Airport cybersecurity is a rapidly changing landscape. Airports are home to vastly complex interconnected systems, each with its own critical assets. The smooth operation of airports relies on industrial control systems such as power management, baggage handling, heating and ventilation. To keep up with the modern demand for international travel, these systems are increasingly digitalized, which also puts them at risk of cyberattacks.
Around 10 years ago, small to medium-sized organizations only needed an effective firewall to secure their critical assets. Today the increasingly digital nature of operating airports and the vast amounts of data being transferred across an airport’s infrastructure through servers and network components has attracted the attention of hackers, requiring more complex security strategies.
The recent cyberattack on one UK airport is not an isolated incident but rather a growing global concern. In the first half of 2023, cyberattacks targeting the aviation industry surged by 24% worldwide – a trend due to accelerate in 2024 as AI enhances phishing campaigns.
Airports face a unique challenge in 2024 as cyberthreats become more sophisticated and they have to retrofit systems to provide a high level of security while ensuring the continued functioning of all services. For organizations as complex as airports with multiple, fragmented, encapsulated network segments that must be protected from all sides, this will be an extraordinary feat. Cybersecurity professionals must anticipate how the threat landscape will evolve in 2024 and prioritize areas that will deliver the most impact in terms of protection against modern attacks.
The evolving threat landscape in 2024
With new technology always on the horizon, there are many opportunities to take advantage of unknown weaknesses. Cybercriminals have begun leveraging AI to scale phishing campaigns and boost social engineering. For example, AI can be used to eliminate clear signs of scams like odd formatting or grammatical errors, making AI cyber scams difficult to detect. Attackers can get as sophisticated as using AI to create realistic voice messages impersonating executives. A surge in AI-powered attacks will also lead to an increase in file-based threats as AI can be used to create convincing communications that require a target to download a file. Airports are more at risk of file-based threats because files uploaded to their servers affect passenger safety, ground operations and airborne assets.
Supply chain cyberattacks will be a significant vulnerability attackers can exploit to breach airport networks. Airports function with complex ecosystems that rely on third-party service providers. This means attackers can target specific airports by identifying vulnerable targets within their supply chain. For example, in March 2023 an Irish airport suffered a data breach that was later identified as a ransomware attack against its management consulting firm. The cascading effect of supply chain attacks can cause airports substantial financial losses, alongside serious reputational and operational damage.
Looking ahead, large airports with several fragmented network segments must be protected not only through traditional firewalls but also via multifaceted measures that counter the fast-evolving threat landscape. So, what are the vulnerabilities cybersecurity professionals can prioritize to prepare for 2024 cyber threats?
Scan files before they enter your network
With file-based malware attacks on the rise, it goes without saying that airports should level up their file-based security to ensure that documents flowing to and from their systems are free from potential malware. This has become a priority for Berlin Brandenburg Airport, which takes over 9,000 files a day. An important part of tackling this issue was proactively scanning files before they entered the network. Installing a multi-scanning technology can detect the majority of malware threats and significantly improve unknown threat detection. Multi-scanning also reduces scan times, ultimately saving money and reducing workload.
Adopt Zero Trust Network Access
In preparation for future supply chain attacks, implementing thorough mapping exercises is a good start. Most importantly, airports should consider boosting access control measures to better regulate who can enter specific resources. Recently, Zero Trust Network Access (ZTNA) has emerged as a standard for secure access control, and can be especially useful with a vulnerable software supply chain. Zero Trust emphasizes the need for complete visibility into the supply chain and understanding the digital relationships between different entities. This visibility helps to identify and address potential risks within a supply chain.
Prepare for AI-powered cyber threats
As part of a robust cybersecurity strategy, it is crucial for airports to stay informed about emerging threats. From a large-scale perspective, governments, aviation authorities and the private sector should collaborate to improve AI research. However, there’s room for aviation to implement AI on a micro level too. For instance, when training employees for cyber resilience, spreading knowledge about AI-powered threats should be a priority. The same goes for identifying risks: there is room for AI to be implemented for added security benefits that can help to fortify network parameters. An example of this is implementing AI systems for the uninterrupted monitoring of potential disruptions, which can boost the detection and response to cyber threats – all while reducing the workload of employees.
Harboring infrastructure as complex as micro-cities, the aviation sector won’t be short of cyber threats in 2024. Navigating this digital battleground requires fortifying proactive defenses against file-based malware, safeguarding intricate supply chains and bracing for the menace of AI-powered cyberattacks.
Read more of the latest key opinion content from the passenger terminal industry, here.