Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Oktane19: Modernization to Enable Seamless Customer Experiences with Dubai Airports

  • Transcript
  • Details
  • Related Content

Share:

Speaker 1: So I'm gonna chat through a few slides before introducing our customer speaker. So, just a little bit of background. The cloud and digital have really changed how we interact with organizations whether you are an employee, a partner, or a customer. So starting from the employee side of things if you think about your workforce there is an unbelievable number of cloud applications that are now available to your employees and you wanna use them in order to make them as efficient and productive as possible but at the same time you have a lot of your on premise software, your existing stacks as well that you had to provide them access to.

Speaker 1: Also you have partners and customers that you need to think about as well, and increasingly you're building custom applications for them but you also need to give them access to the core things that your workforce has available as well. And what's important is you also need to bring these experiences out to your partners in a very timely manner. So getting out these experiences as quickly as possible and that requires some additional skills that your IT teams as well as development teams need to have.

Speaker 1: And so this represent an unprecedented opportunity to address all these various constituencies and to bring value to your organization. At the same time there's unprecedented risk as well, because as your exposing these applications, especially outside of your core audience of employees, you are, you have to think about, well how can we do this in safe manor. And so there's a lot of data here around, think about employees as, almost potentially the weakest link in your security infrastructure right? If you think about credentials, there's a lot of account take overs, there's a lot of fishing, you guys, our cliché hacker yesterday on the keynote stage, there's a lot of people out there that are trying to get into your defenses.

Speaker 1: And at the same time as you think about your partners and customers, they are also a huge asset of yours, but exposing all of these core assets, your intellectual property out to them is also potentially very very risky. And so we think about identity as being really core to how you can address the needs of every single one of these constituencies. From a workforce perspective, identity allows you to modernize your IT infrastructure.

Speaker 1: From a customer experience and a partner experience, identity allows you to really define that experience and to optimize what that experience looks like. And so we're increasingly seeing a lot of our customers moving towards this idea of a single identity platform to address the needs of all of these various constituencies that you have to think about. So whether you have your employees, your partners, your suppliers, on the one hand, as well as developers that are creating all of these custom applications for your business.

Speaker 1: Having a single identity fabric across all of them provides a way to optimize the experience as well as keep your IT teams very very productive. It allows you to lower the total cost of ownership when it comes to identity. So to talk a little bit more about what this means in real life, I'd like to welcome our next speaker, Michael Ebiton, EVP of infrastructure and technology at Dubai Airports.

Michael Ebiton: Alright good morning, everybody. If you'll notice on the sign outside, you might have been expecting someone called Tarick Chowder to give this presentation. Unfortunately, Tarick applied for his US visa three weeks ago and didn't get it in time so you got me instead. So I hope that's okay.

Michael Ebiton: He's Canadian born so it was a big surprise that, due to his name he wasn't allowed in so, a bit of an interesting one there. So, what I want to talk about today was our journey as Dubai Airports that we've been on over the last three, three and a half years. I personally joined the business three years ago and what we had as a, IT infrastructure, our set of IT systems was very traditionally on premise. And if you look at the slide, couple of slides ago, of those applications on the inner circle we had everything but SAP. And we had none of the ones on the outer circle.

Michael Ebiton: Now on the ones on the outer circle we have everything on that list except G-Suite. So, we've really been through a dramatic transformation over the last few years. First of all though, I wanted to get into a bit more detail as we go along here, I just want to tell you a little more about Dubai Airports and what we are. First of all, customers, who here has been on an airplane, could you raise your hand?

Michael Ebiton: Alright, so hopefully you're all potential customers, who here has been on Emirate or flown through Dubai Airport at any point and time? Okay, a reasonable number. Not unlikely, we service 90 million international passengers a year through our primary airport, DXP. And, which is more than the population of the United Kingdom so it's a good number every year. Makes us the third biggest airport in the world behind Atlanta and Beijing.

Michael Ebiton: But as they have massive domestic operations, we like to promote ourselves as the biggest international airport in the world. Because all of our passengers are flying transcontinental usually. On massive long journeys. And Emirates, our biggest airline has only triple sevens and A380s in their fleet so we have quite a massive operation going on. We have two run ways, service around 400 and ten ten thousand air craft movements a year. Two and half million tons of freight. So it's quite a big operation we have going on.

