Transcription
E-BOOKWHERE YOU NEED TRUST,YOU NEED PKI
2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc.Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.
TABLE OF CONTENTS1Introduction: From the Alaskan frontier to the edge of space3Chapter 1: Trust is a dynamic need7Chapter 2: What you may not know about PKI11The proof of trust is all around: Case Studies25Chapter 3: What you don’t know can hurt you.28Conclusion
INTRODUCTIONFROM THE ALASKAN FRONTIERTO THE EDGE OF SPACEOn a rainy summer day in 2013, a small, floatequipped plane stalled while flying low over themountains near Petersburg, Alaska. There were sixpassengers aboard, headed for a sight-seeing tourof the Le Conte Glacier. While attempting a climbthrough the pass at Horn Cliffs, the pilot made amiscalculation, lost control of the craft, and theplane spun before pitching at the ground andsmashing through the giant evergreens below.Injured and stranded on steep terrain, thepassengers who survived the fall couldn’t hope toget off the mountain without help. Night was onlya few hours away, and even in June, dark in Alaskawould mean freezing temperatures in a placewithout cell signals or roads. Only an aerial rescueteam would be able to get everyone out of thewreckage and take them back to safety.Five hundred miles above, the Iridium satelliteconstellation picked up the plane’s emergency1beacon signal and transmitted the distress calland location to rescue authorities. More than justGPS or a radio mayday, the Iridium-enabled devicehad tracked the plane’s movements from takeoffto the moment it went down, drawing a real-timedigital trail of every moment of the flight. Thiswas possible because each one of the 66 Iridiumsatellites circumscribes a carefully choreographedorbit around the earth, communicating betweenthe surface and with each other, to providecomplete coverage of every inch of the planetevery second of every day. On the Iridiumconstellation network, a functioning device isvisible at any time, anywhere in the world—fromAntarctica to Alaska.This particular type of tracker and emergencysignal device isn’t standard on all planes. But moreand more pilots and owners—especially those whofly small craft or traverse remote locations—haveinstalled one.For most, it’s peace of mind, but in some cases, ithas meant the difference between life and death.Knowing exactly where the plane crashed, theUnited States Coast Guard was able to reachthe site of the accident, and within a few hours,helicopters rescued everyone who survived thefall from the sky. After they were safely liftedout of the wreckage and taken for medicalcare, Alaska Public Media1 interviewed /
Guard spokesman Grant DeVuyst. Talking of theemergency signal device, he said, “That’s the onlyreason that we knew there was trouble and that’sthe only reason we were able to really get onscene and find them.”In these rare emergencies, when lives are on theline, a pilot needs to know the Iridium satellitenetwork will track the flight and pick up thedistress signal for relay to a rescue team.The signal must be secured against interception,the emergency device authenticated, and thenetwork protected from interruption. If any partof the Iridium constellation fails, lives can be lost.It’s a level of trust with the highest stakes, andthere’s no room for error—which is why the Iridiumsatellite constellation is secured with PKI.“PKI IS TRUSTED TOSECURE EVERYTHINGFROM THE BOTTOMOF THE OCEAN TO THEEDGE OF SPACE.”Brian TrzupekSenior Vice President for Product, DigiCert2
CHAPTER 1TRUST IS A DYNAMIC NEEDWhen British cryptologists James Ellis andClifford Cocks first developed the idea of “nonsecret encryption” in the 1970s, they couldnot have conceived of its use across tens ofmillions of websites around the world. At thattime, the internet was still a DARPA project, usedinfrequently to connect university researcherslooking to share data or findings.Within a few decades, the world had changed, andEllis and Cocks’ public key infrastructure stoodat the center of the Information Age as the shieldagainst hacking and fraud. To this day, if a websiteis trusted, that trust is the result of PKI.But the invention of the world wide web—which, byitself, would have been enough to define an era ofhuman development—was immediately followedby a second revolution in connected devices.Practically overnight, everything from refrigeratorsto banking apps became a part of a globalecosystem of networks, devices, applications andusers, all communicating across distances.3The speed of growth was, and continues to be,so rapid it can only be measured by orders ofmagnitude, and as hundreds of thousands ofpeople develop new ideas for connecting millionsof people to billions of things, the need for strongsecurity has climbed at an exponential rate.For all the good created by the Information Age—from cultural exchange to advances in medicalcare—this massive network of communication hasoffered up new possibilities for opportunists andcriminals to take advantage of our users and aneasy willingness to trust in technology.The solution to this threat is simple. Buildthe highest assurance into everything that’sconnected. Public Key Infrastructure is thatfoundational assurance. A security and identitysolution that’s reliable enough to protect the mostsensitive data, but flexible enough to work on thelatest-and-greatest things we invent. With PKI,the only thing we need to focus on is enjoying thebenefits of a world that can communicate almostinstantaneously across the globe—and eveninto space.PUBLIC KEYINFRASTRUCTUREIS THATFOUNDATIONALASSURANCE.
