When it comes to significant weather events or the possibility of widespread power outages, airports have disaster recovery plans that lay out policies and procedures to follow to minimize disruptions and quickly resume normal operations. Today it’s clear the aviation industry must give just as much attention to establishing a disaster recovery plan in the event of a cybersecurity attack.
While preventing any and all cyber disruptions would be preferred, it’s clear that bad actors have the tools to knock airport operations offline — and continue to show that they know how to use them successfully. The Transportation Security Administration (TSA) blames hackers for an October 2022 cyberattack on some of the largest U.S. airports, including in Atlanta, New York and Los Angeles. The attack temporarily shut down the public-facing side of airport websites and while travelers were inconvenienced, airport operations were not affected. Still, the message was clear: Hackers have the ability to gain access to critical airport operational systems.
TSA administrator David Pekoske recently spoke about airport cybersecurity at the 2022 ACI-NA PS&S/ACC Security Technology Conference, emphasizing that airport cybersecurity risks are just as important as physical security risks, which is why new cybersecurity requirements are expected to be released later this year or in early 2023.
Back in December, prior to the recent cyberattack, TSA already had announced new security directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector. At this point, two of those directives apply to airports and airlines:
- Designate a cybersecurity coordinator.
- Report cybersecurity incidents to the Cybersecurity & Infrastructure Security Agency (CISA).
1898 & Co., the consulting arm of Burns & McDonnell, helps companies across all industries deploy mitigating controls to manage any risk. Key recommendations include:
Recognize Any Cyber Risks
Airline operators should conduct a sitewide risk and vulnerability assessment to provide a baseline with respect to their current risk profile and where they need to be in the future to meet set requirements.
Gain Total Asset Visibility
It’s important to gain visibility over the entire asset inventory. Knowing all of the assets within the environment will allow airport operators to recognize vulnerabilities within those assets.
Harden Operational Systems
All assets, whether critical or noncritical, should be hardened to eliminate any vulnerabilities and to improve overall system reliance. System software on a connected asset that is not up to date can open up weaknesses for hackers to exploit.
Airport operators should consider segregating networks by determining which ones have connectivity to the outside world and which ones don’t, such as IT and OT systems. Installing a buffer in between — such as a firewall — can limit unauthorized access to critical networks.
Identify Potential Threats
Adding a threat detection solution is key to continuously monitoring behavior for internal and external threats or anomalies that could result in a cyberattack.
Response and Recovery Plan
Should a cyberattack happen, having an incident response and recovery plan in place will help airport operators understand how long it may take for certain operational systems to get back online. And just as important, practicing these plans is key to quick recovery and overall resilience.
Building airport cybersecurity resiliency, managing risk and having a swift, organized response plan in place in the event of a cyberattack is essential. With millions of people flying each day in the U.S., it’s important to protect the nation’s critical infrastructure and keep airports operational.
Our aviation industry experience touches all aspects of commercial and private operation, including planning and implementing aviation technology and security infrastructure.