Michael Ebiton: We actually have a second airport called DWC. I don't know how the C got dropped down there but, that only serves us about a million passengers a year right now and about 35000 aircraft movements. But interestingly enough, a million tons of freight and that put it in, when I joined it was in the top twenty airports in the world for freight. And that number is likely to increase before it becomes a passenger, a major passenger facility. The ultimate design of the DWC airport is one of five runways and an enormous capacity of two hundred million plus passengers.

Michael Ebiton: However I think we've got a certain amount of time to go before we actually, before it actually builds out to that full design, but strategically placed in the city, sixty kilometers from the existing airport to leverage on the growth of Dubai. And the growth of the United Emirates as well. Now we as a company, and as a technology team, we have a massive set of infrastructure. One of the largest digital networks in the Emirates. From a consumer perspective, probably the third biggest behind the Tislatin Due, who are the two big service, Telco service providers in the country. Obviously there are some government and military networks that are quite large as well, but from a consumer facing perspective were one of the biggest.

Michael Ebiton: And, we have one of the world's best Wi-Fi products as tested by our consumers, we offer completely unlimited wi-fi for all of our passengers and that means unlimited bandwidth as well, you're only constrained by the capacity of the access point you're connected to. Which means you can get speeds of a hundred or even up to two hundred meg on your device if you're in the right place in the airport. And concurrently at peak that means 20 to 22 thousand people connected and getting that level of service. So we really have a very exciting and dramatic proposition for our passengers compared to many airports in the world that still charge you 25 dollars an hour for one meg of bandwidth.

Michael Ebiton: And we're hoping that many of those come on board with our concept as things develop in the future. But more then just that, my actual role also include the infrastructure of the airport. So whilst I'm responsible for the entire IT stack, two years ago my boss asked if I would take on board the whole infrastructure of the airport and to put that into some numbers for you, 52 thousand lights on the airfield, 140 kilometers of baggage infrastructure, conveyors and chutes and security screening technology. Six and half thousand CCTV cameras of nearly five thousand security access control doors. Three and half thousand wireless access points. 110 thousand network points. 800 servers, 14 internet links.

Michael Ebiton: The airport is enormous because what we haven't put on here is also the chilled water infrastructure, the electricity infrastructure, and all of those other aspects. And we're now in a very extensive program of putting censors throughout the whole airport, connecting everything to the network, pulling the data from them, and then we're gonna get into predicative maintenance, with your energy management program also, fits under me. And we've been driving down our energy costs and our carbon footprint and we have a mission to reduce our energy bills from the 2015 baseline by 20% by 2023 and based on contracted commitments with energy efficiency companies we're already, we've already achieved about 80% of that reduction.

Michael Ebiton: We'll definitely be delivered by 2021 so we got about another 20% to find. And that has helped really improve the bottom line of our business by ensuring that we can become more profitable, not by necessarily driving more passengers through the airport but by making it more efficiently run. And of course technology playing a key role in joining all of that together.

Michael Ebiton: So how did we land where we are with that transformation program? Which has taken us from an on premise IT, traditional IT provider to one that's highly integrated in the could and to give you some idea of what systems we have our entire flight information system, all the screens on the airport are run out of AWS. You'll see in a moment some really cool apps and stuff that we share with our stakeholders. That's also run out of AWS, We run Splunk for real time data analysis.

Michael Ebiton: We collect roughly about 22, 23 billion data points every six months from the infrastructure. And then we analyze it and report in real time on it. And Splunk, we have a Tableau implementation for historical reporting. So we really have gone on a dramatic transformational journey around our technology and it's been really exciting to be part of it.

Michael Ebiton: Dubai overall has an overall city side, or statewide if you want to think of it, Dubai as a state within the United Arab Emirates, has a state wide cybersecurity strategy in place. Now, it has good and bad because they act as a regulator to our business, so, it's very helpful to have the ability to justify investment because you have some regulations, it's not always helpful that some of those regulations might challenge some of the things you actually want to achieve about how you want to deliver.

Michael Ebiton: But overall it's a positive because it really helps with our investments, and we've able to make significant investments in securing the airports technology infrastructure. Now, the cyber strategy of the state focuses on innovation, promoting research and development and Dubai has a big overall strategy in encouraging startups and technology developments and one of the biggest startups in Dubai, a company called Kareem, was recently sold to Uber for over three billion dollars in what was probably the biggest start up merger or acquisition in the history of Dubai and hopefully they are looking at many more of those in the future.

