This post is also available in: heעברית (Hebrew)

By Or Shalom, security and cyber expert and adviser

The advancement of technology and the modern wave of innovation are expressed today in the transportation sector, in the world of avionics, and in airports as well. Airports are technological, smart, and computerized. From computerized passenger services, including SCADA systems responsible for transporting and sorting luggage, and all the way to air traffic systems, sending information regarding aircraft about to land or takeoff, these systems, whether large or small, are all exposed towards potential cyber threats.

There is a variety of cyber threats in the world of aviation, with threats potentially motivated by superpower nations, terrorist organizations, activists, insider threats (knowingly and unknowingly), and more. Potential threatening scenarios include targeting the airport’s building management system in order to seize its operations, disabling the runway’s lights, disabling the airport’s suitcase conveyor belts, theft of passenger information (and invasion of privacy), disabling fire fighting systems as well as emergency exit signs, etc. In a number of events, western hackers were able to hack Iranian airports to display false information on their information screens, as well as messages against Iranian policy.

The airport’s state-opponents invest a lot of effort into organizing and preparing to cyber-attack airports, and as part of that process, have met and worked alongside local airport officials in order to gain an understanding of the airport’s systems and flaws in order to plan out future attacks.

Developing cyber protection for airports is a difficult and complex process. An airport is a high-tech computing environment (including automated systems), communication channels intertwine with the physical world, passengers using computer systems to board aircraft & other computer systems, complex management of supply chains, and more. That being said, situational awareness and mapping out potential threats can help formulate a plan that provides cyber solutions in the airport arena.

The April 2019 Qatari Ministry of Transportation guide emphasizes the importance of using the RACI model for dividing cyber responsibility according to systems. This increases the demand for the Chief Information Security Officer (CISO) and his team to develop a work plan that concentrates the fields of responsibility and spreads it via a management system that allows for control and overseeing. As an example, there should be a person responsible for the SCADA system and the conveyor belts, a person responsible for IT systems, a person responsible for fire extinguishing systems, a person responsible for communication and control systems with the aircraft, etc. [1]

Mapping out risk factors in airport computer systems is also a complicated process, especially when there are countless systems, protocols, and interfaces to consider. Therefore, as part of the security plan, critical computing systems must be mapped and prioritized. The ENISE document has rated core systems as the conveyor systems, ticketing systems, computer systems, LAN and VPN communication channels, air traffic management systems, and the SCADA systems. [2] These systems require a dedicated hardening process as well as connectivity to the SOC center for monitoring. System coverage should provide strong inputs to the appropriate segmentation and firewall systems, provide restrictions on access in accordance with the Need To Know principle, provide inputs for ensuring security availability (as part of business survival and disaster recovery), manage and control traffic, reduce threats by synchronizing clocks and reducing their ability to impact servers and computers, provide wireless network security policies, as well as providing stricter protocols. Considering the fact that most airport areas are public, computing systems must be designed in such a way that hackers will not be able to disrupt systems. Similarly, these systems must also protect against environmental damage, including terrorist attacks, in order to enhance disaster recovery capabilities and business survivability.

Or Shalom – Security and cyber expert and adviser to government entities and defense industries. He holds a master’s degree, as well as civil and national qualifications in the realm of information security and cyber. He has experience in developing cyber risk mitigation plans for companies and organizations, as well as experience with business development in the cyber fields. Mr. Shalom has led various professional cyber programs to various entities in academia and the civilian and security industries.

[1] 

www.caa.gov.

[2]

www.enisa.europa.eu