Aviation has been severely hit by the COVID-19 pandemic with travel restrictions and dramatic declines in air traffic.
The pandemic has changed the way we work, resulting in remote and distributed working and increasing our reliance on technology to record levels.
This, combined with the sense of urgency and uncertainty surrounding all matters related to fighting COVID-19 and its effects, has proven to be fertile grounds for cybercriminals and hackers.
All businesses, including airports, are at risk from cybersecurity threats, whether they have a straightforward set of systems or the most sophisticated IT digital transformation programmes.
Hackers and cybercriminals have used every opportunity presented to exploit the current challenges. These have included phishing attacks on individuals, using health concerns to obtain personal details, cyberespionage to steal vaccine research and pharming attacks that directed airline ticket holders to fake refund websites.
While the world prepares for COVID-19 vaccination, one of the biggest threats to the distribution of vaccine are hackers targeting COVID vaccine supply chains and the distribution effort. As an example, a phishing campaign targeting organizations associated with the vaccine alliances cold chain equipment optimization platform was already launched last September.
Airports are crucial links in the vaccine distribution supply chain but they are also experienced in ensuring cybersecurity and protecting their operations from cyber attack.
Cybersecurity threats have always been recognized as a serious concern for the aviation sector and ACI World has advised that they are expected to increase in number and impact for the foreseeable future.
Airports such as Vaclav Havel Airport Prague have opened new high-tech cybersecurity operation centres on-site which runs 24 hours a day to protect the airport from cyberattacks and the misuse of airport information systems.
Airport stakeholders’ priorities, however, have been shifted towards survival mode with cost reduction being pursued in line with the reduced traffic levels while at the same time ensuring the health and safety of their passengers and workforce.
These measures have increased each airport’s reliance on technology and have forced Chief Information Officers (CIOs), Chief Technology Officers (CTOs) and Chief Information Security Officers (CISOs) to reprioritize their focus and respond on short notice to further technology adoption while simultaneously juggling shrinking budgets and reduced workforce.
At the request of its World Airport IT Standing Committee (WAITSC), ACI World issued a virtual Airport Cybersecurity COVID-19 survey to determine the global overview and to assess the level of impact that the COVID-19 pandemic has caused in the airport community with regard to cybersecurity.
Authorities of more than 40 airports, managing more than 100 airports worldwide – representing Africa, Asia-Pacific, Europe, Latin America-Caribbean and North America – participated in this survey.
The Airport Cybersecurity COVID-19 Report gives an overview of the findings of this survey with regards to cybersecurity maturity, COVID-19 Impact, security risks and measures, cyberattacks and the challenges ahead.
Some of the findings in this report include that 61.5% of the airport respondents confirmed that their airports were targeted by cyberattacks during the survey period and 54.1% airport information technology (IT) leadership respondents believe that the single biggest challenge with regard to cybersecurity during the COVID-19 recovery phase would be budget reduction.
An additional key finding was the impact of remote working, and greater use of collaborative tools that brought new risks to the everyday working environment. Over 80% of respondents had updated their remote working policies in response.
“It is recognized that cybersecurity is one critical item on the top risk mapping for all industry and more particularly for Airports. This survey is providing a useful view and comprehensive insights of the COVID 19 pandemic impact on Airports cyber security plan and actions. In the current context of cyber attack increase, it is also helping Airports management to understand challenges, best practices and actions to be taken to maximize their cyber resilience. ”– Gilles Leveque, Director of Information Systems at Group ADP
While we can’t be certain about the speed of adoption of Artificial Intelligence or Password-less technologies in cybersecurity, one thing is certain, cyberattacks and the problems associated with it are growing in volume, sophistication and impact and having strong cybersecurity at airports is an absolute necessity.
It is essential that airports work with aviation stakeholders to establish a programme of cyber resilience and maintain robust and efficient cybersecurity defences.
ACI World will continue to support airports and advocate for international cooperation, joined up governance, and coherent and practical policies to address cybersecurity, coupled with practical solutions for information sharing, oversight, capacity building and training.