Michael Ebiton: Cybersecurity protecting the confidentiality and integrity of data, cyber resilience, protecting the availability of data, and this is really interesting because this is I think an area where the regulations and the reality of technology start to clash. And, the views of people like myself and the views of the regulators may differ here but I think the results that we're getting, and as I'll demonstrate later when we talk about some of the incidents that we've had. As an airport that's an international brand of course we are a target. That I think our strategy of diversifying services across multiple providers is proving to be far more resilient and secure then focusing on everything on premise or in country in just one or two data centers.

Michael Ebiton: National, international collaboration, so, the state has a state wide cybersecurity operation center that we integrate with which provides us additional intelligence and insight which is very useful. And a cyber smart society and basically this is trying to ensure that everybody across society understands their responsibilities and the threats and the risks that are out there for them. And of course this is especially important for our own staff, of which we have 3000 thousand directly employed staff, but we support the IT services of around a 100 thousand people working on the campus.

Michael Ebiton: And of course every single one of those 100 thousand people is a potential weak link in the chain around securing the airport and it's operation. So, if we look at our identity history, prior to 2015, it was a very traditional on premise, active directory environment. And then, during 2015 the company, now I only joined in January 2016, so this was actually slightly before my time but fortunately, the CEO was very open to my ideas during my precontract and not as peer for my previous employer. And took my input into a number of their projects.

Michael Ebiton: And one of these things that they were looking at was, provision of an on premise identity management solution to support the rollout of a new HR platform. But the identity management solution they were looking to choose, was provided by the HR platform provider. And it wasn't really going give us the integration and the flexibility long term that I knew we needed to be successful long term. So I managed to convince the CEO to let us turn around that decision and before I actually joined the company, convinced the organization to go to market for a cloud based identity as a service platform.

Michael Ebiton: And all of the usual suspects were invited to bid, and Okta was obviously as we now know, the most successful on that journey and we actually acquired Okta as the first platform as part of our overall digital transformation and moved to the cloud. And it's actually really good that Okta was the first one in the door, because it set the standard for us moving forward now, with any other application that we purchased, or software as a service platform that we purchased, it had to be Okta integrated. And it really eased the path of rolling out these applications, as we moved forward after the start of 2016.

Michael Ebiton: And now of course SAML integration is actually a standard requirement of any RFP that we release. So, you know we went with Okta, not a surprise, we had in the first year, we onboarded 30 applications and rolled it out to 3000 employees, which was quick and pleasing and had the impact that we needed and I personally needed to demonstrate to the organization that this new CIO who was ten years younger then any other exec member had a good idea and knew what he was doing. Which was very useful and helpful.

Michael Ebiton: In the second year we onboarded another 30 applications and we stand over 60 odd applications now in our Okta portal. Any new application that joins our business gets added, some of the other legacy applications aren't there yet because they might have a phase out plan, we're not actually driving too much on sorting those out. But anything new that comes in now is done that way. We added Okta as a portal for our stakeholders to access our applications, this is something I particularly want to focus on in a minute because I think it's really, a nice use in the aviation industry. Where we service seventy to eighty different airlines plus a 100 to 200 other companies operating on the airport campus. And we want them all to provided an amazing level of experience for our passengers.

Michael Ebiton: And to do that they need as much data and understanding of what's happening in the Airport, so being able to have them as easily access our applications through an Okta portal on any web browser, tablet, or smart phone, has proven to be extremely useful, and one of our applications specifically which I'll demonstrate in a minute has 20 thousand users even though we are a company of only three thousand. Those 20 thousand are use, people working for one of the organizations that helps deliver the overall service the airport. Airport's a fun and complex environment to work in, and we, we're trying to make a difference in a way that other airports haven't understood yet.

Michael Ebiton: And as I said SAML integration has now become an absolute standard and requirement for any application introduced into Dubai Airport, and any application that any business unit is interested in bringing in, if the vendor can't support SAML then they either don't get to progress in the tender process or they have to make a commitment as part of their contract to deliver it. And it's really important to hold that strong line because if you don't, you'll end up with a perforation of applications where you have identity problems.

Michael Ebiton: So, if you look at it today, our Okta page looks something like this. This is a relatively unmanaged one. Obviously people move it around, do their own things with their tabs and what have you. Training in development for our staff on their technology savviness, their ability to be what they call it here, digital natives. We have a workforce where many people have been in the airport for 15 plus years and getting them to use something as simple as the Okta portal is not actually a simple as it is for many people in this audience.

Michael Ebiton: So we have a team of people who go around and work on the adoption of these tools, run training sessions where everybody from the fire service to the CEO's office to try and get them used to using these tools and adopting them in greater numbers. And, while it's rolling out these tools and installing them is easy and quick, now that we have the right architecture in place, the hardest thing is getting people to use them properly. Great example for us is Box, we have it rolled out for 3000 people, we have over a million downloads and uploads a month. But we have something like 50000 views of content. So people are using the browser, they're just using box sync.

Michael Ebiton: And this is a massive mind shift, change, mindset shift that we have to take them through to help them understand the collaboration parts of these tools, the notes, the tasks, options, the commenting options. To try and drive them through into this new way of collaborating online. Our airport is huge and we have another airport 60 kilometers away and the number of face to face meetings is just incredible. It takes 30 minutes to drive from one side of our airport to the other around the perimeter road. And people would rather do that for a meeting then just use a video conferencing tool that they have built into their laptops and desktops.

Michael Ebiton: And they like to waste four hours a day driving from one place to another rather then doing something more productive so we have a huge mission to go on to get other people to understand these tools better and better, and use them better and that's what our focus is moving to rather then deploying new applications and new capability now, it's more about adoption.

Michael Ebiton: I'd like to just who you a little bit, I'm gonna drop out of the slide deck, here and I'd like to show you some of our applications. So apologies that there's no plugging on this laptop. But I uploaded before we started a couple of interesting examples. Alright, this one page will reload because it's using significant energy, nice. So, this is one of the applications that we use with our airport stakeholders. And what you seeing here now is absolute realtime live operations on our airfield at the airport.

Michael Ebiton: So if you have a tablet or a pc and a web browser and you're given a Dubai Airports log in you can have this application. Cause it's all run in a browser and it tells you all kinds of interesting things, this Airplane just landed. And, it flew in in this direction, landed on this runway and now it's gonna taxi over to this stand and it's gonna park there. Now one of things that were working at the moment is developing this into more detail, integrating it with the lighting system which thankfully is also my responsibility which will determine the root that the taxi takes because the lights change to let the pilot know where to drive.

Michael Ebiton: So one of the future options in this one is to actually show that dotted light not as a straight line but actually as a root that the pilot will be taking. Now if you start to think about what opportunity this creates along the term, integration with the aircraft, you no longer have to have traditional air traffic control and surface movement control when you could be providing this data live into the aircraft so the pilot could see the root he's taking and then follow the lights on the floor which lead in there.

Michael Ebiton: So, some really interesting opportunities, this plane here which is just taking off, see if I can get it's root, so this one came from this stand here, taxied around the end of this runway down here, and then it's on it's way, UAE524, don't know where that was going but it's a Boeing 777. Now if we look at the ones parked around the terminal building, we can see more information, this one's on F19, block two, one two, type 8380, next flight is EK203 and it's got two hundred and sixty six minutes before it's gonna depart. The next version of this software which unfortunately is in out testing environment, I can't show you. Actually also shows you which passengers came from which Airplanes to get on this one. And where the passengers were going from the arrival flight as well. And it connects with nice lines going all across this to show you where all the passengers are going.

Michael Ebiton: The assimilation of all of this data is really important for our state holders to know and understand then be able to make better decisions around. Now this is the airfield view and we can do, we've got all kinds of data in here and we can switch too all this kind of aviation data terminology about lists of aircraft and where they're gonna be flying to and whether they're on time and whether they're their late or not and you can see it all laid out nicely.

Michael Ebiton: We can also zoom into specific concourses, such as our concourse C. And see more detail about those specific stands and what's happening with them. The next version of this software because it's being developed in layers allows you to zoom into the building and actually see what's happening in the building which is pretty cool. We also thought it it was quite important that all of our different entities could see things in different ways so we have the ability to turn on and show you what's happening with, that's the button I was looking for. By Airline. So now we've been able to see which are the Emirates aircraft, which are the other airlines, which are FlyDubai.

