The recent cyberattacks on U.S. airports by Russian actors is shedding new light on how woefully unprepared the nation's aviation system is for such threats.
Many in the industry may downplay cyberattacks or believe this is only a major issue for large hub airports. Tom Kellermann, CISM, Senior VP of cyber strategy at Contrast Security, addresses some of the pressing questions airport leaders have about the threat and what steps they can take now.
Airport Business: Airport cyberattacks were popping up across the U.S. prior to the pandemic and then faded away. Why should airports be concerned these attacks will increase going forward?
Tom Kellermann: All major airports have digitally transformed thus expanding their vulnerability to cyberattacks. As geopolitical tension escalates, critical infrastructures like airports are in the cross hairs of Russian and Iranian cybercrews.
AB: What challenges are there with these types of cyberattacks compared to the ransomware attacks of 2019 that saw airfield lights being hijacked in exchange for payment?
TK: Denial-of-Service (DoS) attacks are oftentimes seen as a nuisance. We must be cognizant that many of these attacks precede long-term intrusions into the backend critical networks and systems.
AB: Large commercial airports are generally seen as targets of attack. How could smaller commercial airports or general aviation airports be seen as potential targets for attack?
TK: There is only so much security through obscurity. These smaller airports, especially if they’re near major U.S. cities, are also being targeted.
AB: Should airports be concerned about their fuel farms being vulnerable to attack? How can they work with their local fuel consortium to mitigate the risk?
TK: They should be. The various distribution controls and safety controls are all digital and can be hacked. Local fuel consortiums must invest in proactive cybersecurity measures such as micro-segmentation of networks, using managed detection and response services (MDR), employing runtime application self-protection (RASP), and using multi-factor authentication (MFA). If they are using a completely serverless environment, then they must defend from within with serverless application security.
AB: Are we likely to see attacks on other critical fuel infrastructure? What kinds of impact could this have on aviation?
TK: Yes. Pipelines and refineries will be in the Russian cross-hairs.
AB: Should there be concerns about biometric data being hacked with this technology being expanded in airports?
TK: Very much so. It is nearly impossible to revoke biometrics once stolen and the Chinese have a habit of hunting for American biometric data.
AB: According to our 2021 Airport Business State of the Industry survey, airports are developing an organizational plan to protect against cyberattacks (41%); added more IT staff (29%); and moving to a cloud computing system (26%). Which of these are the most effective measures that airports can move on now?
TK: Airports should consider moving to secure cloud environments that deploy serverless application security.
AB: According to our 2021 Airport Business State of the Industry survey, 26% of airports have taken no steps to protect themselves from cyberattacks. Why is this a reminder for them to consider taking action now?
TK: Much like we never anticipated 9/11, the cyber 9/11 is coming.
AB: How can airport leadership make cybersecurity a priority for their facilities and tenants now to have an immediate impact on cyber security?
TK: Cybersecurity is a functionality of conducting business not an expense. The airports are under siege and TSA will not protect them from this ephemeral threat.
