The Cyber Threat To Airports

The increasing sophistication of cyber threats has become one of the main concerns of the aviation industry as airports and airlines realise they are not immune to the latest cyber threats and attacks.

A breach in an airport system could expose passenger’s personal data, impact security checks, affect back-office systems, take-over arrival and departure notifications, and more. The ensuing impact to an airport could ground its entire operation.

As airports become more connected and reliant upon technologies such as the cloud, integrated systems, and the Internet of Things (IoT) for increased efficiencies, it also opens the door to new vulnerabilities including security breaches, malware, spear phishing and social engineering tactics (obtaining passwords etc. by disguising as a trustworthy entity), identity theft, and more.

“There is a wide disparity in the level of cybersecurity preparedness in airports today,” said Jim Knaeble, Global Products Management at Rockwell Collins. “It can vary from an airport where cybersecurity is almost non-existent to one that has a well thought out plan in place.

“Additionally, depending on the size of the airport, it may or may not have the IT staff in place to monitor, analyse and respond to suspicious network security behaviors.”

Late last year, it was reported that a hacker gained access to Australia’s Perth Airport systems and stole building plans and security information.

In October 2017, the Ukraine’s Odessa Kiev airport reported IT system attacks. And a few months earlier, loudspeakers and screens for Vietnam Airlines were hijacked in two Vietnam airports, allowing the hackers to display offensive political messages on flight information screens.

The messages have been described by state media as “distorted information” about Vietnam and the Philippines’ claims to the South China Sea. The allegations were broadcasted over the public address systems, according to huffingtonpost.com.

Cybersecurity for airports isn’t as easy as installing the latest firewall or malware detection software, Knaeble stressed. “There’s no ‘one size fits all’ for airport cyber-security,” he notes.

“Each airport environment is unique. Conducting a proactive risk assessment can identify vulnerabilities so a holistic cyber-security program can be established,” he said.

Once a plan is developed and security solutions are in place, ongoing internal education of security policies and enforcement is a critical component to a comprehensive cyber-security plan, along with enforcement of security best practices within the airports vendor and partner ecosystem. Employees may connect devices or click on a link to a site infected with malware, which can open the door to a breach.

Airports are taking notice of cyber threats and are expected to more aggressively fund cyber-security initiatives in 2018.

While new and emerging technologies will play a part in overall airport security, according to Knaeble, “the number one area that airports should be looking to invest in is creating a holistic cyber-security program. This will ensure that all of their systems are being handled the same way, regardless of vendor.”

To this end, industry groups like ACI World and others are launching initiatives focused on preventing cyber-attacks.

For example, the ACI World Airport IT Standing Committee (WAITSC) has created a cybersecurity task force whose mandate is to engage and educate airports worldwide on the issues of cyber-security.

I-HLS

You Might Also Read: 

Cybersecurity In Aviation:

Munich Airport Opens A Cyber Attack Centre:

 

 

« Help The Aged With IoT
Will AI Replace Most Jobs? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Opengear

Opengear

Opengear ensures network resilience to enterprises by enabling business continuity with the Network Resilience Platform.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

National Cyber Security Centre (CNCS) - Portugal

National Cyber Security Centre (CNCS) - Portugal

CNCS is the operational coordinator and Portuguese national authority in cybersecurity working with State entities, and digital service providers

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

Vernetzen

Vernetzen

Vernetzen is an industrial network and cybersecurity innovator focused on delivering practical solutions to connect and secure industry across the globe.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.

Sasken Technologies

Sasken Technologies

Sasken’s Cybersecurity Services enables enterprises to develop, maintain, and take digital products to the market with security postures that empower operational excellence.

Lenze

Lenze

Lenze are an experienced partner for automation systems, digitalization and cyber security.