As the holiday season approaches, travelers and airport personnel are gearing up for one of the busiest travel periods of the year. With cybersecurity threats becoming more commonplace and disruptive, operational technology (OT) cybersecurity posture needs to be a priority for airports.
OT is the hardware and software used to monitor and control the physical components of an industrial network. It is used in a variety of industries to automate tasks, make data more convenient, and interconnect networks for efficiency and effectiveness. Hackers infiltrate these networks to shut down machines, steal data, make ransomware demands and more.
Over the past several years, airports have become more connected and efficient by adopting digitalized OT systems. Airports operate many OT systems that are managed through IT architecture, including baggage control, power, de-icing systems and fuel pumps.
In 2022 alone, airlines and airports have seen a multitude of cyberattacks. In October, more than a dozen US airports experienced denial of service (DoS) attacks that affected their operations and travelers. Aviation services and logistics company Swissport International suffered a ransomware attack in February that hit its IT infrastructure and operations, causing flight delays. Passenger data from nearly a dozen airlines around the world was also compromised after hackers breached servers belonging to SITA in 2021.
A successful cyberattack on a critical airport system can be extremely damaging. The outcome can range from slowing or stopping operations to widespread panic.
The OT issue
International airports rely on a complex environment of OT, IT and IIoT assets – all of which must be secured. When you think of airport security, you generally picture physical security measures like passenger screening machines. However, securing the systems and networks that underpin operations is just as crucial.
Unfortunately, OT systems are rarely monitored as closely as IT systems, making them more appealing to threat actors. They frequently run on legacy software that exposes them to threats that can jeopardize their high-availability requirements. As a result, airports are vulnerable to OT cybersecurity attack scenarios such as baggage system disruption, access of landing lights, doxing, disabling of electronic signage and more.
Furthermore, both civilians and employees are present at airports, making it a mixed and open environment. The whole network is highly complex and connected, and it’s extremely difficult to gain visibility in this large-scale environment. For example, airport personnel typically have no visibility into how travelers are using different on-site wi-fi networks.
How to protect airport security systems
Comprehensive OT asset visibility is the only way to identify and maintain an inventory of all the airport’s digital assets and their configuration details. This requires a contextualized view of all IT and OT assets together and the airport environment’s digital security posture.
Most of today’s OT cybersecurity solutions show the assets but lack operational context. In other words, they do not provide insight into the likely impact that device failure will have on the business. Contextualization is crucial to making sound decisions regarding potential threats that can have real-world impacts.
Although some airports have begun conducting OT cybersecurity assessments, many are still very immature in their journeys. Few have implemented comprehensive risk assessment, monitoring and management solutions to gain a centralized view of all the risks affecting their various OT, IT and IIoT assets.
It’s also important to note that these are extremely complicated environments, so most airports will have to deploy multiple solutions to provide adequate visibility. It is vital to choose an option that offers scalability and meets the airport’s needs without requiring countless changes to the environment.
The human factor
It’s not enough for airports to purchase and implement solutions; personnel must ensure that all controls are configured properly and enforced. Team members should be aware of the types of threats they may encounter and must be taught basic cyber hygiene. Ensuring that OT systems are secure and protected requires consistent effort from all stakeholders.