Securing our airport, securing our passenger experience!
Arul Gopi, Senior Manager – IT Network & Security at Bangalore International Airport, explains that with the advent of digitalisation in airports comes increased cyber-risk and how airports should address this.
The digital adoption and its associated experiences have transformed the way we live, play, work and learn. The aviation world has not been insulated from this transformation, especially the airports which have altered significantly. The airport experience has now become a key factor in driving customer satisfaction for passengers by offering digital services beyond embarkation and disembarkation. From reducing the cycle time to boarding to a ‘click to anything’ experience is one that most passengers cherish today.
This digital transformation has its own nuances around keeping the airport secure. While agility is the name of game to ensure a seamless digital experience, cyber-security must be at the forefront of this experience.
I am sure most people wonder why and what has changed. Clearly, in the past, the critical assets that required security at the airport sat behind a fortified perimeter. The interface to the world outside was limited. Moreover, the passenger touch points to the digital infrastructure also remained restricted.
Blurring the boundaries
With the advent of the digital experience, the boundaries began to blur. The key challenges faced at the airport included (and were not limited to):
- How do we ascertain the digital identity of the end user?
- Once ascertained, who accesses what?
- How do we introduce micro-segmentation to isolate zones within the airport and offer privilege-based access?
- How do we detect ‘un-invited’ visitors and place them back where they belong?
- How do we detect trusted users conducting malicious activities?
And the list goes on…
Trust but verify
Achieving a cyber-secure airport starts with putting together the DOs and DON’Ts from a security perspective, in other words, defining policies!
Once the policies are in place, one must turn towards focusing on building a secure architecture. An architecture that integrates with its core components and is modular such that it scales as the airport transforms (clearly, at BIAL, every single day is a transformation).
One then focuses on identifying the core components to build a robust zero trust architecture – trust but verify.
- Digital access control (restricting users, digital endpoints and applications) to know their limits – where can they go? And what can they do? Are key factors! That’s where least privilege access control starts feeding into the zero-trust architecture.
- While the perimeter-based security remains, one needs to keep a watch on how the airport interfaces with the outside world – the internet! Can we ensure that unknowingly or knowingly a user or device doesn’t get infected from a malicious domain on the internet?
- Segmentation of high security zones (core functions related to airport and airside operations, baggage handling, boarding etc.) This is where the strongest controls are applied with the intent to ensure that any compromise on the low security zones (internet access zone for passengers) doesn’t permeate into the high security zones.
- While the trust but verify approach can limit access, one must constantly watch for behaviour from trusted entities demonstrating abnormal behaviours or policy breaches. This is where one ‘polices’ the network and has early indicators of potential compromise.
You will observe that multiple components come together to a digitally secure airport. One critical focus here is to bring all the above aspects available on a platform to unify visibility, simplify threat detection and response functions and build efficiency and automation wherever possible. We continue to improvise this platform to ensure we can reduce the time to detection of threats.
At Bangalore International Airport Ltd, we do our best to stay ahead of the curve in building a robust security architecture. However, when it comes security, the strongest (or weakest) link is people! While technology enables us to perform better, it cannot replace vigilance, accountability, and responsible actions from all of us to secure the airport.
The security of the airport is our joint responsibility. We look forward to contribution from all the employees and partners at BIAL to keep it physically and cyber-secure!
Arul Gopi has 21 years’ experience in IT network and security and 16 years’ experience in designing secure airport IT networks.
He holds a degree in electronics and communication Engineering and a Master’s in aviation management, along with leading industry certifications that include Certify-Cybersecurity for Airport, Certified Ethical Hacker, Certified Hacking Forensic Investigator, CCIE Security, CCIE R&S, CCSA, etc.
Being a core member in the design of T1 and T1, now he has been tasked with the responsibility of designing T2 Network and Security using the industry-leading technologies like SDA and application centric network and behaviour-based analytics to secure the passengers and provide safe experience.
In the past, Arul has worked as a security consultant for major customers like SOX/J-SOX/GDPR along with providing businesses with strategic advantage while managing costs and risks.