Michael Ebiton: You see these 10 blue FlyDuabi aircraft here. Their Boeing 737 max aircraft awaiting their software updates. So, they won't be flying for another four or five weeks yet we've heard. But they'll be coming back into service at some point, we actually have 13 of those parked around the airport. So this, this ability to transform the view based on the stakeholder need is something that's really important and the other tab that I want to show you is our airport community app. So this is actually available on your mobile phone, but we also have this desktop view where you can basically line four phones up side by side.

Michael Ebiton: And what's you're seeing right here now is, this shows you how many passengers are coming into the airport in the next hour into each terminal. How many are departing in the next hour. And then the number of bags related to those passengers as well. And then you can see this chart here which shows the last twelve hours of profile of people departing from Dubai, arriving, and then the next twelve hours, prediction of those departing from Dubai, plus, if I drop down here, if I can figure out how to do it. You also have the transferring logs, and you can see here in this peak, you've got around two and half thousand people arriving, departing from Dubai, and around 8000 who are transferring.

Michael Ebiton: Now I can tell you my younger brother and his family are one of those 8000 right now, sitting in a restaurant inside Dubai Airport, enjoying the delights of that on their way to Australia. This queue status one, here we have a list of all of the checkpoints in the airport and how their queues are doing. Or lines as you call them in the US. A green spot here means it's all good and we don't have to worry about it. What does all good mean? Less then 50 people in the queue, less then five minutes. As soon as it goes over that metric it becomes orange, if it goes over a 150, people in the queue in ten minutes, then it goes red.

Michael Ebiton: Now then what we've got, is a very nice capability to see live inside a particular area, so I go to just terminal three, or is this terminal one? It might be terminal one. If I go to terminal one immigration, standard desk, there are a 164 people in the queue currently waiting for minutes each. And there are 36 processing points open out of 37. So probably being handled quite well, click on live view, and you get this. And you get this view here, which shows you the actual movement of the people in the area. Now for police and immigration, or in the US, CBP, this is highly useful data, of course all of these for bash boards that I'm showing you here.

Michael Ebiton: Because now, I can see what the loads are coming, I can understand what staff I have deployed, I can see how many people are currently in the queue, how long they are waiting, and then if those queues or the wait time gets to long I can deploy more people or in fact hopefully I can predict this better and I'll deploy more people five or ten minutes before that's required. The impact this has had on the airport by being able to share these applications across all those stakeholder groups has been phenomenal. When we first started rolling these things out in the middle of 2016, we had an average queue time for every passengers across all the touch points of over eight minutes. Now it's four and half. Averaged out throughout the whole year.

Michael Ebiton: So you should spend on average no longer then four and a half minutes waiting in all the collective queues across our airport, that's check in, immigration, and security. Were quite proud of these records but we really want no queues at all, anywhere in the airport but obviously there is sometime to go before we achieve all of that but as we bring out more technology, we have more historical data, like we have two years of data now in our data warehouse for us to understand this. Run analysis on, start doing things like machine learning and AI to start actually getting more to the core of these issues.

Michael Ebiton: This live view, the people in red by the way are the ones queuing up, the people in white are moving into a queue or being processed. And the people in blue are using their self service immigration options which you can use if you're registered or a resident or citizen of Dubai. Or the UAE actually overall. So, really highly useful intelligent data simply provided to the mobile phones of every police officer, every immigration officer, every operations staff across the whole airport. And as I said this application as you see it here is in use on 20000, by 20000 staff members who will be using it on their smart phones and tablets across the airport.

Michael Ebiton: So that's a little demo of the stuff that we've been doing. I thought it was quite helpful and useful to understand how Okta has helped bring those applications to such a wide group of people and help drives performance for us. I wanted to use just the next ten minutes, so the final ten minutes to just talk about some of the way that Okta has also helped us in managing our cybersecurity position and how this is helping us overall.

Michael Ebiton: We as I said earlier, large international airport, a very big brand, in the middle east and around the world connected very closely with Emirates of course. We are a constant target for people who want to politically attack the UAE, or commercially attack our operations and we deal, we just set a up a huge cyber defense center that we're now, we've got all the software and all the platforms in place, the physical building that will house it will be ready later this year. And we're now operating that platform to predict and thwart attacks in real time as continually assess what's going on around us.