The expanding landscapeof threatsEvery day, we see new, ingenious ideas for usingconnectivity to build oversight, efficiency andsafety into computers, apps and devices. But eachnew connection represents a new vulnerability,a potential entry point into anything that app ordevice speaks to.The financial risks are well known. We’ve seenfor years what happens when cyber criminalsexploit a security gap. In 2017, a major consumerfinance brand settled a lawsuit for a massive databreach, paying out 700 million USD in damages2.A Ponemon/IBM study, conducted in 2019, foundthat the average cost of a data breach was justshy of 4 million3. And the same year, ForgeRock’sConsumer Breach Report4 documented a 17.76billion loss in the healthcare sector. In fact,healthcare was the most targeted sector in 2019,experiencing 45 percent of all breaches.While the financial cost to the healthcare sector isstaggering in itself, the number and nature of theattacks is perhaps even more to-17.76b4
These losses were spread across 382 separatebreaches, targeting healthcare networks with avariety of methods. Where the norm used to benetwork and website hacks aimed at banks andconsumer transactions, cyber criminals are nowexploiting vulnerabilities in devices and undereducated users to extract value frompure information.All of this means that organizations must deal witha greater security burden, even though resourceshave not increased as much as the threats. Digitalcharts, connected monitors and smart treatmenttools are revolutionizing patient care, but theprofessionals using these devices aren’t experts insecurity vulnerabilities, and IT departments mustbe nimble in order to negotiate the challenges thatcome with budget restrictions, new technologiesand local or national regulations and laws.It’s an exciting and promising time for the worldof information, and everyone from individualconsumers to multinational enterprises andnations stands to benefit from technologicaladvances in what we connect. But for the ITprofessionals behind the scenes, understandingthe new threats that come with new technology,and deploying manageable solutions to eliminaterisk, can be a daunting task.5To combat this increasing landscape of threat,security professionals need a flexible solutionthat’s quick to deploy, easy to manage, and carriesthe capability to handle any attack, even whileexpanding or adapting to evolve as the needs ofthe organization grow and change. PKI checksevery box, and more.To combat thisincreasing landscapeof threat, securityprofessionals needa flexible solutionthat’s quick to deploy,easy to manage, andcarries the capabilityto handle any attack.
CASE STUDY—FLORENCE, ALABAMABig fish in a small pondIn July of 2019, news spread around the world of amassive banking data breach affecting 100 millioncustomers5. It was another example of hugeinformation theft at a global level.But at the same time this breach was underway,cyber criminals were testing smaller targets forvulnerabilities, prying here and there to see wherethey could extract some sort of gain from placeswhere security resources were thin. Increasingly,they found these kinds of vulnerabilities in smallgovernments, where limited resources make itmore difficult to secure all systems and users.Rather than taking on billion-dollar enterprises,where IT departments are large and well-equipped,these criminals sneak into the networks of citiesand towns, where they deploy ransomware to holdthe local government hostage.This is just what happened in June 2020, inFlorence, Alabama. Situated on the banks of theTennessee River on the northern border of thestate, this town of 40,000 people is known forits annual Renaissance Fair, and for being thebirthplace of blues pioneer, musician W. C. Handy.5https://www.capitalone.com/facts2019/6At the end of May, city officials got warning of apotential breach, but by then, it was too late. Thecriminal who hacked Florence’s network appearsto have gained access as much as a month earlierand had been working to seize the town’s systems.On June 5, the hacker struck, demanding ransomin the form of