Queen's Super-Secret Heathrow Security Plans Found in the Middle of the Street

God save the Queen—with faulty security measures?

When in charge of securing the safety of a head of state, who thinks that it’s totally okay to store transportation security plans for the Queen and visiting dignitaries to the UK on a UBS stick, unencrypted?

Someone at Heathrow, apparently. The Queen’s secret security routes through one of the world’s busiest airports have been uncovered by an everyday UK subject—thanks to a USB stick that had been dropped in the street.

I'm imagining the discussion back at T5 (the nicest terminal--so I picture the security department having digs there) going something like this: “You know what, why don’t you just go ahead and throw those on a thumb drive—no big! Don’t worry about a password or anything. What could possibly go wrong with storing top-secret data in readable form on a piece of plastic no bigger than half a popsicle stick that I have to dig through my bag to find? Yeah, I’m feeling good about this. Let’s go with it.”

According to the Sunday Mirror, a man picked up a memory stick in Ilbert Street, London, and took it to the library to have a look at the contents (presumably he felt that plugging a randomly found USB stick into his home computer was a bit too risky—smart man. Maybe Heathrow should hire him as head of security planning).

After examining the files and seeing the security implications, he immediately took the drive not to the police, or to transportation security, but rather discharged his patriotic duty by delivering the goods…to the newspaper. And now we can all get snarky about Heathrow security in the blogosphere.

The unencrypted documents turn out to show Heathrow’s contingency planning for the Queen, foreign dignitaries and top politicians, including secret routes away from the hub and important perimeter defenses, as the Mirror reported:

“The USB drive also includes maps showing where CCTV cameras are located, and escape routes for the Heathrow Express railway serving the airport. Other files describe the ultrasound detection system for protecting the perimeter fence and the runways, and detail the ID requirements for accessing every area of the airport.”

It also shows the exact routes the Queen uses to navigate the airport when she’s there.

Top-notch security a la James Bond this is not.

So what gives? How did the files end up on the thumb drive in the first place—were they hacked and downloaded, or is that just how Heathrow security rolls? And depending on the answer to that question, did a member of the security team accidentally drop the legitimately stored plans in the middle of the road? Or was it meant to be a dead-drop for foreign spies? Or worst-case scenario, is it a tell-tale bit of evidence pointing to a terror plot?

In any event, the security process issues are glaring. Obviously.

The airport issued a statement that’s meant to be reassuring but rather sounds like lip service: “The UK and Heathrow have some of the most robust aviation security measures in the world and we remain vigilant to evolving threats by updating our procedures on a daily basis. We have reviewed all of our security plans and are confident that Heathrow remains secure. We have also launched an internal investigation to understand how this happened and are taking steps to prevent a similar occurrence in future.”

Meanwhile it has launched a “very, very urgent investigation,” a source said. Um, yeah, I should hope so. 

What’s Hot on Infosecurity Magazine?