Michael Ebiton: Now, we're not immune to threats and back in the end of December, 2018 and start of January, we noticed some strange behavior that became alerted to us through our Okta API, what we now know is that our global address list was exposed through a weakness in outlook web access historical protocols. Actually it's a known weakness that many companies have exposed unwittingly through the outlook web access protocols. How this manifested itself as you'll see in the next slide, that as a new year approached, and whoever the attackers were obviously felt that New Years Eve was a good time time to be attacking somebody because they might not be concentrating to hard on what was going on.

Michael Ebiton: As you can see also on the 29th there was a small spike in failed login attempts. Now at the time that didn't really pick up much for us, some failed login attempts, but what we did notice was the number of failed login attempts were across exactly the number of account in our active directory. So we still use active directory for the back end but of course Okta is our front end log in tool. Single sign on log in tool.

Michael Ebiton: On the evening of the 31st of December, that number of attempted logins spiked at nearly 40000. When our normal run rate was a few hundred a day. So what was happening was somebody had obtained our global address list, therefore extracted usernames, email addresses and then tried to password spray our environment. Now this particular weakness is OWA would allow them to circumvent our MFA capability for certain applications. Not all applications but for certain applications, so they were password spraying and trying to find their way in.

Michael Ebiton: Now interestingly enough, our cloud services strategy really helped us here for two reasons. Inevitably they found few accounts with weak passwords, and managed to get through. Actually it was eight over three thousand. And of those eight, nothing was particularly sensitive in terms of the seniority of the users. So, that was probably, relatively good luck. They did find our CFO's account in terms of under stat from the address list, they understood who the CFO was and they really tried to attack that one and we noticed that pattern of activity and we locked down the account so they couldn't go any further.

Michael Ebiton: What was, fascinating to us was, once they got into those eight accounts, they were unable to go laterally with our IT arch, infrastructure and architecture because, when they tried to go say, from one application to say box, box would then have different authentication requirements as they demanded the two factor authentication requirement. And it blocked the from moving laterally. So our attack was contained by the resilience created by having multiple software as service providers which didn't allow them to move laterally.

Michael Ebiton: We later found out that the whole attack was politically motivated and that other entities within the UEA had been attacked, they were exactly the same profile of attack but they had on premise data centers and the attackers had moved laterally within their data centers and obtained other data. So it was really, concerning that we were attacked, great that we spotted it as it was happening and managed to thwart it. Difficult and really great from an architecture and static perspective that our strategy of diversify, diversifying our services had really worked out for us.

Michael Ebiton: Now the other thing that also happened at he the same time, and this is a lesson for everybody to learn, is that we have MFA set up, we use Okta MFA. And there was some misuse of MFA going on in our business. So we found through this attack and the subsequent review of it that some people whenever they got this prompt on their phones were just clicking green regardless of what it said. And what the reason, who was trying to login from where.

Michael Ebiton: So that's part of our education mission, that's part of the challenge that we have in educating our users what these tools are for, they're not just there for the sake of your inconvenience, they're there from the safety of the company. We also had, when we set up MFA, we'd done a self registration process to allow 3000 people to get on board as quickly as possible. We hadn't turned of the self registration which meant that any account that, somebody has password sprayed and got the username and password so they could then set up MFA for themselves.

Michael Ebiton: And we had one instance of them comprising the MFA but it was a low level employee without hardly any access to any data so thankfully we'd be able to find that and cut that one off as well. But just a lesson learned for everybody there that rolling out MFA is great and important but you also have to remember that then future registration into MFA needs to be protected after the initial rollout.

Michael Ebiton: So we found that this attack was coming from multiple countries at the same time and another thing that was nice, because we were using multiple cloud providers, the one that was specifically being attacked, they, they're own infrastructure recognized seven of the eight origin IP addresses as, high risk and the blocked them automatically. Which limited the attackers back to one place.

Michael Ebiton: And, that one place we decided that, we reviewed it against our business requirements and we have no service provision from any company in that country so we decided that the best course of action was just to block log in attempts from that country for the next two weeks because one all those other IP addresses been thwarted we could now identify where the attacks were coming from. And slightly politically sensitively, it was this country where all the attacks were originating.

