With critical infrastructure now becoming a prime target for hackers airports now need to ensure that they have in place a comprehensive cyber risk management program in place.
The European Aviation Safety Agency (EASA) has estimated that an average of 1000 cyber attacks occur each month on aviation systems which further demonstrates the threat posed to this sector.
Airports are technology dependent sector on which also makes it attractive for a hacker who is likely to have the intention of causing maximum disruption with many facets of an airport to target.
Whilst a number of computer networks may be segregated such as navigational guidance, immigration and retail outlets there are many areas that could be targeted.
- The airports core IT infrastructure
- Self-check-in desks
- Automated bag drop off systems
- Smart operated gates
- Wi-Fi available within the airport lounges
Cyber-Attacks on Airports
We have see cyber-attacks on airports notably Bristol airport in the U.K. and Atlanta airport in the US both of which occurred last year.
The computer systems of Bristol airport were accessed by a phishing attack whereby an employee clicked on a link which lead to malware infiltrating their systems. For a period airport staff had to communicate arrival / departures by using a blackboard as the messages boards were inoperable.
The wi-fi of Atlanta airport was taken down as a result of a cyber-attack. Flights had to be cancelled causing passenger delays and significant disruption to the airport services.
The Data Breach Threat
High volumes of data are contained within the computer systems of an airport and it therefore important that this protected. This would typically include :
- Boarding card details of passengers
- Car parking details
- Health and Safety information
- Details of disabled individuals
- Employee personal details
- Salary payment details of employees
With GDPR coming into force last year all organisations are legally required to store and protect data up to certain standards.
The NIS Directive
This came into force last year and sets out minimum standards of cyber security that need to be in place for operators of essential services systems (OES) which will be applicable to the aviation sector.
One of the keys in preventing cyber attacks is the developing of cyber resilience within an airport once potential threat vectors have been identified and solutions are in place to manage potential threats.
Image : Shutterstock