July 2018

A Shared Approach to Cybersecurity in Airports

The approach to cybersecurity in airports around the world faces challenges in implementation. Airport operators understand that the fight for a completely cyber-secure environment must be an ongoing process, within a constantly-evolving, technologically-advanced industry that faces new threats and vulnerabilities on a daily basis.

Some industry professionals believe that the only way to tackle cybersecurity in airports is to create a comprehensive approach that works from the top-down, and also from the ground-up. This approach takes a view that cybersecurity is the responsibility of every department and minimises the investments needed in one heavy hit in the IT department.


Tackling cybersecurity from the top to the ground

This approach begins at the very top of the airport management team; with the director or the chief executive, and filters down to every department, ensuring the responsibility for cybersecurity is felt throughout the chain of management and into the departmental operations teams.

By setting simple, yet firm standards - many of which are already IT best practices - the pressure is shared by a collective system that can then be supported by newly-introduced cybersecurity tools and creates a holistic view that can then be measured and managed more easily and cost-effectively.

There are specific steps that should be taken from the top-down, and also from the ground-up, to create a standard framework for a secure system that can then remain flexible and adaptable to changes in legislation, mandatory regulations and evolving threats.


Create a governance committee and cybersecurity team

The creation of a cybersecurity governance committee from the heads of all departments keeps every team talking about the current issues and how they are affected by them. This is a simple way to ensure all teams, from finance to human resources to security, are all working together to create a secure environment.

A cybersecurity team is the perfect way to create a holistic approach and view, when it works closely with the cybersecurity governance committee. A dedicated cybersecurity team can become a valuable asset to any airport serious about implementing systems and processes to fight cyber-attack. Effective cybersecurity strategies don’t just happen in the IT department, and it is important to give the team the authority to work in all areas of the operational environment to make sure cybersecurity practices are constantly monitored and evaluated for the governance committee.

An important, early decision for the cybersecurity committee, it is suggested, is the consideration of cyber insurance cover, to protect the business operation and to protect third-party providers if they operate within the airport and are likely to be affected by a cyber-attack.


Implement cybersecurity education and training at every level

The education of the governance committee is an important part of the strategy, and this is where IT departments and teams can help. Rather than the pressure being solely on the IT teams to manage cybersecurity, this approach takes a step forward and allows IT to advise the committee about current cybersecurity activities, giving them a chance to push for new solutions with the airport decision-makers.

With constantly evolving cybersecurity threats, it is critical that all employees understand how to recognise and mitigate potential cyber-attack. Basic cybersecurity awareness training on a regular basis keeps personnel up-to-date, and can offer valuable insights into the most common threads of cyber-attack, such as social engineering, which uses deception to manipulate airport staff into divulging, however inadvertently, confidential or personal information.

Training in the IT department is also important to strengthen the resistance to cyber-attack. When cybersecurity measures are practiced every day, they become ingrained and absorbed into a system, which is when it can be at its strongest. Only through regular, dedicated training can all employees, from the top-down and the ground-up, ensure they have the best chance of a cyber-secure airport environment.

There are many different types of cyber-threats, and, as discussed, they are constantly evolving. It is important that cybersecurity teams and IT departments keep up-to-date with the latest threats, and in this sense, all personnel are constantly training to deal with all types of cyber-attack.

Finding out where potential vulnerabilities to new cyber-threats lie quickly, offers the chance to create and test patch programs, for example. Thoroughly testing patch programs takes time and follows a process, which in some cases, could take the operations systems offline. Knowing a new vulnerability exists, or a new cyber-threat launched can make a difference.


Use a proven cybersecurity framework and implement data governance

The use of existing cybersecurity frameworks can be invaluable for benchmarking purposes within a busy airport environment. When proven best practices are implemented and measured, improvements to cybersecurity become clearer to decision-makers at the top.

Today’s stance on data storage, retention and distribution is tough. The committee must make sure that there is a system in place that ticks the boxes in terms of mandatory compliance on data governance, whether internal or external. With regulatory requirements placing more and more pressure on airport operators and personnel, proven processes and mandatory conditions can often dictate the requirements of a system.


Carry out risk assessment and act quickly to mitigate risk from the top-down

Some airport environments carry enormous IT assets, and having a full, detailed inventory is essential if all potential vulnerabilities are to be identified. This is a critical step for airports of all sizes, before carrying out a risk assessment.

A risk assessment of all airport systems and processes, including networking, standard policies and procedures is vital to address vulnerabilities within the operational environment. The cybersecurity committee will consider this to be one of the most important steps, and a risk assessment in every department will be critical to determine where the most urgent problems lie.

