The airport sector continues to witness rising interest among cyber adversaries. In March 2020, two websites of the San Francisco International Airport were compromised as threat actors injected a malicious code onto the login portals to steal the credentials of users at the time of login. One more incident came into light, when in October 2017, an employee of UK’s Heathrow Airport lost a USB key containing more than 1000 unencrypted confidential files. Owing to this, the airport experienced a massive data breach and was later fined £120,000 by the UK’s Information Commissioner’s Office (ICO).
Protecting airports against cybersecurity incidents is not less than a colossal task. Reasons?
Airports process thousands of passengers’ information every day and have access to customers’ critical data such as passport and payment details. In addition, being a part of a country’s critical infrastructure, airports holds significant economic importance. Any successful incident can have substantial consequences beyond reputational and financial damage.
Factors Increasing Susceptibility to Cyber Attacks
As airports aim to become smart and connected, cybersecurity has become more complicated than ever. Integration of Internet of Things (IoT) into airport facilities, growing usage of smart devices and presence of legacy systems are some key factors expanding the attack surface of airports. Moreover, airports are highly dependent on new technologies and automation for regular operations, including ticket bookings, check-ins and surveillance, for optimizing customer experience and operational efficiency.
Additionally, exchange of critical data with third-party applications supplements the level of security complexity. The concerns with respect to insider threats also increases the attack surface of airports.
Prominent Cyber Threats Targeting Global Airports
Over recent years, the number of airport-related cybersecurity incidents has grown significantly. Airports are subjected to a wide range of cyber-attacks, including (but not limited to):
Airports are very much prone to cyber threats, like data breach, due to a plethora of interconnected systems that includes valuable assets. Cybercriminals always look to exploit any loophole in such systems to get access to sensitive passengers’ data. For example, Cathay Pacific’s lethargic approach to cybersecurity resulted in a data theft of 9.4 million records in October 2018. Threat actors were able to gain access because of weak security controls that includes unsecured backups, unpatched vulnerabilities and absence of Multi-factor Authentication (MFA).
Ransomware attack continues to be a major concern for the entire aviation industry. As per a report by Eurocontrol, in 2020 alone, there were 62 ransomware attacks on global aviation stakeholders. In 2018, Atlanta International Airport, one of the world’s busiest airports, was forced to shut down its Wi-Fi network and disable parts of its website owing to a major ransomware attack. The airport suggested passengers to connect with their airlines for any information regarding flights.
Insider threats are a great concern to the aviation industry as they hold the potential to upset the industry and community directly. A perfect example of how insider threats can perform malicious activities can be seen in a 2019 incident wherein an American airlines mechanic based at Miami International Airport misused his access to damage the navigation equipment of a flight carrying 150 people. He interfered the air data module system as he was dissatisfied about stalled contract negotiations between the union and the airline.
Phishing is the most common tactic utilized by threat actors to trick victims into clicking on suspicious links. As reported by the Center for Internet Security (CIS) in 2013, as many as 75 airports in the United States were targeted in a phishing campaign. The CIS's examination unveiled emails comprising malicious content that had been sent to employees of the aviation industry.
How Airports Can Ensure Security?
Real-time intelligence on modern cyber threats can help cybersecurity professionals a long way in securing entire airport ecosystem. To stay on top of the cyber threats, it is imperative to think like adversaries and adopt a proactive approach to cybersecurity.
Let’s have a look at some practices that can be followed in order to build a cyber-resilient airport infrastructure.
24/7 Network Traffic Monitoring: Round-the-clock monitoring of the network traffic across different applications and endpoints can aid in detecting suspicious behaviours, mitigating possibilities of any potential breach and improving the security posture.
Endpoint Security: Airports must ensure the security of critical endpoints by restricting access to them. Access must be given on a need-to-know basis to avoid any unwanted data exhange among endpoints. Also, endpoint security solutions should be implemented to prevent any malware attack and unauthorised data transfer. Install Updates: All the systems and applications in the airport ecosystem must be updated on a regular basis. Security patches should be applied in case any vulnerability is discovered in order to prevent zero-day attacks.
Install Updates: All the systems and applications in the airport ecosystem must be updated on a regular basis. Security patches should be applied in case any vulnerability is discovered in order to prevent zero-day attacks.
Segment Network: Segmenting network on the basis of asset sensitivity can greatly reduce the risk of threats moving laterally inside the network, enabling airports to secure valuable systems like servers that contain sensitive information.
Increasing Awareness: Raising cybersecurity awareness among employees through regular sessions and trainings on prominent cyber-attacks like phishing, social engineering and ransomware can significantly reduce the probability of a successful cyber-attack.
Why GRAMAX Cybersec?
Securing airports’ digital ecosystem against modern-day threats is a shared responsibility and an ongoing activity, which demands continuous cooperation and communication between different stakeholders. GRAMAX Cybersec can be your trusted cybersecurity partner when it comes to integrating and orchestrating cybersecurity needs. Our proven experience in managing critical information infrastructure (CII), such as airports, energy and utilities, enables us to meet the security requirements in virtually every enterprise and market segment.
Security in DNA: GRAMAX is the cybersecurity division of RAXA Security Services Ltd, which holds extensive experience in delivering technical and integrated security solutions. RAXA is an ISO-certified GMR Group Company and a prominent name in the aviation security. It has been supporting Hyderabad, Delhi, Cebu and other domestic as well as international airports in planning, designing and implementing security controls.
Comprehensive Portfolio: GRAMAX offers a range of cybersecurity services and solutions to its customers, including Integrated Cyber Defence Center (ICDC); Identity and Access Governance; IoT/OT Security; Infrastructure, Application and Cloud Security; Vulnerability, Threat and Risk Management, etc.
Focus on Trusted & Secure Partnerships: GRAMAX’s mission is to provide comprehensive cybersecurity solutions and services that aid its clients to strengthen defence against complex cyber threats and achieve scalable, digital and future-ready operations.