This one reads like the script for some cybersecurity-related TV show.
Only this is for real, and it raises questions about both cybersecurity and physical security at London's Heathrow Airport.
Man finds Heathrow plans on USB Drive in the street
Here's how it all went down in London: a man found a USB drive on the ground about 10 miles from Heathrow Airport.
He later took it to a library and plugged it into the computer, curious to see what was on it. He realized it was significant and not for public consumption.
He then turned it over to the Sunday Mirror so the media outlet could look into it.
Secret Files, unencrypted, on Heathrow USB
Here are the chilling details of what was discovered on the Heathrow USB found on the ground.
- Routes & Safeguard for the Queen and foreign dignitaries when they are passing through Heathrow
- Maps showing the locations of all CCTV cameras
- ID requirements for accessing different areas of the airport
- Details on the ultrasound protection system used to protect the perimeter fence and runways
- 76 folders with 174 documents, in all
- Several documents marked "secret" and "confidential" that could be read when opened
Cybersecurity questions after Heathrow USB stick found
Here at SecureWorld, we have worked with plenty of CISOs who can only take sensitive information on the road with them when it is encrypted on a laptop--no USBs allowed. This would be a great example of why "extreme" policies like this exist.
Was Heathrow's network hacked and the information on the USB stolen by an outsider?Did an insider threat situation play out? If so, what Identity and Access Management procedures does Heathrow follow?
If this was legally accessed information for a legitimate purpose and accidentally dropped, what needs to change in the way the employees handle such sensitive information?
Maybe we've seen too many cyber-related shows. But this seems like information that could be worth a lot of money if up for sale to terrorist groups or nation-state actors who would like to attack the west or target specific VIPs as they pass through Heathrow Airport.
So what does the airport say about this?
In a statement to The Independent it says, “We have reviewed all of our security plans and are confident that Heathrow remains secure. We have also launched an internal investigation to understand how this happened and are taking steps to prevent a similar occurrence in future.”
A highly confident statement "that Heathrow remains secure" considering secret and confidential plans on physical security for the airport