The creation of a cybersecurity committee delivers a way to review risk assessments and make decisions on how to move forward quickly. Without a dedicated decision-making team, the process of implementing cybersecurity is much harder and takes longer. For mitigating risk in a potentially volatile situation, committee members must be able to act appropriately and in a timely manner.

The governance committee will also put in place the systems and standards that IT will then use to ensure that if a cyber-attack occurs, a plan will be ready to implement without delay, and making sure that operational disruption is kept to a minimum.


Ensure a system for cyber-attack response is implemented and regularly practiced

One of the most important steps to have in place is the creation of a standard response to an incident of cyber-attack. There must be a policy that dictates the process of reporting a suspected cybersecurity breach, how to classify and identify it, and what process to follow should it require an elevation to an attack of a serious nature that should be handled by external authorities. Another element of this approach will be to have a system in place to isolate, gather and preserve evidence of the incident.

It is important that the entire operations team, from the ground to the top, knows what to do in the event of a cyber-attack. When emergency ground teams attend a physical problem, such as a fire or a terror attack, they are well-practiced and thus efficient. This must also be the case in the event of a cyber-attack, when airport infrastructure and operations are threatened.

Experts advise that regular drill days should be set aside, when procedures and systems can be tested and reported. This can also be useful information for the cybersecurity team to identify new potential problems and discuss and implement changes or new solutions with the governance committee.


Creating a physically-secure environment

Although it may seem obvious, the creation of a physically-secure environment for infrastructure and data systems is critical to a robust cybersecurity program, and investment here must be a consideration. This is when cyber- and physical-security integrate, as there are many types of security threat that can adversely impact an airport, such as fire or natural disaster in addition to terror threat or cyber-attack. Making sure that operations can continue, even with simple ideas, such as redundant power sources and a stable physical structure, is vital.

From the ground-up and the top-down, all aspects of cybersecurity should be covered, according to industry professionals. Data should be reviewed regularly, and the processes and standards set by the cybersecurity governance committee followed and recorded, particularly when handling personal or sensitive data. Keeping records is a simple, yet important part of the process of cybersecurity maintenance, and even small changes can have a large impact if records systems are weak. Tracing errors takes less time and fewer resources if data is recorded according to best practices or standards.

With the top-down approach, and the creation of a cybersecurity governance committee and team, airport operators can gain complete visibility of processes and standard practices and can increase the confidence of IT departments with an active support system in place. Once this is implemented from the top, industry experts suggest that the day-to-day operational environment must also be supported from the ground-up, to ensure a holistic view and further sharing the responsibility of cybersecurity across the entire airport.

Airports of all sizes around the world are coming under increasing pressure facing cybersecurity. Industry professionals agree that a holistic approach using shared responsibility is the only way forward in such a volatile area of airport cybersecurity.

For more on this story and to find out about more Rockwell Collins news click here.



Previous Airport News

Five Considerations for Airport CEOs When Implementing BiometricsFive Considerations for Airport CEOs When Implementing Biometrics

June 2018

The creation of a seamless air travel experience is being achieved through the implementation of biometrics technology and processes in airport security and other areas. Rockwell Collins' Tony Chapman highlights five areas of consideration for airport decision-makers when implementing biometrics.


Back to Rockwell Collins Airport News


{mcnotifications layout="default" option="com_content" tag="2" tag_params="f,b,e,t" tag="3" tag_params="f,b,e,t" item="auto" item_params="f,b,e,t"}




Search Site

Arrivals Lounge

  • Airport News - Smart Cities Technology Brings Smart Airports Within Reach

    August 2018 This year’s Passenger Terminal Expo, held in Stockholm, left some exhibitors surprised at the high levels of interest in the latest smart airports technology. Attendees commented that some of the technology exhibitors and airport services providers had brought smart cities solutions to a point where they were within reach of airports of all sizes. The concept of smart cities is still f...
  • Airport News - Taking a Shared Approach to Cybersecurity in Airports

    July 2018 The approach to cybersecurity in airports around the world faces challenges in implementation. Airport operators understand that the fight for a completely cyber-secure environment must be an ongoing process, within a constantly-evolving, technologically-advanced industry that faces new threats and vulnerabilities on a daily basis. Some industry professionals believe that the only way to...
  • Airport News - 5 Considerations for Airport CEOs When Implementing Biometrics

    June 2018 This week we feature Rockwell Collins’ Director of Airport Strategic Programs, Daver Malik, discussing how the implementation of biometrics in airports around the world is making CEOs rethink passenger experience. There is little doubt that passenger experience is high on the priority lists of airport operators. The creation of a seamless travel experience is being achieved through the i...
  • Airport News - Ensuring Baggage Handling Keeps Up with Automated Immigration

