The Cyber Threat To Airports

Uploaded on 2018-04-25 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The increasing sophistication of cyber threats has become one of the main concerns of the aviation industry as airports and airlines realise they are not immune to the latest cyber threats and attacks.

A breach in an airport system could expose passenger’s personal data, impact security checks, affect back-office systems, take-over arrival and departure notifications, and more. The ensuing impact to an airport could ground its entire operation.

As airports become more connected and reliant upon technologies such as the cloud, integrated systems, and the Internet of Things (IoT) for increased efficiencies, it also opens the door to new vulnerabilities including security breaches, malware, spear phishing and social engineering tactics (obtaining passwords etc. by disguising as a trustworthy entity), identity theft, and more.

“There is a wide disparity in the level of cybersecurity preparedness in airports today,” said Jim Knaeble, Global Products Management at Rockwell Collins. “It can vary from an airport where cybersecurity is almost non-existent to one that has a well thought out plan in place.

“Additionally, depending on the size of the airport, it may or may not have the IT staff in place to monitor, analyse and respond to suspicious network security behaviors.”

Late last year, it was reported that a hacker gained access to Australia’s Perth Airport systems and stole building plans and security information.

In October 2017, the Ukraine’s Odessa Kiev airport reported IT system attacks. And a few months earlier, loudspeakers and screens for Vietnam Airlines were hijacked in two Vietnam airports, allowing the hackers to display offensive political messages on flight information screens.

The messages have been described by state media as “distorted information” about Vietnam and the Philippines’ claims to the South China Sea. The allegations were broadcasted over the public address systems, according to huffingtonpost.com.

Cybersecurity for airports isn’t as easy as installing the latest firewall or malware detection software, Knaeble stressed. “There’s no ‘one size fits all’ for airport cyber-security,” he notes.

“Each airport environment is unique. Conducting a proactive risk assessment can identify vulnerabilities so a holistic cyber-security program can be established,” he said.

Once a plan is developed and security solutions are in place, ongoing internal education of security policies and enforcement is a critical component to a comprehensive cyber-security plan, along with enforcement of security best practices within the airports vendor and partner ecosystem. Employees may connect devices or click on a link to a site infected with malware, which can open the door to a breach.

Airports are taking notice of cyber threats and are expected to more aggressively fund cyber-security initiatives in 2018.

While new and emerging technologies will play a part in overall airport security, according to Knaeble, “the number one area that airports should be looking to invest in is creating a holistic cyber-security program. This will ensure that all of their systems are being handled the same way, regardless of vendor.”

To this end, industry groups like ACI World and others are launching initiatives focused on preventing cyber-attacks.

For example, the ACI World Airport IT Standing Committee (WAITSC) has created a cybersecurity task force whose mandate is to engage and educate airports worldwide on the issues of cyber-security.

I-HLS

You Might Also Read: 

Cybersecurity In Aviation:

Munich Airport Opens A Cyber Attack Centre:

 

 

« Help The Aged With IoT
Will AI Replace Most Jobs? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Libraesva

Libraesva

Libraesva secures email communications for organisations, helping them eliminate email borne threats, preserve email data and provide an environment for their people to communicate safely.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

SecurityHQ

SecurityHQ

SecurityHQ (formerly known as Si Consult) is a Global Managed Security Service Provider (MSSP) that monitors networks 24/7, to ensure complete visibility and protection against your cyber threats.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

AFNOR Group

AFNOR Group

AFNOR Group designs and deploys solutions based on voluntary standards around the world and provides services including training, professional and technical information, assessment and certification.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

ReformIT

ReformIT

ReformIT is a Managed IT Service and Security provider with many years experience helping companies find the right IT solutions to meet the needs of their businesses.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.

Veracity Trust Network

Veracity Trust Network

Veracity Trust Network safeguards organisations from the threat of bot attacks on their public facing platforms.

UBDS Digital

UBDS Digital

UBDS Digital is your Digital Lifecycle Partner for Secure Cloud Transformation.

8kSec

8kSec

8kSec is a cybersecurity company specializing in training, consulting, and research.