The Cyber Threat To Airports

Uploaded on 2018-04-25 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The increasing sophistication of cyber threats has become one of the main concerns of the aviation industry as airports and airlines realise they are not immune to the latest cyber threats and attacks.

A breach in an airport system could expose passenger’s personal data, impact security checks, affect back-office systems, take-over arrival and departure notifications, and more. The ensuing impact to an airport could ground its entire operation.

As airports become more connected and reliant upon technologies such as the cloud, integrated systems, and the Internet of Things (IoT) for increased efficiencies, it also opens the door to new vulnerabilities including security breaches, malware, spear phishing and social engineering tactics (obtaining passwords etc. by disguising as a trustworthy entity), identity theft, and more.

“There is a wide disparity in the level of cybersecurity preparedness in airports today,” said Jim Knaeble, Global Products Management at Rockwell Collins. “It can vary from an airport where cybersecurity is almost non-existent to one that has a well thought out plan in place.

“Additionally, depending on the size of the airport, it may or may not have the IT staff in place to monitor, analyse and respond to suspicious network security behaviors.”

Late last year, it was reported that a hacker gained access to Australia’s Perth Airport systems and stole building plans and security information.

In October 2017, the Ukraine’s Odessa Kiev airport reported IT system attacks. And a few months earlier, loudspeakers and screens for Vietnam Airlines were hijacked in two Vietnam airports, allowing the hackers to display offensive political messages on flight information screens.

The messages have been described by state media as “distorted information” about Vietnam and the Philippines’ claims to the South China Sea. The allegations were broadcasted over the public address systems, according to huffingtonpost.com.

Cybersecurity for airports isn’t as easy as installing the latest firewall or malware detection software, Knaeble stressed. “There’s no ‘one size fits all’ for airport cyber-security,” he notes.

“Each airport environment is unique. Conducting a proactive risk assessment can identify vulnerabilities so a holistic cyber-security program can be established,” he said.

Once a plan is developed and security solutions are in place, ongoing internal education of security policies and enforcement is a critical component to a comprehensive cyber-security plan, along with enforcement of security best practices within the airports vendor and partner ecosystem. Employees may connect devices or click on a link to a site infected with malware, which can open the door to a breach.

Airports are taking notice of cyber threats and are expected to more aggressively fund cyber-security initiatives in 2018.

While new and emerging technologies will play a part in overall airport security, according to Knaeble, “the number one area that airports should be looking to invest in is creating a holistic cyber-security program. This will ensure that all of their systems are being handled the same way, regardless of vendor.”

To this end, industry groups like ACI World and others are launching initiatives focused on preventing cyber-attacks.

For example, the ACI World Airport IT Standing Committee (WAITSC) has created a cybersecurity task force whose mandate is to engage and educate airports worldwide on the issues of cyber-security.

I-HLS

You Might Also Read: 

Cybersecurity In Aviation:

Munich Airport Opens A Cyber Attack Centre:

 

 

« Help The Aged With IoT
Will AI Replace Most Jobs? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Telecommunications Industry Association (TIA)

Telecommunications Industry Association (TIA)

TIA works to secure trust in networks by advocating public policy positions on the security of ICT equipment and services related to critical infrastructure, supply chain and information sharing.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

Tempest

Tempest

TEMPEST is a leading provider of IT products and services including solutions for network and application security.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

CertNexus

CertNexus

CertNexus is a vendor-neutral certification body, providing emerging technology certifications and micro-credentials for business, data, developer, IT, and security professionals.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.

Nexsan

Nexsan

Nexsan offers versatile and robust data storage solutions tailored to adapt seamlessly across a diverse range of sectors, ensuring reliable performance for critical data management.