(via Bruce Schneier’s blog)
I know that neither of my visitors likely share my fascination with computer and physical security, but I still like to share interesting stories I read about security problems. This one, in particular, caught my eye because I’ve pointed out the same potential problem numerous times in real life (yes, I actually interact with people not online at times). Here is the full story from the link:
An investigation is being conducted into a security breach at Dublin Airport last week.
A female member of the airport search unit is undergoing re-training after the incident in which a Department of Transport inspector passed unchecked through security screening.
It is understood that the department official was waved through security checks having flashed an official badge. The inspector immediately notified airport authorities of a failure in vetting procedures. Only gardai are permitted to pass unchecked through security.
Informed sources said the incident which took place last Tuesday was a ‘‘procedural’’ breach.
Flash a badge that looks like the right one, and through you go without screening.
I’ve worked places where security requirements are such that all employees must pass through metal detectors and have all packages hand inspected. All employees except the security guards, that is. I’ve worked places where security requirements are such that all contract employees must pass through a metal detector and have bags passed through an X-Ray machine, but company employees don’t have to submit to any inspection.
In each of these cases, consider who the most likely culprits are in cases of stolen equipment or prohibited items making their way inside the security perimiter. But if you state the obvious answer, you’ll be accused of having a bad attitude because you are in the former groups instead of the latter.
So, continuing with the above article, this is a failure where someone in charge of screening allowed someone who upon cursory inspection appeared to pass the “allowed to enter without screening” requirements, and was therefore allowed to enter without screening. This risk can be reduced somewhat with better inspections than cursory, but it can be reduced even more by getting rid of that exception. Of course, this won’t happen, because too many those in charge of physical security prefer to consider their groups outside the need for physical security checks. Isn’t it ironic?
[tags]Security failures[/tags]