Cybersecurity threats are more than a scare tactic in the aviation industry. They have become a very real problem for airports across the globe.

Fort McMurray Airport in Canada, which serves more than 1 million passengers each year, recently fell victim to a malicious software attack known as ransomware. In these types of attacks, perpetrators usually hold valuable data hostage until they receive the payment they demand. Unfortunately, Fort McMurray Airport isn't alone. As our culture increases its reliance on digital devices and technology, all airports, small or large, are vulnerable to these and other cyber attacks.

Airport security personnel must be able to effectively assess, manage and defuse a variety of cyber threats each day, whether it's consumer credit card breaches, ransomware attacks or acts of terrorism. The growing role of technology across the airport operation creates more opportunities for threats.

To proactively address cybersecurity before it grounds planes and leaves passengers stranded, airport management should consider taking three essential actions:

  1. Conduct a risk analysis of your current cyber posture.
    While it may be tempting to dismiss concerns due to the size or budget of an airport, it's important to understand every airport is vulnerable to an attack of this nature. Cybersecurity services can be implemented in stages, accommodating a budget of any size. Tulsa International Airport is a great example, demonstrating that even smaller airports can improve their security position on a risk-analysis basis and feel confident in their defenses.

  2.  Recognize that this is inherently an ongoing process and no single piece of hardware or software will cure all woes.
    The aviation industry is comfortable with large capital projects that start with a groundbreaking ceremony and end with a grand opening, but this type of aviation security initiative never ends. It will require constant vigilance and a tailored strategic plan that guides management through maintenance and the identification of new threats. The best time to start preparing for cyber threats was 20 years ago; the next best time is today.

  3. Approach cybersecurity by applying an engineering approach to a technology problem.
    The complexities of this field stem, in part, from an often-unclear definitive formula for success. Assembling an automobile from a pile of parts is much more difficult than from a structured assembly line. While there are standards for different types of information technology, such as the Institute of Electrical and Electronics Engineers (IEEE) standards for Wi-Fi networks, there is no magic bullet for success that is uniquely catered to the aviation industry. Instead, we must rely on a rigorous and structured engineering approach to problem-solving that combines knowledge of cyber issues with aviation expertise to create custom solutions that meet the needs of even the smallest airports.

The future is uncertain, and as aviation security matures, it will be critical to think about cybersecurity in broad brush strokes. A comprehensive approach that considers human behavior and motivations will allow the aviation industry to be proactive and identify threats and potential system weaknesses before a security breach occurs.


As airports modernize, biometrics are increasingly part of the aviation security profile. Learn how it works.

Download the Article

Stu Garrett specializes in aviation information technology and special systems. He has more than 17 years of experience in enhancing 16 of the world’s largest airports, helping clients find new technology solutions that provide passenger convenience and operational efficiency.