Airports are ill-equipped to deal with a major cyber attack, says consultancy firm
A consultancy firm has concluded airports are ill-equipped to deal with major cyber attacks in a new report.
CATASTROPHIC: There are currently around 1,000 cyber attacks on airports and the aviation system every month
PA Consulting Group’s latest research, ‘Overcome the Silent Threat’, said the emergence of a hyper-connected model – where passengers in airports want fast internet and digital engagement with airlines and retailers – is increasing the opportunities for cyber criminals to exploit.
There are currently around 1,000 cyber attacks each month on airport and aviation systems worldwide, according to the European Aviation Safety Agency, and according to PA’s research, airports are at a higher risk of cyber attack due to an increasing use of technologies and digital infrastructure in day to day operations, new data sharing obligations and greater connectivity across staff and passenger devices within airports.
David Oliver, Global Transport Security Lead at PA Consulting Group, said: “Fundamentally, the focus on physical security needs to be applied with the same rigour in the cyber arena if airports are going to build resilience to potentially catastrophic cyber attacks. If the industry does not act now, it will find itself at increased vulnerability to cyber attacks as new technologies become part of everyday operations.”
One key trend increasing dependency on systems that could be subject to cyber attacks is that a number of airports are exploring the option of providing remote control and monitoring for air traffic control systems and on the airfield. As remote towers are highly dependent on the data links that transmit information from one place to another, a cyber attack or physical attack could disrupt operations, including making it impossible to manage airport traffic.
David Oliver added: “With the EU Network and Information Systems Directive, which aims to improve the cyber resilience of the UK’s essential services, now in force, UK airports risk penalties of up to £17 million for failing to put in place appropriate cyber security measures.”
The report is based on in-depth analysis and interviews with four major international airports, a diverse group which represents the type and scale of airports globally.