bitcoin.After consulting with security experts who werefamiliar with the habits of this serial criminal, theFlorence government decided to pay the 300,000.But Florence wasn’t alone. Just four monthsbefore this successful breach, the New York Timesreported findings that ransomware attacks rose41 percent6 from 2018 to 2019, and dozens ofcities and towns had been compromised.While much larger data breaches grab the topheadlines, a faction of criminals has carved out alucrative scheme, hunting more vulnerable targetsthat are more likely to pay. These big fish in asmall pond are taking advantage of communitiesby deploying sophisticated cyber-attacks againstthose who have the fewest resources for ogy/ransomware-attacks.htmlUnlike other security and identity solutions,PKI is flexible enough to work just aswell for networks and email as for theweb. PKI solutions uncomplicate securitydeployments by giving IT and securityofficers the capability to issue and manageencryption and authentication certificatesacross a variety of systems, devicesand users.The solution that already works forsecuring your websites can also secureyour networks, devices, email, documentsand users—preventing ransomwareattacks while also simplifying yoursecurity ecosystem.6
CHAPTER 2WHAT YOU MAY NOT KNOW ABOUT PKIThe challenge in today’s connected worldis complexity.If it isn’t the challenge of more complex attacks,it’s the challenge of securing complex ecosystemswhere old and new technologies interact. And if itisn’t the challenge of more complex ecosystems,it’s the challenge of securing a system whereusers aren’t always up to date on more complex,sophisticated threats.Security consultants and analysts hear the sameconcerns from IT and security professionalsaround the world—they need a solution that’ssimple to set up and manage, and one they candefinitively trust.Enter public key infrastructure.If you’re familiar with internet security, you alreadyknow about PKI. You’ve probably known about itfor a long time, because PKI has been the trustedwebsite security solution for two decades—first inthe form of SSL and now TLS. It works today withthe same proof of trust it had twenty years ago.7But a lot of people are surprised to learn PKIdoesn’t just protect the web. It also protectsapplications. It protects code. It protects smartwatches, cars, contracts, hospital beds andsatellites. The security solution that’s been testedand proved reliable for two decades on the webturns out to be just as reliable in the newest andmost innovative connected inventions.PKI is provenDespite the fact that the connected world isevolving every day, PKI has proven to be just aseffective in securing today’s latest IoT devices asit was in securing the encrypted world wide webtwenty years ago.The genius of PKI is the simplicity of key pairsusing asymmetric encryption. In asymmetricencryption, one party can secure data andtransmit it to another party without sharing acommon secret. Cracking the code for any onekey doesn’t solve for encryption on the other key.It takes both keys in the encryption pair to readthe data.The result of this is trust that’s proved to bereliable over and again for decades.PKI is flexibleIn today’s ecosystems, professionals need to beable to secure a website alongside an application,or securely sign a document while authenticatingan employee’s smart phone. One companyneeds a solution for automated robots on themanufacturing line while another needs to protectits customers’ credit card numbers. A solution thatworks one way but not another, or one day but notthe next, not only burdens the IT team responsiblefor managing security, it also puts the organizationat risk.Unlike other types of security solutions, PKI isincredibly flexible. Because it relies on asymmetrickey pairs, and the security process can validatejust as easily as encrypt, PKI can be deployed inany number of environments to secure a widerange of connections. PKI solutions can scaledown or up, run in the Cloud, on-prem or hybrid,secure web and email today, then BYOD and IoTtomorrow. It’s one solution for any number ofsecurity needs.
