Eric Vautier, the Chief Information Security Officer of Groupe ADP, discusses the changing nature of DDOS attacks. He also discusses the strategies to safeguard airport websites, information systems, and infrastructure against such attacks.
A Distributed Denial of Service (DDoS) attack occurs when a website or online service is overwhelmed with excessive internet traffic. Excessive traffic can cause the website or service to malfunction. DDoS attacks can take various forms, including volume-based attacks, protocol-based attacks, and application layer attacks. DDoS attacks have been around for a long time; however, we can observe new trends in these attacks.
Airports, in addition to being critical infrastructure, are often seen as representatives of a state or a region. It makes airports the focal point for cyberattacks aimed at weakening the geopolitical position and disrupting their security measures and operations. Airports need to be ready to resist deliberate cyber threats.
Numerous airports have already established robust cyber security defenses against DDoS attacks. However, hackers can manipulate cybersecurity measures with enough time and effort, similar to other software.
Moreover, HTTP isn’t the sole protocol that can be utilized. Merging assault methods like SYN flood and DNS amplification with HTTP flood makes the defense of the victim more complex.
Airports offer online services like parking reservations and reward programs, easily enumerated through automated systems. While airports used to rely on anti-DDoS protection for their primary official website, this is no longer sufficient. They must identify important web services and improve security, even if it costs more money.
Below is just a short list of best practices that every airport needs to consider to increase its cyber resilience.
Determine your resources (such as websites, Application Programming Interfaces (APIs), applications, Virtual Private Network (VPN), and so on) that are accessible over the Internet. Conduct a risk assessment, including DDoS attacks, for the most critical ones.
This allows you to evaluate the impact of an internet outage at the airport level. Many airport processes rely on cloud apps. If there’s an internet disruption due to a DDoS attack, it can cause problems for the airport, airlines, and handlers.
The easiest option would be a cloud-based solution, which is easier to deploy.
Airports frequently maintain their own websites. Consider having some of them hosted by a cloud provider, which often includes built-in anti-DDoS protection. Moving a website can complicate matters, especially if it is connected to in-house systems like AODB or CRM.
Cyberattackers often provide advance notice of their intended targets. Airports can prepare for attacks and secure their online applications by monitoring certain Telegram or X channels. Even if your airport isn’t the main concern, being aware of attacks on nearby airports can serve as an early warning.
Report any significant, whether successful or unsuccessful, cyberattack to the appropriate authorities, such as cybersecurity agencies and law enforcement. Victims must defend themselves and share important information, like Indicators of Compromise (IOCs), with authorities.
Groupe ADP is one of the few airport operators to be present in all aspects of the airport value chain, from upstream studies in engineering, master planning and design, to the commissioning and operation of intricate facilities (terminals, airstrips, luggage sorting, etc.). Groupe ADP operates the three main airports in Paris: Paris-Charles de Gaulle, Paris-Orly, and Paris-Le Bourget. Additionally, they also manage around ten other airports in the Paris area.