Airports’ cyber-security post‑COVID: Do we feel any symptoms?
Roni Tidhar, Head of Cyber Security at Israel Airports Authority, considers how the during‑and post-pandemic demand for contactless technologies, fed by digital solutions, has driven opportunity for cyber-attacks, and argues that airports should be investing robustly now, more than ever, in their cyber-defences to firmly secure their operational technologies.
The aviation industry is always under public scrutiny, yielding channels of business, leisure, and family connections, while fighting economic currents, harsh weather conditions, terror threats and operational difficulties. Cyber‑threats have joined the party with the introduction of more internet‑based digital information and operation systems. Cyber‑crimes in this domain have been increasing during the past decade, manifesting in attacks aimed at some major international airports (2015-20 – Warsaw PL, Boryspil UP, Heathrow UK, San Francisco U.S., Prague EZ, etc.), leading air carriers (2017-21 – Qantas, Air Canada, British Airways, Cathay Pacific, Easy-Jet, etc.) and aviation chain-of-supply companies (2021 – SITA, etc.).
Seamless travel a priority
In 2019, the civil aviation industry was mostly preoccupied with ways to achieve a seamless travel experience. We were all enthusiastic about the prospects of speeding up processes by using advanced technologies and prompting services with new applications. Then came COVID-19 and in a blink of an eye – travel almost ceased to exist, and in a few months’ time, the prime motivation for introducing a ‘touchless voyage’ was the fear of contracting the virus through the engagement with artifacts such as documents, mobile phone, etc.
A seamless contact was now desired not only thanks to its speedy processes, but also simply for avoiding face-to-face encounters and communication between people. So, throughout 2020 and 2021, high-tech industry pushed forward on developing those much-needed solutions, assisting the travel industry getting back on its feet.
After having seen international airports empty and deserted, with traffic close to zero and commercial activities a forgotten dream, our vocabulary was filled with new terms such as ‘vaccine race’, ‘furlough’, ‘green/orange/red countries’, ‘travel restrictions’ or ‘working remotely’. Budgets were scarce and the focus moved to health safety. Many airports and airlines have been leaning on governmental subsidies or loans, and even in 2022 some are still struggling to recruit manpower, not only in aviation proficiencies, but also in order to supply basic terminal and tarmac services.
An upturn in traffic
However, recovery came at a quicker pace than most forecasts had predicted. Optimists among us assumed traffic will resume to its 2019 volume somewhere around 2024-25, but volume in the summer of 2022 was already close to this target, with around 75 to 90 per cent traffic in most leading airports.
A lasting impact
Among the industry’s ‘long-COVID symptoms’, we can identify the loss of proficient workforce, loss of employee confidence and affinity, recruitment difficulties, shortage of funds to re-deploy previous shift rosters, continuous demand for remote employment, and so on. The impact of labour crisis in service providers is still the major influencer in 2022, and is expected to continue deep into 2023.
This crisis corresponds with 2022’s growing demands for seamless and contactless voyage – the air travel industry is chasing new technologies to assist reducing person-to-person services and speeding up airport processes, also as compensation for those missing employees. This vector obviously relies more on digital solutions, web applications and improved usage of data collected online or from sensors and video feeds in our facilities. An immediate result is the widening options of digital attack-surface, as well as interference in sensitive streaming of procedures. In the face of reduced alternate manual solutions, offenders see an increasing exposure opportunity for cyber-attacks.
During the recession period, some airports and airlines engaged in boosting new technological and digital products by developing ‘tech greenhouses’ or sponsoring ‘on premise beta-sites’ for start‑ups, making use of the relatively empty spaces and available professionals. Those airports’ managements, who agreed to invest in digital research despite budget shortages, now enjoy some advantage in comparison to others trying to handle the rising traffic loads.
However, one direct result of the ever-evolving digitalisation is a growing vulnerability to interference with processes and expanding attack‑surface. That exposed some organisations, namely, health organisations and their chain of supply, to a vast digital attack-surface by mal-practitioners. While the health sector with its chains-of-supplies was the attractive target in 2020-21, the target has now shifted to interfering with tourism, threatening airlines by passenger data theft (for fraud or resale purposes), while exposing them to sanctions due to privacy standards violation or just plain ransom. Airports that still widely struggle with the lack of manpower and queues, delays and customer dissatisfaction are now more prone to be extorted by remote cyber-attacks intervening with their services.
During the long ‘stay at home and run your life online’ COVID-19 global crisis, the exponential growth of remote working, schooling and commerce and worldwide anxiety took its toll, but one possible benefit from it is the gradual public’s growing awareness to cyber-crimes.
The widened understanding that threats via digital channels is expanding, has seen some airport management limiting cuts to budgets dedicated to cyber-protection and seeking solutions. Cyber-defence strategy, on the one hand, and actual mitigation practices applied in airports’ security on the other hand, now became significant.
We are way past the days when having an anti‑virus (AV) or firewall (FW) protection is sufficient for acquiring safety. Every notable organisation must obtain the relevant protective updated measures, deploy some ‘perimeter’ protection to its information technologies (IT) networks, gears, and apps, and firmly secure its operational technologies (OT).
Cyber-security array for sensitive infrastructure (and I consider airports and airlines as such, as well as other mass transportation means), should include wide monitoring capabilities, viewed 24/7, 365 days a year, by hiring those services from a reputable MSSP (Managed Security Service Provider) with SIEM/SOC (Security Information & Event Management / Security Operation Centre), to cover relevant rules and scenarios. Other organisations developed on premise capabilities as cyber-SOC, with implemented SIEM, preferably with some degree of automation to resolve certain events, such as in-house DFIR (Data Forensics, Intervention & Response) skills.
The Russo-Ukraine conflict in 2022 has prompted the use of cyber-attacks against civil aviation as a political or combat tool, along with more “orthodox” physical threats or terror. Whether a legitimate tool or not – it is in the eye of the beholder. Among such attacks (both physical and digital) are the following examples:
24 FEB – Airport near Kiev was attacked
27 FEB – World’s largest cargo aircraft destroyed in hangar
26 MAR – Powerful cyber-attack on Russia’s Civil Aviation Authority (Rosaviatsia)
29 MAR – Connecticut International Airport website hacked (by ‘Killnet’)
20 APR – Czech regional airports suffered website cyber-attack
30 APR – Missile hit runway in Odesa Airport (from Digital to Kinetics explanation)
13 MAY – DDoS attack on seven Russian Airlines websites.
To summarise, the post-COVID-19 cyber arena, affected by the geopolitical sphere, is partially threatening the still-vulnerable aviation components, predicting that in the near‑enough future, cyber-threats will remain a significant menace to aviation, airports, and airlines. I urge airports to reconsider greater awareness and engagement with handling this threat.
Roni Tidhar serves as Israel Airports Authority’s (IAA) Head of International Consulting Services and Cyber Security Director (act.). He carries vast experience in civil aviation security and emergency management from his 30+ years in Israel’s Ben-Gurion International Airport, Security Division (in multiple positions) and Cyber Security. Parallel to that also two decades serving as El-Al Israeli Airline’s Air-Marshal & Operational Flights Security Manager – working in dozens airports across the globe. He is an active IDF Colonel (Res. Units), a volunteer Police Squad Commander and as local community elected public representative and also use to serve as elected employee’s union representative within IAA. Roni is serving (Non-paid) on the Board of Directors for several NGO’s. He carries a B.A. in Political Sciences & Far East Studies from Jerusalem’s Hebrew University and M.A. in Security & Diplomacy for Senior Directors from Tel‑Aviv University.