Addressing Airport Cybersecurity and Technology Resiliency Just Became More Urgent

Mike Zoia
March-April
2023

Airports have long maintained well-defined disaster recovery plans for responding to significant weather events or other disruptions like irregular operations, including mechanical failures. Today it’s clear the aviation industry must expand that planning approach to focus on broad strategies that enable swift responses to cyberattacks or technology disruptions.

Bad actors have the motivation and means to knock airport operations offline. Recent events show that they know how to target transportation and can successfully execute attacks.

The TSA blames Russian hackers for an October 2022 cyberattack on some of the largest U.S. airports, including Hartsfield-Jackson Atlanta International Airport, LaGuardia Airport and Los Angeles International Airport. The attack temporarily shut down the public-facing side of airport websites. This resulted in inconvenience for travelers, though airport operations were unaffected. Still, the message was clear: Hackers have the ability to gain access to critical airport operational systems.


Mike Zoia, CPP, PSP, RCDD, is a business development manager for Burns & McDonnell with more than 20 years of experience managing security and technology consulting and engineering engagements. He has worked on capital development programs worldwide, providing a unique technical perspective and understanding of global trends in technology, security and innovation.

It is also evident that airports and airlines are increasingly susceptible to other hardware and software failures not caused by malicious actors. A number of recent events highlight that the increasingly complex systems that help our industry meet its core goal of safely transporting people and goods around the world are becoming increasingly fragile and vulnerable.

TSA Administrator David Pekoske has spoken publicly about airport cybersecurity, emphasizing that cybersecurity risks are just as important as physical security risks. This is why new cybersecurity requirements are expected to be released early this year. These will not only strengthen our posture against purposeful cyberattacks, but also help minimize the impact caused by hardware and software failures that were not directly related to cyberattacks.

 In December 2021, nearly a year before the serious October 2022 cyberattack, TSA announced new security directives along with additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector. At this point, two of those directives apply to airports and airlines:

  • Designate a cybersecurity coordinator.
  • Report cybersecurity incidents to the Cybersecurity & Infrastructure Security Agency (CISA).

Most, if not all, airlines and airports already have cybersecurity plans in place, but now is the time to review them with these goals in mind:

Ability to Recognize Cyber Risks

Airport and airline operators should conduct a sitewide risk and vulnerability assessment to provide a baseline with respect to their current risk profile and where they need to be in the future to meet set requirements.

Total Asset Visibility

Visibility over the entire asset inventory is vitally important. Unless airport operators know the operating profiles and locations of all assets within their environments, vulnerabilities will remain unaddressed.

Harden Operational Systems

All assets, whether critical or noncritical, should be hardened to eliminate any vulnerabilities and to improve overall system resilience and reliability. System software or hardware on a connected or vital asset that is not up to date can expose weaknesses that hackers may exploit. Outdated software or hardware also creates risk of other failures.

Segregate Networks

Airport and airline operators should consider segregating networks by determining which ones have connectivity to the outside world and which ones don’t. Installing a firewall between information technology (IT) and operational technology (OT) systems can limit unauthorized access to critical networks. Installing remote access VPNs within network architecture is an additional security step.

Identify Potential Threats

Adding a threat detection solution is key to continuously monitoring behavior for internal and external threats or anomalies that could result in a cyberattack.

Monitoring Aging Infrastructure

Adding an infrastructure assessment of the entire asset inventory is also crucial to understanding any potential failure points on an ongoing basis.

Response and Recovery Plan

Should a cyberattack or other failure happen, having an incident response and recovery plan in place will help airport operators better understand how long it may take for certain operational systems to get back online. And just as important, practicing these plans is key to quick recovery and overall resilience.

With millions of people flying daily in the U.S., it’s essential to protect the critical infrastructure that makes air traffic possible. An organized response plan that focuses on airport cybersecurity and technology resiliency will serve as the foundation for managing that risk.

FREE Whitepaper

PAVIX: Proven Winner for All Airport Concrete Infrastructure

PAVIX: Proven Winner for All Airport Concrete Infrastructure

International Chem-Crete Corporation (ICC) manufactures and sells PAVIX, a unique line of crystalline waterproofing products that penetrate into the surface of cured concrete to fill and seal pores and capillary voids, creating a long lasting protective zone within the concrete substrate.

Once concrete is treated, water is prevented from penetrating through this protective zone and causing associated damage, such as freeze-thaw cracking, reinforcing steel corrosion, chloride ion penetration, and ASR related cracking.

This white paper discusses how the PAVIX CCC100 technology works and its applications.

 

 




# # #
 

# # #