Airports are ill-equipped to deal with a major cyber-attack, according to new research from PA Consulting Group.
The firm’s report Overcome the Silent Threat, based on in-depth analysis and interviews with four major international airports, outlines how the emergence of a hyper-connected model – where passengers in airports want fast internet and digital engagement with airlines and retailers – is increasing the cyber-risks airports face and creating more opportunities for cyber-criminals to exploit.
“Over recent years, the number of airport-related cyber threats has grown significantly. The damage caused by these successful threats confirms the need to address cybersecurity,” the report reads.
PA Consulting Group cited the following as trends that are increasing airports’ susceptibility to cyber-attacks: increased technology usage, hyper-connectivity, data-sharing obligations, customer centricity, IT/IoT towers, remote towers and airports as mega hubs.
“Fundamentally, the focus on physical security needs to be applied with the same rigor in the cyber-arena if airports are going to build resilience to potentially catastrophic cyber-attacks,” said David Oliver, global transport security lead at PA Consulting Group. “If the industry does not act now, it will find itself at increased vulnerability to cyber-attacks as new technologies become part of everyday operations.”
The report concludes by outlining the elements required to ensure airport cyber-resilience now and in the future:
- Ensuring that an airport is secure by design
- Establishing strong cybersecurity leadership and effective governance
- Adopting a lifecycle approach to cybersecurity
- Aligning cyber, physical and personnel security
- Establishing a security monitoring and incident response capability
- Ensuring cybersecurity stakeholders are identified and managed
- Underpinned by the establishment of a strong cybersecurity culture
“With the EU Network and Information Systems Directive, which aims to improve the cyber-resilience of the UK’s essential services, now in force, UK airports risk penalties of up to £17m for failing to put in place appropriate cybersecurity measures,” Oliver added.