Cybersecurity Specialist from Edmonton International Airport (YEG) Kristoffer Soliven is busting myths about airport cybersecurity threats.
Airports play a vital role in modern society, connecting people and fostering economic growth. As technology continues to advance in the realm of information and security systems, the management of airports has undergone significant changes. However, this progress also increased the risk of cyber threats. To better understand the cybersecurity landscape at airports, let’s debunk some of the most common misconceptions.
In this article, we will explore 10 myths related to airport cybersecurity that many people can relate to.
The data breach myth for airports revolves around the misconception that airports are not vulnerable to data breaches or cyberattacks because they do not store sensitive information such as credit card numbers or personal health data. This myth is dangerous because it leads to complacency and a lack of investment in cybersecurity measures.
Airports are complex ecosystems that rely on interconnected networks to function smoothly, making them just as vulnerable to cyberattacks as any other organization. In addition, every airport is unique, and the operating models of airports differ globally.
For example, in Canada, at this time, airports do not store passenger data from the airlines; however, they do have information from parking and loyalty systems which can include credit card and other sensitive information. What’s more, airports host other stakeholders on their networks who may store confidential and high-target data assets that can be exposed during cyber attacks.
In an ideal world, no organization should ever have to entertain the notion of paying a ransom, as there is no guarantee of recovery. Additionally, paying can further fund other cyberattacks targeting all sectors. However, ransomware attacks can cause severe disruptions to airport operations and compel organizations to contemplate paying for ransomware. Hence, the decision of whether to pay the ransom often becomes a complex matter, influenced by the possible impact on both airport operations and passenger safety.
Incident Response Plans (IRPs) are crucial for managing cyberattacks but are not the sole solution. A successful plan requires regular improvement and adaptation to address organizational risks. This includes conducting tabletop exercises, testing the IRP, updating processes and documentation, and integrating lessons learned from previous incidents.
While the stereotype of a hacker in a basement wearing a “hoodie and a mask” may be appealing, many cyberattacks are orchestrated by well-funded, state-sponsored groups targeting critical infrastructure. They can also be activist groups pursuing social and political objectives, an employee with malicious intentions or anyone with access to publicly available hacking tools to “impress” others. Airport management must remain vigilant and adaptable to counter these diverse threats.
While financial systems and emails may be common targets due to their sensitive information, airports must also consider other potential targets, such as operations-related systems (both on-premises and in the cloud). These encompass operational technology (OT), communication, passenger experience, security, and safety systems, such as baggage handling (BHS), flight management (FMS) and supervisory control and data acquisition (SCADA), which are essential for smooth operations and passenger safety.
As cyber threats evolve, airport management must stay vigilant, continuously assessing and updating their cybersecurity strategies. This is especially important with legacy OT, SCADA and cyber-physical systems that perform critical airport operations.
Contrary to the myth that IT and OT systems are identical or face similar challenges, these systems serve distinct purposes, possess different risks and have unique requirements in airport operations. IT systems primarily handle data processing, storage and transfer, while OT systems, such as BMS, FMS and SCADA oversee and monitor real-time physical processes and have a more direct interaction with human lives.
The integration of IT and OT systems increases the attack surface and could introduce new vulnerabilities, compelling airport management to adopt a comprehensive and unified cybersecurity approach. By understanding the differences and challenges between IT and OT systems in the aviation industry, airport operators can develop and implement targeted cybersecurity strategies to safeguard critical airport infrastructure and ensure uninterrupted operations.
Compliance with industry regulations and standards, such as NIST, ISO and CIS, is vital but doesn’t guarantee complete security. Therefore, organizations must go beyond meeting regulatory requirements and adopt a proactive approach to continuously identify and address potential risks.
While cyber insurance offers a degree of coverage in the event of a cyberattack, it cannot replace a comprehensive security strategy. Adequate employee training, risk assessments and system monitoring are just a few of the proactive measures necessary to protect airport infrastructure and operations.
Investing in cybersecurity may appear costly, but the potential costs of an attack and its ramifications, including financial losses, operational disruptions and reputational harm can far surpass the price of security measures. Implementing a robust cybersecurity strategy and controls such as cyber awareness, endpoint protection, secure network design and architecture, and overall governance are essential investments to protect an organization’s infrastructure, business operations and long-term reputation.
Cybersecurity is often mistakenly considered the sole responsibility of the IT department. In reality, every employee plays a pivotal role in upholding a secure environment. Therefore, organizations must prioritize employee training and awareness programs to promote a culture of collective responsibility and vigilance.
Addressing these myths and misconceptions is critical in aiding organizations within the aviation industry in gaining a deeper understanding of security risks, challenges, and essential considerations for developing and implementing effective cybersecurity strategies. Additionally, recognizing the ever-evolving threat landscape, staying abreast of technological advancements and embracing a comprehensive and proactive approach to cybersecurity will allow organizations to enhance the protection of their infrastructure, passengers and operations.