Securing the Airport Ecosystem: 3 Ways to Manage Cybersecurity Threats

George Prichici is the VP of Products at OPSWAT, leading the Application Security PLU. George’s background in technology spans over 15 years, in both product management and software engineering leadership positions. He’s a certified cloud solution architect and his focus and interest is in cybersecurity, cloud infrastructure, and machine learning.

It only takes a moment to think of a recent issue with canceled flights. From mishaps on the runway to the fuselage blowout on Alaska Airlines and from ransomware attacks on airline websites to cyberattacks on vendors within the airport ecosystem, the aviation industry must prepare for and manage serious disruptions while still providing smooth operations and positive customer experiences.

Some disturbances are inevitable, but there are updates airports can make to increase cybersecurity and minimize the likelihood and impact of such events. And as airport operations have become increasingly digitized in the last decade, airport executive officers face increasing pressure to address growing cyber risks and minimize their impact on operations.

Complex, Fragmented Networks

Larger airports are complex ecosystems that rely on many interconnected networks. An airport essentially functions as a micro-city: it requires power, water, sewage, transportation, technology centers, and communications. On top of this infrastructure, airport executives must also manage physical and cyber security, catering, runways, air traffic control towers, gate operations, baggage and lighting systems, and much more. Managing and securing these networks is an arduous task on a normal day but can quickly become far more difficult if an adverse cyber event occurs. Cyberattacks in one area may spread to another, increasing the overall impact on operations. Similar to other critical infrastructures, the potential for massive disruption makes it an appealing target for malicious actors.

At the same time, airport operations have become more digitized, resulting in more data and files being created, stored, and shared. Files must flow rapidly into and out of different systems to ensure software updates are applied and audits completed. Attackers may take advantage of the need to use external data sources to embed potential malware into these files. Meanwhile, airports face elevated risks because of the potential impact on passenger safety, ground operations, and airborne assets if malicious files are uploaded to their servers.

Addressing these risks and ensuring the free transfer of files while still preserving safety and service is an ongoing challenge. Nation state actors, international crime organizations, and skilled hackers continue to develop more sophisticated methods for infiltrating critical systems, creating serious public safety risks for airports that don’t invest in cybersecurity solutions that meet the unique needs of their complex ecosystem. Airport executives must update protocols frequently to address these challenges as they emerge.

Threat Landscape for the Airport Ecosystem

Compounding the complexity of airport infrastructure and the thousands of files that need to be assessed for malware on a daily basis, cyber attackers are also using rapid advances in artificial intelligence (AI) to increase the scale and sophistication of phishing campaigns and other social engineering attacks. In this exploding threat landscape, airports must prevent attacks and be prepared to respond to and minimize the effect of those that make it through despite best efforts to block malicious actors.

Prepare for Cyber Threats

There are a few key ways cybersecurity professionals can prepare for threats in the airport industry. In March 2023, the Transportation Security Administration (TSA) issued a new cybersecurity amendment directed at the security programs of some TSA-regulated airport and aircraft operators to increase cybersecurity resilience. In addition to developing an approved implementation plan, TSA also requires these entities to:

● Develop network segmentation policies and controls that ensure operational technology systems continue to operate safely even if an information technology system has been compromised

● Secure and prevent unauthorized access to critical cyber systems through access control measures

● Establish continuous monitoring and detection policies and procedures designed to defend against, detect, and respond to cybersecurity threats that affect critical cyber system operations

● Minimize the risk that unpatched systems result in exploitation by applying security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems

Cyber professionals can address these requirements and minimize risks in the following three ways:

1. Adopt a zero trust approach

Boost access control measures to regulate more strictly who has access to individual resources. Zero Trust Network Access (ZTNA) is a framework for secure access control, which is essential in the complex airport software supply chain. Zero trust enables visibility into the supply chain by defining the digital relationships between different entities, helping identify and remediate potential risks in the supply chain.

2. Scan files before they enter the network

As file-based malware attacks continue to occur, airports must improve file-based security to test whether documents flowing into and out of their systems contain malware. One way to manage this challenge is to scan files before they enter the network, leveraging technology that contains multiple anti-malware engines and is easily accessible where it is needed. Airport employees must be able to use the Internet, transfer files, upload videos, and share information with third-party vendors securely without time-consuming scanning delays. Furthermore, as aircraft systems often receive updates via peripheral media such as SD cards, there is an increased risk associated with the introduction of potentially compromised software. To mitigate this risk, it is essential to implement rigorous scanning procedures for software updates, patches, source code, and other files relevant to aircraft systems. Establishing dedicated scanning stations, such as portable kiosks, can streamline this process, providing a convenient and efficient means of ensuring the integrity of files before they are incorporated into critical aviation systems.

3. Leverage AI to identify and respond to cyber threats

As world governments, corporate entities, and the private sector work to regulate how to use AI, cyber experts in the aviation industry can leverage AI to monitor networks and identify potential risks more rapidly. Early detection and response to cyber threats can minimize the impact of an adverse event without increasing the workload for airport cybersecurity teams.

Increasing Cyber Resilience

Airports are now, and will remain, attractive targets for attackers, as evidenced by a 24% surge of cyber attacks in the aviation industry in the first half of 2023. Cybersecurity best practices, such as adopting zero trust models, proactively scanning files for malware, monitoring threat intelligence, and using AI to monitor and identify risks can help airport executives and the ecosystems they manage remain operational and safe for passengers and staff on the ground and in the air.