13 Oct Juggling many components: Airport Cybersecurity in a COVID-19 World
Aviation has been severely impacted by the COVID-19 pandemic with travel restrictions and dramatic declines in air traffic. Whilst there are now positive signs of recovery, particularly in domestic markets, the pandemic has changed the way we work, resulting in remote and distributed working and increasing our reliance on technology to record levels. This, combined with the sense of urgency and uncertainty surrounding all matters related to fighting COVID-19 and its effects, has proven to be fertile grounds for cybercriminals and hackers. All businesses, including airports, are at risk from cybersecurity threats, whether they have a straightforward set of systems or the most sophisticated IT digital transformation programmes.
Airports have long relied on technology to create an efficient, effective, and safe environment for travel. Digital transformation and accelerating technological adoption have altered almost every aspect of how airports are run on a day-to-day basis. These rapidly advancing technologies and the increased reliance on digital solutions dramatically increase the airport’s exposure to cybersecurity risk. An attack on an airport’s systems can cause significant operational disruption, financial loss, reputational damage, legal consequences as well as security breaches or safety incidents. These risks make it more important than ever for airports to not only prioritize cybersecurity, but to build cyber resiliency across their systems and organization. As with many other areas, implementing mitigation measures, having a plan, building up capacities and contingency measures and in the end being prepared for an event will help manage the risk.
The importance of airport cybersecurity
Airports are crucial links in the vaccine distribution supply chain, but they are also experienced in ensuring cybersecurity and protecting their operations from cyber attack. Airports such as Vaclav Havel Airport Prague have opened new high-tech cybersecurity operation centres on-site which runs 24 hours a day to protect the airport from cyberattacks and the misuse of airport information systems.
Airport stakeholders’ priorities, however, have been shifted towards survival mode with cost reduction being pursued in line with the reduced traffic levels while at the same time ensuring the health and safety of their passengers and workforce.
These measures have increased each airport’s reliance on technology and have forced Chief Information Officers (CIOs), Chief Technology Officers (CTOs) and Chief Information Security Officers (CISOs) to reprioritize their focus and respond on short notice to further technology adoption while simultaneously juggling shrinking budgets and reduced workforce.
Airport cybersecurity COVID-19 survey
ACI World issued a virtual Airport Cybersecurity COVID-19 survey to determine the global overview and to assess the level of impact that the COVID-19 pandemic has caused in the airport community with regard to cybersecurity.
Authorities of more than 40 airports, managing more than 100 airports worldwide – representing Africa, Asia-Pacific, Europe, Latin America-Caribbean and North America – participated in this survey.
The Airport Cybersecurity COVID-19 Report gives an overview of the findings of this survey with regards to cybersecurity maturity, COVID-19 Impact, security risks and measures, cyberattacks and the challenges ahead.
Some of the findings in this report include that 61.5% of the airport respondents confirmed that their airports were targeted by cyberattacks during the survey period and 54.1% airport information technology (IT) leadership respondents believe that the single biggest challenge with regard to cybersecurity during the COVID-19 recovery phase would be budget reduction.
An additional key finding was the impact of remote working, and greater use of collaborative tools that brought new risks to the everyday working environment. Over 80% of respondents had updated their remote working policies in response.
While we can’t be certain about the speed of adoption of Artificial Intelligence or Password-less technologies in cybersecurity, one thing is certain, cyberattacks and the problems associated with it are growing in volume, sophistication and impact and having strong cybersecurity at airports is an absolute necessity.
Cybersecurity is a cross industry challenge with multiparty cooperation required to tackle it. ICAO and international regulators must come together to further support the development of guidance on a global scale, whilst cooperating with other industry stakeholders to support all partners in becoming truly cyber resilient. Multi-organization collaboration to this risk is key to ensure a more robust response through proposing a range of solutions, guidance, and training to airports and airlines.
Even pandemics still offer hope for cyber criminals, however the time is now for the industry to get ahead of the curve, coming out of the pandemic with stronger and more robust mitigation measures in place, whilst ensuring airports are more resilient as “we see the light at the end of the runway.”
Written by Billy Shallow.
Billy Shallow is Director of Innovation and Technology at Airports Council International (ACI) based in Montreal, Canada.
In his role, Billy leads ACI World’s Innovation and Technology teams encompassing the World Airport IT Standing Committee as-well as the Smart security programme focused on improving security, operational efficiency and the passenger experience across the world’s airports.
Before ACI, Billy worked at London City Airport for five years designing and implementing their security transformation programme. Billy then went on to lead consulting projects for 18 months working at King Abdulaziz International Airport Jeddah, Brussels Airport, Birmingham Airport and Belfast City on security and optimization programmes.
A British national, with a passion for operational improvement, Billy is a lean six sigma black belt. He sits on ICAO’s working group on innovation, as-well as a number of industry groups. He holds a University of London Bachelor’s degree in Management and Organizational Analysis.