CYBERSECURITY
Always on guard Now is the time to step up the industry’s efforts against cyber-crime, writes Dominic Nessi, vice president of strategic engagement for the Aviation Information Sharing & Analysis Center (Aviation-ISAC).
A
series of successful cyber-attacks on airports in late 2018 helped focus the industry’s attention on the need to up its game in the battle against cyber-crime. Back then, in what seemed like a tsunami of attacks, the security breaches were many and varied and included the use of ransomware, which has grown increasingly sophisticated ever since and continues to pose a threat to airports today. Airport databases were being encrypted and only through the payment of a ransom were the keys provided to decrypt the data. Sadly, we saw that many airports were not prepared to defend against the attack or to recover their data resources through their own backups without paying a ransom. At the same time, BEC or business email compromise attacks were also becoming widespread. In this type of cyber-attack, businesses are targeted by attackers using compromised email accounts as the springboard for diverting company funds meant for legitimate vendors. Email correspondence is second nature in today’s digital world because of all the inherent advantages it affords. Among those advantages, it provides a dated written record which can easily be located and reviewed at any time, it can be sent in the middle of the night and will be waiting for the recipient whenever they next check their mail.
38
AIRPORT WORLD/ISSUE 4, 2020
Airports, like all other businesses, employed email as an absolute necessity, yet it was often considered to be simply a routine administrative process and cybersecurity safeguards were not at the top of most IT department’s list. As we look back on the past two years of almost constant attacks on airports compared with the decade before, it appears that airports, generally speaking, were lulled into a false sense of security. For while data theft was plaguing other industries, airports seemed immune since there is relatively little sensitive data actually stored in most airports. Billing applications, credentialing, and human resource systems represented the primary data stores. Passenger data has always been the domain of airlines. The network infrastructure itself received more attention as it was viewed as the most likely threat vector into an airport’s technology environment. Yet, even in network infrastructures, developing a strong cyber-defence was a low technology spending priority as compared to the acquisition of new passenger processing applications and tools. Another factor which played into the airport world’s relatively weak common cyber-defence is the wide range of airport sizes and available resources. Small and medium sized airports utilise most of the same systems as the largest airports, though their systems are smaller in size and process last activity.