PKI delivers public and private trustMore than just simple encryption, PKI bindsidentity to a key through a signing process. Thesignature is issued by the root, so anyone with thepublic key to that root knows the signature boundto the PKI certificate is valid and trusted.PKI DELIVERS PUBLICAND PRIVATE TRUSTIn some cases, that root is public—it’s beendistributed to a trust store housed by a webbrowser like Chrome or Firefox or an operatingsystem like Microsoft Window or Apple MacOS.In other cases, the root is private—trusted bywhatever systems an organization wants to useinternally or within a small group of companies.The cryptography is the same either way, but theability to deploy both public and private optionsmakes PKI especially versatile.As a result of this flexibility, PKI bridges the gapbetween public and private trust. It’s powerfuland secure enough to be trusted as the privateencryption and identity solution for many nations’governments, and equally as the public solutionfor consumer IoT devices.8
4 misconceptions about PKIPKI can be easyIn the past, PKI was complicated. Without accessto experts and simplified management platformsand tools, individual IT professionals had to takeon the risky prospect of developing PKI solutionsin-house, without the specialized knowledgerequired for proper deployment. Its reliability madePKI the ideal solution—once it was running—butgetting there used to be challenging and oftenresulted in more problems than it solved.Thankfully, those days are long past. Today,PKI can be simple to set up and use, if it’sdone properly. Sophisticated tools fordeploying and monitoring PKI solutionsnow run in a single sign-on platform. Andbecause PKI is so versatile, it’s easy torun solutions for many different securitychallenges in one place. Instead ofdealing with the complexity of buildinga PKI solution for one use, now you candeploy and manage multiple securitysolutions in one place—and you don’tneed any expertise to stand up and runyour PKI environment.People still use PKI?What’s old is new again. Not only is PKI still inuse, it’s now in a state of evolutionary growth. Thevalue of PKI is its flexibility, combined with its longhistory of trust. As engineers find more and moreconnections where PKI offers the best solution,they can deploy PKI security and identity knowingthe technology has a proven history ofrobust protection.What about that Chrome issue?Isn’t PKI broken?PKI’s track record is incredibly strong wheresecurity is concerned. How it’s deployed, though,depends on the body issuing the certificate.In 2017, Google announced7 it would begin todistrust a series of certs issued by Symantec,because those certificates were out of compliancewith CA/Browser Forum Baseline Requirements.It’s an unfortunate example of lapsed businesspractice, and the repercussions were widespread.Reacting to the possibility of a massive gap inworldwide security, Symantec and Google beganseeking a Certificate Authority that held the omes-plan-to-distrust-symantec.html
of trust and infrastructure needed to manage amassive reissuance. They decided on DigiCert andarranged to move the Symantec certificates overto the trusted DigiCert roots, so Chrome userswouldn’t experience any disruption in access toPKI-secured websites.Today, just as twenty years ago, PKI remains thetrusted solution for securing web communication,even on Chrome.PKI doesn’t work on a lot of devices.It would be more accurate to say that PKIworks on any device that has the power to runit. Asymmetric key pairing requires enoughprocessing speed, memory and disk space toperform the action. Of course, PKI has been in usefor more than twenty years, so if the processorsof the late Nineties could handle key encryption,it would stand to reason that any recentlybuilt device should have the power to run PKI.But in some cases, even with the advances inmicroprocessors, the performance characteristicsof IoT devices are so rudimentary, they may notbe able to rapidly generate the keys or sign thecommunications channel.Fortunately, PKI experts have come up with cleverworkarounds that don’t compromise security.These solutions reduce the contents of the PKIcertificates, so they fit into the small bandwidthand simple processing on a number of IoTdevices. There are also software vendors whoprovide key generation or CSR generation systemsfor low-powered devices.Moving forward, there will be fewer devices withPKI compatibility issues. New manufacturingprocesses allow device makers to inject keys intothe silicon, so security is embedded at an earlypoint in the supply chain. Silicon injection notonly solves compatibility issues, it also speeds upmanufacturing while strengthening security andidentity on devices throughout the full lifecycle.Isn’t PKI just SSL for web?If you’ve been around the world of connectedsecurity for a few years, you probably know PKI asSecure Sockets Layer protection, or SSL. SSL goesback to 1995, when its first functioning versionacted as the cryptographic protocol for Netscape.In 1999, SSL was deprecated to its similarsuccessor, Transport Layer Security—TLS. To thisday, TLS remains the trusted encryption protocolfor the web.TLS/SSL is PKI’s most widely knownimplementation, but it’s only one of dozens ofuses. In reality, PKI is everywhere, used reliablyin just about every type of connection the worldhas invented. In fact, PKI now secures all sortsof things that hadn’t been imagined when theNetscape team launched SSL a quartercentury ago.10
THE PROOF OF TRUST IS ALL AROUNDEven the engineers and security experts who buildPKI solutions are often amazed by the creativeways people use PKI to secure what they’veinvented. Like a thread woven through seeminglydisparate technologies and unrelated industries,PKI shows up in some of the most surprisingplaces. No matter the use, though, at the heart ofeach and every case is the need for one thing—uncompromising trust.CASE STUDY ONEAeroMACSTrusted when the stakesare highA commercial jet pilot has access to moreconnected sensor data today than AstronautsYoung and Crippen used to de-orbit the Columbiaduring the space shuttle’s inaugural missionin 1981.11But just as the human factor was crucial in theshuttle forty years ago, it remains crucial today.The person with their hand on the stick needs tohave as much accurate information as possible tosafely park that massive machine on the ground.The majority of air travel accidents occur neartakeoff and landing. It’s here that the plane is mostvulnerable to the forces—human and natural—thataffect the complicated act of coaxing 60 tons ofmetal, fuel, luggage and passengers into the air. Awind shear, a timing miscue, the loss of visibility.During takeoff and final approach, airline pilotsuse vital information, gathered from sensorsand relayed through cockpit readouts and towertechnicians, to make the adjustments needed forsafe air travel. Since 2016, that vital informationhas been transmitted to towers and planes aroundthe world by aircraft IoT sensors secured by PKI.The majority of air travelaccidents occur near takeoff andlanding. It’s here that the plane ismost vulnerable to the forces—human and natural—that affectthe complicated act of coaxing60 tons of metal, fuel, luggageand passengers into the air.