Michael Ebiton: Now actually as it happens, as we now known having researched this more and more, they were being used as a conduit from another country. Of which I won't give that one away but it was really interesting to see how this was coordinated across the world. So we needed to add geo blocking, and we needed to add it specifically against this country to ensure that all of the attempts at getting into our infrastructure were then turned of completely because of course they were going to continue doing that. We didn't have adaptive MFA so we couldn't turn this on for ourselves, however and this is the important thing about having a partnership with a company like Okta, we picked up the phone, we said this is the situation, can you help us. And Okta turned on adaptive MFA for us and we blocked all log in attempts from that country within two hours of picking up the phone.

Michael Ebiton: And then over the next course of the next couple of weeks, we actually acquired the full adaptive MFA licenses and then we now have that as one of our products because as a company the rest executive and we brief them on this whole thing realized how important it was to actually have this flexibility in our own hands and not have to call on a third party to give us generous support in our time of need. And, so that was, something that thankfully successful and we managed to resolve, come out of the other side of it, brief our regulators, explain what happened, give them a full rundown of everything and it turned out that we had been relatively lucky. But not the first attempt we've had at hacking our infrastructure and I'm sure it won't be the last and I'm sure they'll get more sophisticated as time goes on.

Michael Ebiton: The interesting thing is that all the pervious attacks, this one seems to be more about disruption of just our general IT infrastructure, other previous attacks that we've had attempted at us, generally focus on infrastructure assets. So industrial control systems or air traffic control. And, it's very interesting that Die Hard 2 is an old movie from a long time ago but we live that reality day in day out now as people try to take control of airport assets to cause major disruption. And it's very interesting to see how that plays out in the cybersecurity world today.

Michael Ebiton: So, the other thing that we've now had to do is look at changing our corporate culture and behaviors. Partly as a consequence of that incident but also a longer program of work to try and get people on boarding with these tools more regularly, and we've set up a group that, and we use our corporate brand very handily to do all these nice graphics and artwork but collaborate, or collaborating technology, Collaboratech sessions now get run through our business on a quarterly basis and get focused and targeted on individual departments on a weak to weak basis where we go in, we have a team of people who very savvy with technology, understand it really well, they go in and they set up in those departments like a genius bar type environment, and teach people about the technology and the tools that they have and why we need to use them and what the risks are.

Michael Ebiton: And, it's a whole different mindset for an old Dubai government company with all my, with old understandings of technology to come on board wit this. We do some cool activations where we do things like cybersecurity challenges, we have one coming up where I hope there's nobody from Dubai Airports listening too hard to this but, we're gonna purposely disable their accounts so they have to get up from their desk and they have to go and take on the challenge and they only get their account unlocked once they finish the challenge.And that challenge will teach them all about cyber security and the importance of using it.

Michael Ebiton: Obviously you have to get permission from all of the department heads and everything else for doing such a thing but we have agreed we're gonna have a morning where we're gonna do this and we're gonna lock out people's accounts and they have to go and unlock it by taking on a challenge. We believe in being secure and resilient, and they're giveaways and T-shirts and all the types of things you get at these conferences as well as part of that.

Michael Ebiton: We have a totally diverse workforce, as you can see in these pictures we've got Asian people, African people, we've got Christians, we've got Muslims, we've got a very diverse enviroment in Dubai which means a whole diverse understanding of what technology is and how to use it. Which means we have to be really careful and sensitive about how we do these things but I think we're making a lot of progress. And I think we're going understanding of why these tools are important.

Michael Ebiton: And for us, we've been really happy with the progress we've made, it's very exciting, the journey we're going on with our technology environment, I think is, I think we're about 25% of the way through it because when we onboard all the IOT sensors and all the infrastructure of the airport into this, into our environment. And we're controlling it all in real time based on data, our ability to secure it and manage the identity of those working on it, it gets ever, ever more important. I don't want to be the person who presided over the real life Die Hard 2. And I'm hoping with the initiatives that we're doing we're getting there.

Michael Ebiton: And I haven't heard from many other airports who have such a progressive strategy, we all fly through airports all the time. You hope they all do, I think there's some big questions to be asked about whether everybody does or not. So with that I'm gonna wrap up, thanks for listening, hope it was of interest, and hand back to.

Speaker 1: Right on time or so?

Michael Ebiton: Yeah, we should be right on time.

