How the cyber threat landscape of airports has evolved

Airport security has been an important area of focus for more than 50 years. Anyone who flies is well aware of the airport screenings meant to protect passengers from bombs and hijackings. Behind the scenes, however, airports today must also increasingly focus on and address cybersecurity threats to the IT systems that manage their operations and safeguard sensitive data.

Any cybersecurity slip-up can have serious consequences. For example, in April of 2019 hackers knocked out computers behind flight message boards and some airport office operations at Hopkins Airport in Cleveland, Ohio. In July of 2018, hackers were caught selling codes on the Dark Web that enabled remote access to the security systems for an unnamed airport.

Unfortunately, airports today have an extremely complex and constantly evolving IT environment that makes it difficult to keep ahead of cybersecurity threats.

Why airports need a new approach to cybersecurity

Numerous scenarios are forcing airports to seek more advanced and agile cybersecurity solutions. These include:

• Continually evolving threats: Cyber-attacks are on the rise and increasing in sophistication. They often originate from well-organized and adequately funded groups and at times, are even state-sponsored. Solution providers and cyber criminals are both exploiting technological advances to further their respective goals. Attacks may go undetected for a long time or even never found without the right solutions in place.
• Convergence of IT and Operational Technology: Once strictly operational, today’s OT systems include IT or are integrated with the airport’s IT infrastructure. For example, electronic boarding systems use an e-Gate driven by an electric motor drive that opens and closes the gate and are controlled by the airport’s boarding system (IT). Similarly, while building management systems (BMS) that monitor elevators and escalators are operational, IoT sensors send signals to an IoT hub where they can be analyzed to ensure that elevators/escalators are working properly. This convergence opens up a large number of entry points through which bad actors can potentially enter the IT network and an equally wide range of ways in which they can disturb airport operations.
• More devices and technologies: Increase in the variety and sheer volume of devices as well as the mix of older and newer technologies at the airport mean that one cybersecurity solution does not fit all. At the same time, incrementally adopting a plethora of security solutions and services does not help as this often leads to scenarios where one solution does not integrate or connect with the other, thus creating vulnerabilities that cyber criminals can exploit.
• Variety of stakeholders with varied needs— Airports rely on a wide range of suppliers who provide various services. These suppliers must access airport IT systems and data using a variety of devices to deliver their services. Passengers also access airport systems, devices and Wi-Fi to avail themselves of self-service options. Airports, must prevent staff, subcontractors and passengers from misusing their access. They need cybersecurity solutions that can implement authentication and authorization policies without affecting the user experience.
• Changing technology and deployment topology—Airports continue to integrate new technologies into their IT systems while maintaining legacy systems (sometimes even past their end-of-life (EOL)) in the same network. For example, self-service devices, eGates, IoT devices, wearables and robots increasingly coexist with older PCs, printers, and workstations. Also, as airports move from on-premise systems to the cloud, maintaining the same set of cybersecurity policies on various IT assets could be a challenge with traditional cybersecurity solutions.
• Greater emphasis on data privacy—While airlines and ground handlers have traditionally owned the relationship with passengers and hence had the most access to passenger data, airports increasingly collect passenger data as well. For example, they might scan boarding passes to give passengers discounts on items sold in the terminal. Any personal information they collect is subject to compromise and/or misuse and thus liable to bad publicity, litigation, and compensation. Airports need security solutions that can protect this passenger data and address a growing list of consumer data privacy regulations, such as GDPR.
• Longer hours—Airports are operating increasingly longer hours. Many are open 24/7. Such schedules give airport IT departments less downtime in which to maintain their systems as well as the security solutions that protect them. Airports need easily configurable security solutions that offer agile implementation and are easy to maintain.

As we move away from the traditional ‘multiple-point manual checks by officer’s’ security routine to a more self -service, automated technology-driven one, the treats rise proportionately. Now attacks can not only be glaringly visible and geared to disrupt airport operations but they could also be more sinister and unseen. It could be geared toward planting a Trojan for future attacks or worse, stealing financial, confidential and PII type data that one would know off only after the attack.

Every IT network is only as strong as its weakest link. A single exploit can severely impair the operations of the entire airport and even national or international aviation networks, in a short period of time. As a result, airports must isolate any impacted endpoints quickly to contain the attack. As airports grow and their security needs evolve, complex and rigid security solutions are inappropriate. Airports need flexible, agile solutions that can grow with their needs and help counter ever-changing security challenges.

By Ashwin Pal, Director, Security Services, Unisys APAC