Our world is one of connections. Many of our connections, particularly in the world of pandemics, are virtual. FaceTime, Zoom, email, text – connections made possible by technology – are also at risk of cyberattack.
As gateways to cities, airports are critical connectors of people and communities. And airports and airlines, just like people, rely on connections made possible by technology to control security, keep passengers comfortable, refueling planes, and make sure baggage gets where it needs to go (most of the time!).
With those connections in mind, the Transportation Security Agency (TSA) has introduced new cybersecurity mandates to airport and airline operators to improve cybersecurity incident reporting and increase the cyber security of connected air systems.
TSA defines a cybersecurity incident as:
An event that, without lawful authority, jeopardizes, disrupts or otherwise impacts, or is reasonably likely to jeopardize, disrupt or otherwise impact, the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident on the system. This definition includes an event that is under investigation or evaluation by the airport operator as a possible cybersecurity incident without final determination of the event’s root cause or nature (such as malicious, suspicious, benign).
What do airport security coordinators and airport directors need to consider as they work to prevent incidents while being prepared if they happen? With combined decades of experience anticipating and neutralizing cyber threats, our cyber experts offered some advice to airports and airlines working to comply with the new TSA requirements.
- The National Institute of Standards and Technology (NIST) offers an excellent starting point with its Cybersecurity Framework. Designed to help organizations better understand their risks and improve their security, the framework includes five key points – identify risks, assets, and environment; protect data, control access, train employees, and maintain equipment; detect anomalies and events with continuous security monitoring; respond with communications, analysis, mitigation, and improvements; and recover by learning from the incident and improving systems moving forward.
- As with anything, start from one: identify. Ask yourself and your team some questions – and if you don’t know the answers, start by finding them.
- Do you know if there is a cybersecurity person at your airport? If there is, do you know who? When’s the last time you sat down for a chat?
- Are cyber ops integrated into your emergency management plans? If you don’t have an incident response plan (IRP) yet, that’s a good place to start.
- Who manages IT and OT systems or networks at your airport? What security technologies do you have in place to monitor and report cybersecurity incidents?
Do you need help managing cybersecurity at your airport? Our team has aviation and cyber experts at the ready to help you understand your needs and design a system unique to your airport.