As a result of the growing number of attacks, both general and those specifically targeting the aviation industry, as well as the increasing level of sophistication of the attacks and attackers, cybersecurity has risen in importance for all aviation stakeholders. Cyber risk has moved up on the risk registers of many organizations, airports included.
Airports have long relied on technology to create an efficient, effective, and safe environment for travel. Digital transformation and accelerating technological adoption have altered almost every aspect of how airports are run on a day-to-day basis. These rapidly advancing technologies and the increased reliance on digital solutions dramatically increase the airport’s exposure to cybersecurity risk. An attack on an airport’s systems can cause significant operational disruption, financial loss, reputational damage, legal consequences as well as security breaches or safety incidents. These risks make it more important than ever for airports to not only prioritize cybersecurity, but to build cyber resiliency across their systems and organization. As with many other areas, implementing mitigation measures, having a plan, building up capacities and contingency measures and in the end being prepared for an event will help manage the risk.
Airports today recognize the importance of cybersecurity. In a recent survey conducted by ACI World of more than a hundred airports, 84.6% of the respondents stated that they had a cybersecurity policy in place at their airport’s and 61.5% confirmed that they had been targeted by cyberattacks within the last year (2020). With regards to the question of how ACI can better support its members with regards to cybersecurity, 68.4% responded guidance materials, 21.1% responded consultancy, and 34.2% responded trainings.
ACI recognizes that cybersecurity is a cross industry challenge with multiparty cooperation required to tackle it. While continuing its ongoing efforts in terms of advocacy and support to the development of guidance materials on a global scale through working with ICAO, ACI is also cooperating with other industry stakeholders to provide more options and support for its members to become truly cyber resilient. Multi-organization collaboration to this risk is a key to ensure a more robust response through proposing a range of solutions, guidance, and training to airport members.
Building on several years of close collaboration and with the intention of sharing expertise and knowledge, ACI World and Airbus have signed a non-exclusive cooperation agreement with an intent to assist airport members to maintain and improve their cybersecurity resilience. This partnership is a result of a more technical approach required for airports that may not have these specific capabilities in house or may have lost key resources due to the on-going pandemic that has hampered the industry.
This partnership will take ACI’s Cyber Security Self-Assessment tool to the next level, focusing on providing essential and easily digestible information for executive level management at airports. This improved self-assessment tool will allow airports to better understand the potential risk as-well as risk mitigation strategies.
In a longer term, the collaboration between ACI and Airbus will look to provide strategic level support to airport operators and the aviation community at large further improving the level of preparedness and cyber resilience across the industry.