In today's digital age, cyber threats have become a frequent occurrence and are becoming increasingly sophisticated, posing a significant risk to airports and their customers. Here's how to address airport cybersecurity.
By BEUMER Group
The cyber threats to aviation and airports are vast and complex. Traditional airport security measures have primarily focused on physical threats, such as terrorism and smuggling.
However, the digital landscape has introduced a new breed of adversaries aiming to exploit vulnerabilities in airport systems. Cyber attacks on airports and the systems that help run an airport can come from a variety of sources, including state-sponsored hackers, criminal groups, and even insiders with access to sensitive information. These cyber attacks can take many forms, such as phishing, malware, ransomware, or denial of service (DoS) attacks.
“Cyber threats are becoming increasingly prevalent due to the need for global connectivity and the shift towards a more digitalised world,” says Ibrahim Memis, BEUMER Group’s Head of Cyber Security.
One of the biggest challenges in airport cybersecurity is the vast number of connected devices and systems. From security cameras to baggage handling systems, each component can be a potential target for cyber criminals.
The interconnectedness of these systems also means that a single breach can quickly spread across the entire airport infrastructure. In order to safeguard their assets and maintain their reputation, airports must prioritise and invest in robust cybersecurity measures and understand airport cybersecurity best practices.
Airports, handling sensitive data like passenger information, airline schedules, and cargo manifests, are prime targets for cyber attackers. Their reliance on complex industrial control systems increases vulnerability to disruptive cyber attacks. Successful cyber attacks can cause flight disruptions, data breaches, financial losses, and harm an airport’s reputation, customer trust, and the overall transportation and commerce ecosystem.
There have been several high-profile incidents over the last decade that highlight the growing threat of cyber attacks on the aviation industry.
A quick Google search will reveal how this increasing threat of cyber attacks on airports and the aviation industry highlights the need for enhanced cybersecurity measures. As airports continue to digitise and rely on interconnected systems, the risk of cyber attacks rises. It is crucial for airports to prioritise cybersecurity and implement robust security measures to mitigate these risks.
One proactive step that airports can take is to ensure that their baggage handling supplier is ISO 27001 certified.
ISO 27001 is an internationally recognized standard for information security management systems. It guides organisations in identifying and addressing cyber threats effectively. Airports can enhance their cybersecurity and resilience against attacks by partnering with an ISO 27001-certified baggage handling supplier.
ISO 27001 certification indicates that the supplier has implemented a comprehensive information security management system (ISMS) that follows internationally recognized best practices. This means that the supplier has taken steps to identify and assess potential security risks, implement appropriate controls to mitigate those risks, and regularly monitor and improve their security posture.
“Engaging a trusted supplier from a security perspective involves partnering with an organisation that prioritises security and has thoroughly researched and implemented all necessary security controls and measures,” says Ibrahim Memis.
By collaborating with a supplier certified under ISO 27001, airports can enhance the security of their baggage handling systems and safeguard their customers’ sensitive data. Moreover, such partnerships can help airports fulfil regulatory compliance obligations pertaining to cybersecurity, aligning closely with the latest amendment released by the Transportation Security Administration (TSA).
The IEC 62443 is a specific standard that focuses on industrial automation and control systems cybersecurity. It provides guidelines and best practices for securing these systems against cyber threats and attacks, including requirements for securing their entire lifecycle, from design and development to deployment and maintenance.
Although both ISO 27001 and IEC 62443 are internationally recognised standards that prioritise cybersecurity and information security, they differ in scope. Despite their differences, ISO 27001 and IEC 62443 both emphasise the importance of risk assessment and management, as well as the need for a continuous improvement process for maintaining security.
“ISO 27001 certification covers human behaviour, including how we act, how we work and how we complete tasks to ensure that we are not picking up USB sticks from parking lots or engaging in other risky behaviours,” says Per Engelbrechtsen, Business Development Director at BEUMER Group. “In addition to the human behaviour aspect, there is also a focus on product security”.
In contrast, IEC 622443 outlines how products should be built and the necessary security levels required for what is delivered to customers. This is the combination of the two aspects, with one focusing on product security and the other on how the organisation behaves.
“Both aspects, product security and human behaviour, are important for cybersecurity,” continues Per Engelbrechtsen.
Suppliers can seek IEC 62443 certification by undergoing an audit by an accredited certification body that verifies that their products or services meet the technical requirements and implementation guidelines set forth in the standard.
Partnering with an ISO 27001 certified supplier and adopting IEC 62443 standards can offer several benefits to an airport in terms of cybersecurity and information security.
An ISO 27001 certified supplier can provide the airport with a reliable and secure baggage handling system that is built and maintained in accordance with international information security standards. The supplier would have implemented a comprehensive information security management system to identify and mitigate potential security risks, as well as measures to ensure the confidentiality, integrity and availability of information.
Adopting IEC 62443 standards can provide the airport with a comprehensive framework for securing its IACS against cyber threats and attacks. This includes guidelines and best practices for securing the entire IACS lifecycle, from design and development to deployment and maintenance. By implementing IEC 62443 standards, the airport can reduce the risk of cyber threats and attacks, protect its critical infrastructure and ensure business continuity.