SINCE 2016, VITAL INFORMATIONHAS BEEN TRANSMITTED TOTOWERS AND PLANES AROUND THEWORLD BY AIRCRAFT IoT SENSORSSECURED BY PKI.12
Doing more with lessWhat is AeroMACS?The number of planes in the air is expected todouble by 2025. More and more planes, moreand more flights—in fact, the Beijing CapitalInternational Airport saw a 5% increase inpassengers from 2017 to 2018, and Dallas LoveField in the United States experienced a 90%increase in passengers between 2010 and 2020.Aeronautical Mobile Aviation CommunicationSystem (AeroMACS) is a broadband, high capacitywireless data link that transmits IoT sensor datafrom airports to control towers and planes. Fromtemperature and wind gauges to flight informationdisplay systems—even baggage handling—if it’spart of the Airport Surface, the device data iscommunicated through AeroMACS.AeroMACS IS A BROADBAND, HIGH CAPACITYWIRELESS DATA LINK THAT TRANSMITS IoTSENSOR DATA FROM AIRPORTS TO CONTROLTOWERS AND PLANES.While new airports are being built around theworld, existing destinations dealing with moreflights have only one solution—increase theefficiency of their air traffic coordination andensure the integrity of landings and takeoffs.13AeroMACS isn’t just widgets. It’s the eyes and earson the ground. It’s integral to coordinating flightplans and schedules. It’s at the heart of airportoperations. If compromised, someone could useAeroMACS to feed false information to the planeand pilot. And with so many flights and even morepassengers, securing AeroMACS informationagainst tampering is a critical to ensuring planestake off, fly and land safely.Add PKI to the beforetakeoff checklistIn industries with complex ecosystems, wherethere are a lot of connecting parts with limitationson the power of devices and variation amongst the
types of devices, there’s a need for an adaptable,reliable security solution. In the case of air travel,all these factors come into play, but there’s alsoa need for data confidentiality. The informationtransmitted between ground and plane must besecured, just as the device itself must besecured, in order to prevent what could becatastrophic tampering.With PKI protecting these devices and the datathey transmit, pilots and towers can safely andsecurely gather, communicate and use a varietyof information to ensure planes take off and landsafely, regardless of the plane or the airport. Ifit’s on AeroMACS, it works the same—and just asreliably—in a small airport in the United States as itdoes at a major airport in Australia.Deployment: worldwidePKI solutions protect the AeroMACS network, thestandard for aeronautical communication that willsoon be used by nearly every airport aroundthe world.Primary need: trustWith thousands of flights in the air, airports,airlines and pilots rely on AeroMACS to guaranteethe safe and on-time travel of millions of peopleevery day.14
CASE STUDY TWOAUSTRALIAGATEKEEPERTrusted by governments toprotect citizensMost Australians probably aren’t aware of thesecurity and identity solution that protects theirinformation and many of the most importanttransactions they undertake. If you’ve recentlypurchased a house in Australia, you’ve usedGatekeeper. If you’ve imported goods, you’veused Gatekeeper.Now in its third decade, Gatekeeper Public KeyInfrastructure Framework “governs the way theAustralian Government uses digital keys andcertificates to assure the identity of subscribersto authentication services.” From important legaldocuments to contracts and border protection tobanking, many of the most sensitive public areasof trust are encrypted and authenticated withPKI solutions.15Securing an entire countryAt the end of the last century, the Australiangovernment began looking for a mechanismthat could reliably protect the information fillingup more and more digital documents andtransactions. At first, individual agencies deployedhome-grown solutions, but they quickly discoveredthat internally managing security to a highstandard was difficult, time-consuming and risky.As a result, the framework commission defineda solution that could keep up with the need tosecure an entire nation while minimizing thetime and resources needed to manage theecosystem. Today, the Gatekeeper framework“delivers integrity, interoperability, authenticity andtrust between government agencies andtheir customers.”IN AUSTRALIA,TRUST IN PKI IS AMATTER OF NATIONALIMPORTANCE, ANDPKI DELIVERS.