    June 2018 As the popularity of automated immigration programs and processes soars, it is a crucial time to ensure that airport baggage handling solutions remain capable of keeping pace. With waiting times and queues reducing, airport operators are facing the challenge of making the baggage handling process seamlessly efficient, while maintaining security, IATA and other mandatory standards. The US...
  • Airport News - Airports Face Pressure for GDPR and PNR Compliance

    May 2018 With the introduction of GDPR, airports and airlines are implementing changes across infrastructures to ensure compliance with the new data protection regulation. With compliance requirements reaching into the PNR directive, airports and airlines of all sizes will be under pressure to make sure that the capture, storage and distribution of passenger data remains secure and protected. The...
  • IATA Resolution 753 – Our new paper is available

    May 2018 Are you ready? The deadline for IATA Resolution 753 is just around the corner. The resolution, designed to reduce lost and misplaced baggage, is set to take effect in June, and industry stakeholders are seeking cost-effective ways to prepare. If you want to learn more about what the resolution involves – and what it means for the industry – we’ve put together a list of the top 10 things y...
  • Airport News - Rockwell Collins Self BagDrop at the Dubai Airport Show

    May 2018 This week saw an impressive turnout at the Dubai Airport Show as airports representatives and operators attended to address some of the pressures they are facing to adopt new airport technologies and systems to cope with rising passenger demand and increasing mandatory security measures. Farnborough International News Network’s Alan Peaford took a tour of the show, which housed 300 exhibi...
  • Airport News - Rockwell Collins Airport Solutions at Dubai Airport Show

    May 2018 In just a few days’ time, the world’s largest annual airport exhibition will be underway in the heart of Dubai’s business district at the prestigious International Convention and Exhibition Centre. The 18th Airport Show will welcome more than 7,000 aviation decision-making professionals to see the very latest in airports innovation – and Rockwell Collins will be there. The world’s largest...
  • Airport News - New Release: ARINC Airports SmartBag Datasheet

    May 2018 Rockwell Collins is pleased to announce that a new datasheet has landed in our resources department and is now available to download or view online here. The rise in air travel is continuing at a rapid rate, and airport operators around the world are looking at more efficient ways to keep passengers moving, while maintaining high levels of security and passenger satisfaction. With IATA Re...
  • Airport News - Examining the Growth of Cybersecurity in Airports

    April 2018 In a recent article, we explored the issue of cybersecurity in airports, and looked at how the aviation industry is determined to create a comprehensive approach to cybersecurity preparedness. The issue of cybersecurity in airports is an area that is rapidly increasing in importance, and is looking to stay that way in the wake of industry data protection initiatives that are sweeping th...
  • Airport News - A Comprehensive Approach to Cybersecurity Preparedness

    April 2018 Cybersecurity preparedness is a critical issue in today’s data-protected society with increasing requirements and mandates to help overcome ever-more-sophisticated cyber threats. The aviation industry was recently identified by the US Homeland Security Presidential Directive 7 (HSPD-7) as one of the 18 sectors that require an advanced cybersecurity solution. HSPD-7 puts in place a natio...
  • Airport News - New Video: Airport Single Token Biometric Journey

    April 2018 Rockwell Collins is pleased to announce the arrival of a new video to our YouTube channel - Rockwell Collins Airport Single Token Biometric Journey – watch online now to find out more. The Rockwell Collins single token biometric service is creating a simplified experience for the airport passenger, reducing queueing and wait times, while remaining seamlessly secure.The single token, pap...
  • Airport News - New Release: ARINC Airports SelfDrop Datasheet

    April 2018 Rockwell Collins has announced the arrival of a new datasheet in our Resources Lounge. ARINC Airports SelfDrop datasheet is available now to view online or download here. Self-service in the airport environment, regardless of size or capacity, can lead to improvements in passenger experience, airport flow and security. With increasing instances of passenger check-in happening away from...
  • Airport News - New Release: ARINC Airports APC Datasheet

    April 2018 Rockwell Collins’ ARINC Airports is pleased to announce the arrival of a new datasheet in our Resources Lounge. ARINC Airports Automated Passport Control (APC) Datasheet is available now to view online or download here. As security mandates grow ever more rigorous, and traveller numbers continue to increase, airports of all sizes are looking to automation to help ease congestion, enhanc...
  • Airport News - New Release: ARINC Airports SelfServ Datasheet

    April 2018 Rockwell Collins’ ARINC Airports is pleased to announce the arrival of a new datasheet in our Resources lounge. ARINC Airports SelfServ solution is helping global airports of all sizes to find ways to keep passengers moving through the airport environment to reduce congestion and enhance passenger experience. ARINC SelfServ software delivers the opportunity to use a cost-effective solut...