“The ISO 27001 can be seen as a broad framework for cybersecurity, while the IEC 62443 provides a more specific approach,“ says Ibrahim Memis. “However, these two frameworks work well together because IEC guidelines allow for the implementation of ISO requirements in a more targeted and precise manner.”
He emphasises that cybersecurity concerns must start at the highest level of any organisation
“Cyber security strategy is a top-level management concern and a strategic topic that should be integrated into the organisation,” he says. “A certified supplier can use existing frameworks and standards, such as ISO 27001 as a basis, and customise them to fit the needs in question. Since each organisation is unique, it is critical to integrate security seamlessly into the internal IT infrastructure and external product portfolio. Security should not be treated as an add-on but as an integrated component of the organisation.”
The rise of the Internet of Things (IoT) – a network of physical devices, vehicles, appliances, and other items that are embedded with sensors, software, and connectivity, allowing them to collect and exchange data – has had a significant impact on both IT and Operational Technology infrastructure, particularly in the aviation industry.
Operational Technology environments consist of hardware, software, and network components that are designed for specific purposes and require specialised knowledge and skills to operate and maintain. Due to their critical nature and potential impact on public safety and the economy, Operational Technology environments are subject to unique security risks and challenges.
In airports, IoT devices are increasingly being used to manage and optimise airport operations, such as baggage handling, passenger flow, and facility management. These devices generate large amounts of data that can be used to improve airport efficiency and enhance the passenger experience.
However, the widespread adoption of IoT devices also creates new cybersecurity risks for airports, particularly as many of these devices are connected to both IT and Operational Technology infrastructure. This means that a cyber attack on an IoT device can potentially compromise both IT and Operational Technology infrastructure, leading to operational disruptions and other negative consequences.
In addition to the risks of IoT hacking, securing the information generated by operational assets, such as baggage handling systems (BHS), is also critical. The data generated by BHS, for example, includes sensitive passenger information and other operational data that must be protected from unauthorised access and misuse.
To address these risks, it is important to implement robust security measures for all IoT devices, including access controls, encryption, and other security protocols, to protect against unauthorised access and misuse.
Advancements in AI and emerging technologies also contribute to the growing importance of airport cybersecurity. AI tools enhance security and streamline operations but introduce new risks, such as data breaches and privacy concerns. AI-based facial recognition and drones improve efficiency but also pose security challenges.
“AI-based tools, including platforms like ChatGPT and others, have made it remarkably easier for individuals without deep expertise in cybersecurity or hacking techniques to exploit vulnerabilities and launch attacks on companies and critical infrastructure,” says Ibrahim Memis.
The cybersecurity threats facing the aviation industry include hacking, phishing, and other forms of social engineering. Cyber attackers can exploit vulnerabilities in airport and airline systems to steal sensitive data, disrupt operations, or cause other forms of damage.
“It’s important to constantly evaluate risks and identify ways to mitigate them, as the nature of risks can change over time,” says Ibrahim Memis. “For instance, three years ago, the geopolitical tension in Ukraine wasn’t considered a major risk. However, with the current rise in politically motivated cyber attacks it’s important to reassess your risk management strategy and take into account the potential for geopolitical attacks on your infrastructure or products.”
The COVID-19 pandemic has had a significant impact on airport cybersecurity, particularly as airports have had to adapt to new touch-less and digital solutions to provide a safer and more seamless passenger journey. The shift towards digital solutions has increased the reliance on technology and has created new vulnerabilities that cyber attackers can exploit.
The touch-less solutions implemented by airports, such as self-service check-in kiosks, contactless payments, and biometric identification systems, rely heavily on digital technology and connectivity.
While the shift towards touch-less and digital solutions has provided benefits for airport operations and passenger experience, it has also created new vulnerabilities that cyber attackers can exploit, including hacking, phishing, and other forms of social engineering. Cyber attackers can exploit vulnerabilities in these digital systems to steal sensitive data, disrupt airport operations, or cause other forms of damage.
“These factors simplify certain aspects of travel, but also present significant challenges for companies and industries aiming to effectively protect themselves against these threats,” says Ibrahim Memis.
Furthermore, the pandemic has reduced airport staff, leading to increased reliance on automation and digital solutions. This reliance can create vulnerabilities as these systems may not be adequately secured, making them more susceptible to cyber attacks.
A successful cyber attack on an airport can have severe consequences. It can lead to flight delays or cancellations, damage to reputation, loss of customer trust and financial losses. A hacker could also gain access to sensitive information, such as passenger details or flight plans, putting individuals at risk of identity theft or other malicious activities that threaten public safety.
Thus, airport cybersecurity is a critical component of airport operations. The consequences of a successful cyber attack can be severe, and the threat landscape is constantly evolving. Therefore, airports need to implement a comprehensive cyber security strategy that includes risk assessment, access control, network security, endpoint security, and incident response planning.
“Having all the necessary policies and processes in place is essential,” concludes Ibrahim Memis.