Speaker 1: It will be here for a few more minutes as you guys wanna come up and ask us questions.

Michael Ebiton: Yeah, I mean there's a microphone here if anybody has any specific questions, wanna ask anything. There's a couple there. I've been fairly open and transparent with what's happened in our enviroment so I'm more than happy to answer pretty much any question you've got as long as it's reasonable.

Speaker 3: You mentioned about the improvement in the queue. How fast do you process them. Can you comment on lost luggages, any improvement there?

Michael Ebiton: Yeah, I can definitely comment on that. So, I have a weekly meeting with my team that runs the baggage system and when we started this in the end of 2016, focusing on reporting data from the baggage system in real time and monitoring it, we were, we had a kind of maximum, throughput of the baggage system of about 11 and a half thousand bags an hour and already the airport on the airplane that were arriving, the 838s can arrive with over eight hundred bags on each one. And you can land a lot of 838s in an hour. And our current throughput rate is about 35. Which as you can do the math is more then 11 and half thousand bags.

Michael Ebiton: So we were already unable to process a number of bags that were arriving. We took the baggage system's, IT layer, not it's physical layout, and we transformed it by centralizing all decision making, looking at the key pinch points, one of the big issues was, if you don't know how bag systems work, every bag gets a personalized tray and then it runs around gets delivered to the right airplane. We didn't have enough trays circulating to the right points because they were getting held up because of lack of centralized decision making.

Michael Ebiton: We changed all of that, made it all centralized decision making, we also then started running virtual trials, so when we maybe had like 8 thousand bags we would then insert virtual bags into the control software, so bags that didn't exist but the tray would move around like there was bag on it. So during live operations we would then stress test the system knowing that we could always press a button to remove all of those virtual bags instantly if something went wrong. And we managed to stress test over various different periods up to 16004 bags and hour, and last summer we delivered on a operational day 15792 bags in an hour.

Michael Ebiton: And that's just one hour, and of course you've got all the hours before and after that which have similar numbers in them. So we definitely feel like we've made significant progress, we also track all the bags to and from aircraft, across all the different stakeholders and touch points and custodians of those bags. Ground hamlet airline, we track where the airlines are, in the hold of the aircraft where they are on the perimeter roads, driving between aircraft and baggage system. And we now reckon we can predict the arrival time of your bag to the baggage carousel to within about sixty seconds.

Michael Ebiton: Obviously there are some slight variations every operational day, and the system can't always predict for things on the airfield like traffic jams and things but we're pretty confidant in those numbers now. We used this now to drive performance of arriving bags, departing bags, we want to get to a point where we can give you a bag tracker in an app as a consumer, we're confidant and happy we can do it. And in fact the app I showed you earlier has a bag tracker tool for the staff so you can see all the bags along their journey and we have tracked it throughout about 200 different points.

Michael Ebiton: It's just getting the airlines to agree to let us release that information to their passengers which is more of an emotional concern historically for them, that if a passenger knows their bag's not on the airplane they might refuse to get on it themselves. But, I think we've made a lot of improvements in that space, mishandled bags as we call them, ones that don't make the aircraft in time, from a system wise perspective is extremely low, industry leading, obviously though, bags that arrive on late inbound aircraft, and we don't have time to get them through the system and we have a travel time metric, can't never make their outbound aircraft unfortunately.

Michael Ebiton: But we do measure travel time, and we do try to reduce it and we try to do special arrangements for bags we know that are gonna get potentially miss their outbound flight. But if the bag doesn't have forty five minutes to get through the entire airport infrastructure, it's sometimes, good chance it might miss, but normally that's based on a late inbound aircraft rather then a failure of the infrastructure.

Michael Ibbitson
EVP, Technology and Infrastructure, Dubai Airports
Jiong Liu
Group Product Marketing Manager, Okta
Tareque Choudhury
Director of Risk and Architecture, Dubai Airports

Ever been frustrated at an airport? Dubai Airports is using the latest technology to create a seamless experience for their passengers. Dubai Airports will share its journey for digitizing their engagement with their employees and a broad partner ecosystem. This session will focus on their strategy of using a single identity solution for all users, how they planned and executed the rollout; and how they balanced user experience with security. Dubai will also show a live view of how they track airplanes and minimize queuing times for travelers.

Share: