Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/16/2006
01:45 AM
Patricia Keefe
Patricia Keefe
Commentary
50%
50%

Banned On Board: The Ripple Effect Of High-Tech Travel Restrictions

Last week's foiled airline bomb plot, and the subsequent fallout for business travelers--here and abroad--got me to thinking that necessity isn't just the mother of invention, it's also a driver of change, and sometimes, the spark needed to ignite struggling markets and launch new trends.

Last week's foiled airline bomb plot, and the subsequent fallout for business travelers--here and abroad--got me to thinking that necessity isn't just the mother of invention, it's also a driver of change, and sometimes, the spark needed to ignite struggling markets and launch new trends.While the most draconian travel restrictions have so far been limited to the U.K., domestically we also saw a tightening of carry-on policy, and subsequent confusion about whether portable electronics, chief among them laptops, could be carried on board. After banning gels, liquids, and some solids in carry-ons last week, FAA and Homeland Security Officials made it clear that more changes will likely be in the offing, though no hints were given as to what they might be, or when they'd be announced. Of course, we're all expecting to see more, not fewer, restrictions, right? It's not like the nutcases who like to blow up planes are going to go away, or get any less inventive, any time soon! In an interview Sunday on ABC's "This Week," Homeland Security Secretary Michael Chertof left the issue hanging when he said, "I don't see us moving to a total ban on hand baggage at this point."

In the meantime, though, we could see partial bans, and the most logical place to start swinging the security axe has got to be in the digital suitcase.

The average business traveler today is probably packing a minimum of a laptop with wireless connectivity, at least one battery pack, one or more cell phones and requisite chargers, possibly a pager and/or a BlackBerry, and, oh, some form of music--be it an MP3 or CD player. There are also digital cameras, headsets, video players, detachable keyboards, external drives, personal air cleaners, personal fans--even backpacks with built-in speakers and solar chargers. Self-combusting lithium-ion batteries aside, there's a lot of potential firepower there for the resourceful MacGyvers of the terrorist realm.

It's the smart IT department that will start reviewing its mobile and security policies and technologies now, spinning out what-if scenarios and solutions. For example, what happens if laptops and other portable technologies are banned from carry-ons? It's not for nothing that burned into the brain of every business traveler is the first commandment of the road: thou shalt not check thy laptop. Bad things happen to good laptops when they meet baggage handlers and conveyor belts. We all know not to go there. But what if we have to, then what?

Corporate America needs to think this through, as far in advance as it can. Remember all those passengers who showed up for their flights last Thursday, only to find out that they could not carry on what they had brought with them? No one wants to be caught that flat footed--especially when expensive equipment is involved. Since we don't know when the next attack will be, we need to plan ahead.

Various scenarios and questions are already running through my head:

* Will a huge window of opportunity open up for the overnight delivery companies as travelers unable to carry on their laptops and other digital tools, and unwilling to check them, mail them on ahead? It's not so far fetched--we travel with laptops for a reason: so we can give presentations, demos, crunch numbers, respond to memos, write reports and stories etc. And if we can't fly with them in our possession, and we can't be sure they'll arrive when we do, then we'll have to find an alternative mode of delivery. The FedExes, UPSes, and DHLs of the world, meanwhile, would have to come up with packaging and procedures that will guarantee the safety of all those laptops, ironically winging their way through the same airspace as their owners in many cases.

* Will we see a new market opportunity open up for ruggedized or "field" laptops and other equipment? Ever watch baggage being loaded or unloaded? If laptops and other handhelds are banned, and if we have to pack them in our suitcases, it might well be prudent for corporations to consider whether it's time to invest in sturdier equipment.

* Will we see exploding growth in the nascent biometric security industry? With all those laptops floating around between checked luggage and overnight packages, some are bound to get lost or stolen. Corporations may play it sloppy and loose with our personal data, but I'm certain they'll be a lot more interested in protecting their own information. Biometric access controls on laptops and other gadgets should keep most bad guys out, and corporate risk down.

* And what about virtual laptops and e-mail? From online software that gives users a desktop in the browser window through any PC (Sun is a good example), to hard drives that can be slipped into generic machines, to online services that provide access to key office applications (Zimbra is one example), options already exist for travelers who don't want to deal with the hassles of traveling with a laptop. Such services could even be cheaper than outfitting everyone with a laptop and applications. This is a market opportunity that could take off regardless of whether laptops are banned on board.

* Will the ever-a-bridesmaid videoconferencing finally come into its own? If enough people start looking for ways to avoid travel, or cut travel costs, videoconferencing might finally start to catch on in a big way.

* Will we see a drop in productivity, and a rise in social interaction? All that time previously spent hunched over a precariously positioned laptop pecking away between flights and on tray tables might morph into time spent interacting with fellow travelers and passengers. Or, I suppose, even more time spent on cell phone calls. (Perish the thought).

* Will we see new advances in portable technologies and their security come about driven by the need to keep one step ahead of creative terrorists? And will it be difficult, if not impossible, to stay that step head--much as it seems to be with standard computer security today?

* And finally, some of you may be thinking you might as travel naked at the rate this is going. Certainly some travelers will feel naked, if stripped of their digital accoutrements. But, in fact, we will be traveling naked, sort of, and sooner than you think. Remember those special "backscatter" X-ray machines that were being tested about a year ago? You know, the ones that virtually strip you down to your birthday suit? (I guess those comic book X-ray glasses weren't so far off the mark afterall). Initial demos drew complaints and concerns about privacy and modesty issues. We haven't heard too much about them since, but I'm betting we'll be hearing a lot more about them, and soon.

What would you do if your electronics could not be carried on board? We're curious to know what your coping strategies would be in a more restrictive travel environment, and whether your IT department is already looking ahead and thinking about these issues now.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25329
PUBLISHED: 2021-03-01
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previousl...
CVE-2021-25122
PUBLISHED: 2021-03-01
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request...
CVE-2021-27225
PUBLISHED: 2021-03-01
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.