A new report from PA Consulting Group in London shared with Computer Business Review warns that a more “unified” technological passenger airport experience is posing greater cyber risks for airports.
The European Aviation Safety Agency has reported over 1000 cyber-attacks each month on aviation systems and suggested the number is most likely to increase with advancing digitalisation passenger engagement.
The “Overcome the Silent Threat” report by the consultancy claims that “advancing technology such as smart boarding gates and biometric immigration controls” may “expose airports to new risks and unknown threats”.
The reports authors called for a “single point of accountability” for cybersecurity at airports: “Organisations should nominate a board member to be responsible for cybersecurity”, they urged, adding that while vendors and integrators are getting better at providing product security, organisations still need to prioritise cybersecurity as a tender assessment factor.
The report also identified other weak points such the replacement of humans with digital instructions, meaning the pilot potentially cannot recognise if instructions such as false clearance messages are suspicious, causing more opportunity for cyber-terrorism.
As airports are an interesting target for criminal and terrorist organisations with previous occasions of hijacking, protestors and terminal shootings happening around the globe, the report explains cyber resilience is another key factor that C-level airport leaders must continuously govern to prevent dangerous incidents.
IT/OT Towers
Traditionally IT systems have been isolated from OT systems, the report notes, but with airports increasingly realising that integrating the two can bring efficiencies including realtime data gathering, processing and decision-making.
The ability to constantly monitor a system’s health, track operational processes, receive instantaneous information and exchange data with IT systems opens a whole new world of opportunities to improve airport operations, the report notes, but also broadens the threat vector for attackers.
In another report, PA Consulting Group researched and assessed four major international airports and found three key spaces in the aviation industry that must be researched further to avoid costly disruption and potentially, worse:
- Information security has to be given the same attention as physical and personnel security to build strategical cyber security resilience
- Operational technologies such as bagging handling equipment are just as significant as IT systems when analysing how disruption can be prevented to airport passengers, operations and other international airports
- Aviation is far-off other industries on cyber security and must find material from sources such as the energy sector to learn more information
As there is no uniform model to manage airport cyber security, the research explains practical steps to overcome these difficulties. One of the main features includes adopting a life-cycle approach to information security as it ensures security standards are governed in all procurements such as design and use.
Moreover, other factors involve confirming cyber security stakeholders are identified and managed in the airport, aligning cyber security with physical and personnel security and establishing a strong cyber security culture in the airport itself will mean counteracting cyber risks overtime.