Always on—even when youcan’t see itOftentimes, it’s the technology we don’t see thatmakes the biggest impact in our lives. Electricalgrids. Water pump systems. Banking networks.We often take for granted the importance ofreliability in these behind-the-scenes systems. ForAustralians, Gatekeeper is one more system thatmust be reliable. In addition to creating efficienciesand convenience, it rests at the heart of many vitalgovernment functions. Without the strong securityPKI offers, the personal information of millions ofAustralians would be exposed to theft, importanttransactions and legal processes would be slowedor stopped and government agencies that controlcustoms and investments would be open tocompromise. In Australia, trust in PKI is a matterof national importance, and PKI delivers.IT NEEDS TO WORKEVERY TIME ANDALL THE TIME.Deployment: AustraliaA nationwide security and identity solution,running across multiple government agenciesand protecting many of the most sensitive publictrust spaces.Primary need: integrityFrom banking to land ownership to bordersecurity, there’s no room for lapses orcompromises. It needs to work every time andall the time.16
CASE STUDY THREEWORLDWIDESHIPPING17Trusted at global scaleImagine trying to locate a single shippingcontainer—one of millions—as it travels from oneport to another, between continents and acrossoceans. Now, imagine trying to locate that singleshipping container using databases andcargo logs.The global supply chain is like a complicatedclock—each cog, spring and wheel needs to be inits place, working as designed, for the mechanismto function. Shipping delays slow down the entirechain. Missing shipments can break the chainand cost companies money—both in the loss ofmaterials and the loss of revenue.
More than 11billion tons ofgoods move bysea every year.Today, there aremore than 50,000container shipsworldwide.For as many ships as there are on the water,there are even more containers. Locating andtracking each of these containers in real time—andsecurely—is a massive undertaking.The challenge with shipping at this scale is tomutually authenticate devices in the field to theCloud, where assets are tracked. If compromised,the shipping company can lose sight of thelocation of the containers, or false informationabout the containers can be sent to the company.In order to be effective, a security solutionmust not only secure the device, but also theinformation in transit. It also needs to be scalable,capable of securing tens of thousands of devicesat once without fail.Any lane, anywhere in the worldA digital line-of-siteMore than 11 billion tons of goods move by seaevery year. Today, there are more than 50,000container ships in the world. The scale of oceancommerce is massive, but it’s also dynamic. Themovement is constant, with freighters dotting theglobe like a map of a starry night sky.With PKI authentication, shipping containers canbe securely tracked throughout the length of theirjourney from launch to the port of destination.And, because there’s a need on the shipping sideto build more devices and secure more shipmentsevery year, the need for increasing volumesof security increases every year. With PKI’sscalability, the supply meets the demand.As a result, no matter the number of shipments,the data is secured and the containers are tracked,regardless of where they are in the world. Thismeans decreases in the chance of theft or loss,and it helps to ensure efficient movement ofgoods from port to port. The supply chain isuninterrupted, and businesses and consumersalike enjoy the benefits of higher availability ofgoods at lower costs.Deployment: worldwideAt the heart of the global supply chain, connectedshipping containers move goods and mat
has meant the difference between life and death. Knowing exactly where the plane crashed, the United States Coast Guard was able to reach . the site of the accident, and within a few hours, helicopters rescued everyone who survived the fall from the sky. After they were safely lifted out of the wreckage and taken for medical care, Alaska Public .
