The Cyber Threat To Airports

Uploaded on 2018-04-25 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The increasing sophistication of cyber threats has become one of the main concerns of the aviation industry as airports and airlines realise they are not immune to the latest cyber threats and attacks.

A breach in an airport system could expose passenger’s personal data, impact security checks, affect back-office systems, take-over arrival and departure notifications, and more. The ensuing impact to an airport could ground its entire operation.

As airports become more connected and reliant upon technologies such as the cloud, integrated systems, and the Internet of Things (IoT) for increased efficiencies, it also opens the door to new vulnerabilities including security breaches, malware, spear phishing and social engineering tactics (obtaining passwords etc. by disguising as a trustworthy entity), identity theft, and more.

“There is a wide disparity in the level of cybersecurity preparedness in airports today,” said Jim Knaeble, Global Products Management at Rockwell Collins. “It can vary from an airport where cybersecurity is almost non-existent to one that has a well thought out plan in place.

“Additionally, depending on the size of the airport, it may or may not have the IT staff in place to monitor, analyse and respond to suspicious network security behaviors.”

Late last year, it was reported that a hacker gained access to Australia’s Perth Airport systems and stole building plans and security information.

In October 2017, the Ukraine’s Odessa Kiev airport reported IT system attacks. And a few months earlier, loudspeakers and screens for Vietnam Airlines were hijacked in two Vietnam airports, allowing the hackers to display offensive political messages on flight information screens.

The messages have been described by state media as “distorted information” about Vietnam and the Philippines’ claims to the South China Sea. The allegations were broadcasted over the public address systems, according to huffingtonpost.com.

Cybersecurity for airports isn’t as easy as installing the latest firewall or malware detection software, Knaeble stressed. “There’s no ‘one size fits all’ for airport cyber-security,” he notes.

“Each airport environment is unique. Conducting a proactive risk assessment can identify vulnerabilities so a holistic cyber-security program can be established,” he said.

Once a plan is developed and security solutions are in place, ongoing internal education of security policies and enforcement is a critical component to a comprehensive cyber-security plan, along with enforcement of security best practices within the airports vendor and partner ecosystem. Employees may connect devices or click on a link to a site infected with malware, which can open the door to a breach.

Airports are taking notice of cyber threats and are expected to more aggressively fund cyber-security initiatives in 2018.

While new and emerging technologies will play a part in overall airport security, according to Knaeble, “the number one area that airports should be looking to invest in is creating a holistic cyber-security program. This will ensure that all of their systems are being handled the same way, regardless of vendor.”

To this end, industry groups like ACI World and others are launching initiatives focused on preventing cyber-attacks.

For example, the ACI World Airport IT Standing Committee (WAITSC) has created a cybersecurity task force whose mandate is to engage and educate airports worldwide on the issues of cyber-security.

I-HLS

You Might Also Read: 

Cybersecurity In Aviation:

Munich Airport Opens A Cyber Attack Centre:

 

 

« Help The Aged With IoT
Will AI Replace Most Jobs? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Roka Security

Roka Security

Roka Security is a boutique security firm specializing in full-scale network protection, defending against advanced attacks, and rapid response to security incidents.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

Kernelios

Kernelios

Kernelios is a simulator-based training center and an incubator for cyber experts worldwide.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

RKH Specialty

RKH Specialty

RKH Specialty, part of the Hyperion Insurance Group, is a provider of specialty insurance services including Cyber Risk cover.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Toro Solutions

Toro Solutions

Toro provide managed security & consultancy to keep governments, businesses & society resilient in the space where cyber, physical & people security converge.

Syteca

Syteca

Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks.