Cybersecurity: Threats in a digital age

Cybersecurity is one of the hottest topics in the world today. What was once a problem for IT departments is now a national issue, effecting companies across the globe. For airports, it’s a particularly pressing problem. An airport setting is unique in that there are multiple stakeholders – airlines, ground handlers, government agencies, telecom providers, security personnel, etc. – all using a common platform. This enhances the risk, as if a common use platform is breached it effectively becomes an ‘attack one, effect all’ situation.

One of the difficulties with detecting cyber-attacks is that they can come from anywhere. Ranging from a physical attack, which could stem from acquiring unlawful access into a restricted area, to a full-blown IT attack. For an airport, with such valuable information being transmitted from various entities’ IT systems, losing data or having it compromised is a huge issue. With this in mind, the IT system itself often becomes the priority target for attackers who want to access and breach this information.

For example, if an attack happens to an airline application it could causes a number of issues: passengers forced to queue for long periods of time because they are not able to check in; the airport not being able to allocate another aircraft for the stands; immigration and customs having to deploy extra resources to process the building of queuing passengers; a decrease in the level of services and a financial impact on all entities. It can quickly become a chain of events that’s very hard to manage. In another example, attackers could enter the government data via the airport infrastructure, which could lead to a catastrophic country-wide disaster that could takes weeks to recovery from.

By infiltrating an airport’s network, cyber attacks can cause untold damage

So, how can airports avoid cyber-attacks? Airport authorities must invest in technologies, people and processes which can be adhered to by all stakeholders to achieve a safe environment and smooth operations. The following seven steps can help to enable airport authorities to ensure an advanced level of cybersecurity exists at the airport.

Cybersecurity committee

It’s important for airport authorities to create a cybersecurity committee, which includes and involves all airport stakeholders and encourages them to meet regularly and to create and approve plans, processes, technologies and funding.

Operational framework

It’s useful to develop and implement a framework to monitor and manage cybersecurity operations. Frameworks can be adopted from ISO 27001:2 and/or the National Institute of Standards and Technology (NIST).

Invest in people

Whilst the airport security committee must educate people on how to follow the processes to achieve goals, this is an ongoing exercise that needs to be in place to update the employees on what is happening in the cybersecurity world. To ensure consistency, airports must invest in their staff.

More than just technology

Technologies and IT tools are very important, but if you don’t have the correct people to operate, monitor and action potential threats then the process is liable to backfire on the airport.

Plan attacks

Airport authorities should attack their own networks. A regular network assessment should be scheduled whereby IT personnel perform a penetration test to ensure the IT infrastructure has no vulnerabilities and to ensure that all stakeholders are following the same process.

Security operation centre

It’s important to deploy a security operation centre, which should function 24/7 to monitor the entirety of the airports infrastructure, including the interfaces between the airport and the other stakeholders.

Funding

The cybersecurity committee must be capable of enabling centralised funding that can help all stakeholders be equal in technology implementation and knowledge on an employee level.

If the above seven steps can be implemented, the risk of experiencing attacks is lessened, but not completely mitigated. In addition, the airport must have a business continuity plan (BCP) that can be activated once an attack has occurred.

Deploying the BCP 

• It is first important to analyse the impact of the attack and to make sure an effective communication plan is in place
• Having a BCP is a good sign, but without practice and familiarisation, a BCP is useless. All airport staff must be trained against the plan and each know what to do in the case of a disaster happening
• The BCP should include a stabilisation matrix which details what systems an airport authority needs to fix as an initial priority, to reduce the impact of an attack
• It’s important to plan for the worst – the impact of a serious attack could take days or even weeks to recover fully from, so in the event of an attack, an airport must be ready with different scenarios which must have been practiced
• Due to the size and number of stakeholders running the airport, an effective communication plan involving everybody must be implemented
• A responsibility matrix should be activated as per the plan, and each stakeholder should know what they are expected to do
• The end goal is to recover from the attack and make sure all systems are operating as normal.