Your Flight is Delayed (Possibly) Due to a Cyberattack: Lessons for Enhanced Airport Security

Recent cyberattacks in the transportation and logistics area has thrown the aviation industry into the spotlight, exposing critical vulnerabilities in airport operations. With flight delays, cancellations, and other airport services being offline, attacks that impact the industry highlight the pressing need for airports to bolster their cybersecurity defenses.

The Broader Implications for Critical Infrastructure

The increase in severity and number of cyber security incidents underscore the fragile nature of the aviation industry and its susceptibility to cyber threats. Airports and airlines, as critical infrastructure, are prime targets for cyberattacks due to their reliance on complex networks of interconnected systems, including Information Technology (IT), Operational Technology (OT), and Internet of Things (IoT) devices.

IT systems encompass traditional computing and data processing, OT systems control cyber physical operations like baggage handling and air traffic control, while IoT devices include sensors, cameras, and smart systems that are increasingly embedded within airport and airline infrastructure. The convergence of these technologies creates a highly interconnected environment, where a breach in one system can have cascading effects across the entire airport.

Given the essential role that airports and airlines play in global transportation and trade, the consequences of a cyberattack can be far-reaching, impacting not only travelers but also airlines, logistics, and supply chains. Such attacks highlight the need for airports and airlines to rethink their approach to cybersecurity, with a focus on gaining visibility, security, and control over all devices and assets.

Steps Airports Can Take to Enhance Visibility, Security, and Control

1. Comprehensive Asset Inventory: Transportation and logistics operators must start by creating a detailed inventory of all IT, OT, and IoT devices connected to their networks. This includes everything from servers and workstations to baggage handling systems, surveillance cameras, and HVAC systems. Understanding the scope of their digital infrastructure and the interconnections between them is the first step toward securing it. Tools that offer automated discovery and continuous monitoring of assets can help ensure that no device goes unnoticed.
2. Zero Trust Architecture – Adopting a Zero Trust approach to cybersecurity is essential in today’s threat landscape. This means assuming that every device, user, and application is a potential threat until proven otherwise. Airports and carriers should implement multi-factor authentication (MFA), identity and access management (IAM) solutions, and continuous monitoring to ensure that only authorized personnel and devices have access to sensitive systems and only to the level that their job requires.
3. Real-Time Monitoring and Threat Detection – Airports and airlines must deploy advanced threat detection systems that can monitor asset behavior as well as network traffic in real-time and identify suspicious activities. These systems should be capable of detecting both known and unknown threats, using techniques such as behavioral analysis, anomaly detection, and artificial intelligence/machine learning. Early detection is key to mitigating the impact of a cyberattack and preventing widespread disruption.
4. Network Segmentation –  Segmenting the network is crucial for containing potential breaches. By isolating critical systems, such as air traffic control and baggage handling, from less critical systems, airports can prevent a cyberattack from spreading across the entire network. Implementing strict access controls and limiting communication between segments can further reduce the risk of lateral movement by attackers.
5. Patch Management and Vulnerability Assessment – Keeping systems up-to-date with the latest security patches is a fundamental aspect of cybersecurity. Airports and airlines should implement a robust patch management process that ensures vulnerability detection, deduplication, prioritization, assignments and timely updates to all software and firmware. Regular vulnerability and security assessments can help identify and address potential weaknesses in a “risk to business” prioritization before they can be exploited by attackers.
6. Incident Response Planning –  A well-defined incident response plan is critical for minimizing the impact of a cyberattack. Airports and carriers should have a dedicated incident response team in place, with clear protocols for identifying, containing, and remediating threats. Regular drills and simulations can help ensure that staff are prepared to respond effectively in the event of a cyber incident.
7. Collaboration and Information Sharing – Airports and carriers should collaborate with government agencies, industry partners, and cybersecurity organizations to share information about emerging threats and best practices. One of the key sources includes The Cybersecurity & Infrastructure Security Agency (CISA) that works extensively with transportation and other critical infrastructure areas¹. Participation in threat intelligence sharing networks can help airports stay ahead of the latest cyber threats and strengthen their defenses.
8. Employee Training and Awareness – Human error remains one of the leading causes of cybersecurity breaches. The transportation and logistics industry must invest in regular training programs to educate employees about the latest cyber threats and the importance of following security protocols. Employees should be trained to recognize phishing attempts, suspicious links, and other common attack vectors.
9. Physical Security Integration – Cybersecurity and physical security should be integrated to provide a holistic approach to protecting airport and airline infrastructure. This includes securing access to critical areas, such as server rooms and control centers, as well as monitoring physical access to IoT devices. Combining physical and cyber threat intelligence can provide a more comprehensive view of potential risks.
10. Resilience and Recovery Planning –  In addition to preventing cyberattacks, airports must also focus on resilience and recovery. This includes developing backup systems, redundant communication channels, and disaster recovery plans that can help restore operations quickly in the event of a cyber incident. Regular testing of these plans is essential to ensure their effectiveness.

Final Thoughts

The increase of cyberattacks impacting the passenger transport area should serve as a wake-up call for the aviation industry. As the transportation industry becomes increasingly digitized, the need for robust cybersecurity measures becomes more urgent. Armis is deeply embedded in working with airports, airlines and the transportation and logistics industry in gaining visibility, security, and control over all devices and assets, in order to protect themselves against future cyber threats and ensure the safety and efficiency of air travel.

The lessons learned from recent attacks should inspire airports worldwide to take proactive steps toward enhancing their cybersecurity posture. In a time where cyberattacks can disrupt global transportation networks, the importance of securing critical infrastructure starts with a robust cyber asset attack surface management (CAASM) program that encompasses the entire digital footprint of all operations.

Related Reading:

• Armis Transportation and Logistics Web Page
• Industry Spotlight – Transportation and Logistics
• Transportation and Logistics Brochure
• Armis Solution Brochure
• United Airlines – Case Study
• Ground Control for Device Security

 

¹ On August 29, 2024, CISA announced a new portal to report attacks and security incidents at: https://www.cisa.gov/news-events/news/cisa-launches-new-portal-improve-cyber-reporting