N.V.

The cyber security of the border controls operated by the Dutch border guards at Amsterdam Schiphol Airport is neither adequate nor future-proof. 
Very few, if any, security tests are performed on the IT systems used for border controls. 
Two of these systems are currently in operation despite not meeting all the relevant security requirements. 
None of the systems are linked up to the detection capacity of a Security Operations Centre.
As a result, there is a risk of digital espionage, cyber crime or sabotage either not being detected or not being detected in time. 
The IT systems used for border controls could be disabled by a cyber attack. 
This would prevent the border guards from operating proper border controls, resulting in long passenger queues forming at the airport and in flights being delayed or cancelled. 
Our auditors found that a sophisticated cyber attack could be also used to manipulate passenger information, thus enabling wanted persons to get past the border undetected. 
Action has now been taken to resolve this vulnerability.
In the knowledge that border controls are of vital importance and are set to undergo further automation in the coming years, an adequate level of cyber security must be guaranteed. 
It is beyond belief that this has not been the case to date, especially as the Ministry of Defence possesses the necessary expertise. 
For this reason, our recommendations are all about ensuring that everything possible is indeed done.

Bestuurlijke boodschap

Cyber security of border controls at Amsterdam Schiphol Airport is inadequate


Our audit showed that the cyber security of border controls operated by Dutch border guards at Amsterdam Schiphol Airport is not as effective in practice as it could be. For the purpose of safeguarding the cyber security of border controls, the Minister of Justice and Security makes use of the expertise and IT infrastructure of the Ministry of Defence and Schiphol N.V. Although the Ministry of Defence possesses the expertise needed to guarantee a high level of cyber security, the Ministry does not always make use of this expertise in practice in accordance with the arrangements made in this respect and with its own guidelines. In the light of all the impending technological developments, we believe that the current level of cyber security in relation to the border controls is neither adequate nor future-proof.

Aanbevelingen

Recommendations


We have formulated a number of recommendations for the responsible ministers in order to enhance the cyber security of border controls carried out by border guards at Amsterdam Schiphol Airport.

We urge the Minister of Defence to:

  • ensure that the requisite security procedures are adopted as swiftly as possible in relation to the IT system used for the manned passport-control desks, so that the approval procedure can be completed in accordance with the Ministry’s security policy;
  • connect the two IT systems used for the border controls for which the Ministry of Defence is responsible as swiftly as possible to the detection capacity of the Ministry’s Security Operations Centre, and give priority to the pre-assessment system (classified as ‘critical’) in this respect.

We urge the Minister of Justice and Security to:

  • ensure that the IT system for the self-service passport gates is subjected as swiftly as possible to the approval procedure prescribed by the Ministry of Defence’s security policy, that Schiphol N.V. adopts, both now and in the future, all the requisite security procedures, and that the system is approved by the security authority at the Ministry of Justice and Security;
  • reassess whether the planned transfer of ownership of the self-service system to Schiphol is accompanied by adequate cyber security safeguards;
  • connect the self-service system as swiftly as possible to the detection capacity of Schiphol N.V.’s Security Operations Centre.

We urge the Minister of Defence and the Minister of Justice and Security to act jointly in:

  • subjecting the three IT systems used for border controls as swiftly as possible to annual security testing in accordance with the Ministry of Defence’s security policy;
  • ensuring that the Ministry of Defence and the Ministry of Justice and Security work together with all relevant partners in the supply chain in conducting exercises in managing crises caused by a cyber attack directed against the three IT systems used for the border controls at Amsterdam Schiphol Airport.
Maatschappij

Why did we audit the cyber security of border controls operated by Dutch border guards at Amsterdam Schiphol Airport?


Due to the importance of Amsterdam Schiphol Airport and the huge volume of personal data involved, the border controls could well form an attractive target for hackers. Handling almost 80 million passengers every year, Amsterdam Schiphol Airport is not merely the country’s main airport, it is also a vital gateway to Europe and the European Union (EU) – and Europe’s second biggest transport hub. For the purpose of these border controls, the border guards make use of personal data on passengers from all over the world. Such data include information on nationality, itinerary, travel companions and also (in some cases) on criminal records. A number of incidents in the past bear witness to the fact that attackers are interested in obtaining this type of data. For example, the personal data of millions of passengers were stolen in cyber attacks directed against the US border protection agency and US airlines.

Methoden en normen

What audit methods did we use?


Our audit centred on the following six audit questions:

  1. hat is the context of the border controls operated by the border guards at Amsterdam Schiphol Airport? What processes are involved? What IT systems are used to support the border controls?
  2. What preventive cyber security measures have been taken in relation to the IT systems used for the border controls?
  3. What measures have been taken for detecting cyber attacks and are these adequate?
  4. How do these detection measures operate in practice? Do they offer sufficient protection?
  5. What response scenarios have been developed for cyber incidents? Are they adequate?
  6. How do the response scenarios operate in practice? Are they adequate?

We used the cyber security framework adopted by the National Institute of Standards and Technology (NIST) as our guide in answering audit questions 2-6. The NIST is part of the US Department of Commerce. Its cyber security framework is widely used all over the world and has links with security standards and models such as ISO 27001 and COBIT. The framework consists of five main functions two of which, i.e. Detect and Respond, are particularly relevant to our audit. We used the categories into which these two main functions are divided as tools for analysing the wide range of activities performed in relation to the cyber security of border controls. Our final opinion on the cyber security of the border controls is not based exclusively on whether or not it meets the specific criteria listed in the NIST framework. Our opinion is a qualitative opinion, based on our findings in a broad sense in relation to each category.

Hier zijn we

Current status


The Minister of Defence and the Minister of Justice and Security responded to our report on 27 March 2020. Our audit report contains the full text of their responses.