|Company||Rockwell Collins ARINC Airports|
The approach to cybersecurity in airports around the world faces challenges in implementation. Airport operators understand that the fight for a completely cyber-secure environment must be an ongoing process, within a constantly-evolving, technologically-advanced industry that faces new threats and vulnerabilities on a daily basis.
Some industry professionals believe that the only way to tackle cybersecurity in airports is to create a comprehensive approach that works from the top-down, and also from the ground-up. This approach takes a view that cybersecurity is the responsibility of every department and minimises the investments needed in one heavy hit in the IT department.
Tackling cybersecurity from the top to the ground
This approach begins at the very top of the airport management team; with the director or the chief executive, and filters down to every department, ensuring the responsibility for cybersecurity is felt throughout the chain of management and into the departmental operations teams.
By setting simple, yet firm standards – many of which are already IT best practices – the pressure is shared by a collective system that can then be supported by newly-introduced cybersecurity tools and creates a holistic view that can then be measured and managed more easily and cost-effectively.
There are specific steps that should be taken from the top-down, and also from the ground-up, to create a standard framework for a secure system that can then remain flexible and adaptable to changes in legislation, mandatory regulations and evolving threats.
Create a governance committee and cybersecurity team
The creation of a cybersecurity governance committee from the heads of all departments keeps every team talking about the current issues and how they are affected by them. This is a simple way to ensure all teams, from finance to human resources to security, are all working together to create a secure environment.
A cybersecurity team is the perfect way to create a holistic approach and view, when it works closely with the cybersecurity governance committee. A dedicated cybersecurity team can become a valuable asset to any airport serious about implementing systems and processes to fight cyber-attack. Effective cybersecurity strategies don’t just happen in the IT department, and it is important to give the team the authority to work in all areas of the operational environment to make sure cybersecurity practices are constantly monitored and evaluated for the governance committee.
An important, early decision for the cybersecurity committee, it is suggested, is the consideration of cyber insurance cover, to protect the business operation and to protect third-party providers if they operate within the airport and are likely to be affected by a cyber-attack.
Implement cybersecurity education and training at every level
The education of the governance committee is an important part of the strategy, and this is where IT departments and teams can help. Rather than the pressure being solely on the IT teams to manage cybersecurity, this approach takes a step forward and allows IT to advise the committee about current cybersecurity activities, giving them a chance to push for new solutions with the airport decision-makers.
With constantly evolving cybersecurity threats, it is critical that all employees understand how to recognise and mitigate potential cyber-attack. Basic cybersecurity awareness training on a regular basis keeps personnel up-to-date, and can offer valuable insights into the most common threads of cyber-attack, such as social engineering, which uses deception to manipulate airport staff into divulging, however inadvertently, confidential or personal information.
Training in the IT department is also important to strengthen the resistance to cyber-attack. When cybersecurity measures are practiced every day, they become ingrained and absorbed into a system, which is when it can be at its strongest. Only through regular, dedicated training can all employees, from the top-down and the ground-up, ensure they have the best chance of a cyber-secure airport environment.
There are many different types of cyber-threats, and, as discussed, they are constantly evolving. It is important that cybersecurity teams and IT departments keep up-to-date with the latest threats, and in this sense, all personnel are constantly training to deal with all types of cyber-attack.
Finding out where potential vulnerabilities to new cyber-threats lie quickly, offers the chance to create and test patch programs, for example. Thoroughly testing patch programs takes time and follows a process, which in some cases, could take the operations systems offline. Knowing a new vulnerability exists, or a new cyber-threat launched can make a difference.
Use a proven cybersecurity framework and implement data governance
The use of existing cybersecurity frameworks can be invaluable for benchmarking purposes within a busy airport environment. When proven best practices are implemented and measured, improvements to cybersecurity become clearer to decision-makers at the top.
Today’s stance on data storage, retention and distribution is tough. The committee must make sure that there is a system in place that ticks the boxes in terms of mandatory compliance on data governance, whether internal or external. With regulatory requirements placing more and more pressure on airport operators and personnel, proven processes and mandatory conditions can often dictate the requirements of a system.
Carry out risk assessment and act quickly to mitigate risk from the top-down
Some airport environments carry enormous IT assets, and having a full, detailed inventory is essential if all potential vulnerabilities are to be identified. This is a critical step for airports of all sizes, before carrying out a risk assessment.
A risk assessment of all airport systems and processes, including networking, standard policies and procedures is vital to address vulnerabilities within the operational environment. The cybersecurity committee will consider this to be one of the most important steps, and a risk assessment in every department will be critical to determine where the most urgent problems lie.
The creation of a cybersecurity committee delivers a way to review risk assessments and make decisions on how to move forward quickly. Without a dedicated decision-making team, the process of implementing cybersecurity is much harder and takes longer. For mitigating risk in a potentially volatile situation, committee members must be able to act appropriately and in a timely manner.
The governance committee will also put in place the systems and standards that IT will then use to ensure that if a cyber-attack occurs, a plan will be ready to implement without delay, and making sure that operational disruption is kept to a minimum.
Ensure a system for cyber-attack response is implemented and regularly practiced
One of the most important steps to have in place is the creation of a standard response to an incident of cyber-attack. There must be a policy that dictates the process of reporting a suspected cybersecurity breach, how to classify and identify it, and what process to follow should it require an elevation to an attack of a serious nature that should be handled by external authorities. Another element of this approach will be to have a system in place to isolate, gather and preserve evidence of the incident.
It is important that the entire operations team, from the ground to the top, knows what to do in the event of a cyber-attack. When emergency ground teams attend a physical problem, such as a fire or a terror attack, they are well-practiced and thus efficient. This must also be the case in the event of a cyber-attack, when airport infrastructure and operations are threatened. Experts advise that regular drill days should be set aside, when procedures and systems can be tested and reported. This can also be useful information for the cybersecurity team to identify new potential problems and discuss and implement changes or new solutions with the governance committee.
Creating a physically-secure environment
Although it may seem obvious, the creation of a physically-secure environment for infrastructure and data systems is critical to a robust cybersecurity program, and investment here must be a consideration. This is when cyber- and physical-security integrate, as there are many types of security threat that can adversely impact an airport, such as fire or natural disaster in addition to terror threat or cyber-attack. Making sure that operations can continue, even with simple ideas, such as redundant power sources and a stable physical structure, is vital.
From the ground-up and the top-down, all aspects of cybersecurity should be covered, according to industry professionals. Data should be reviewed regularly, and the processes and standards set by the cybersecurity governance committee followed and recorded, particularly when handling personal or sensitive data. Keeping records is a simple, yet important part of the process of cybersecurity maintenance, and even small changes can have a large impact if records systems are weak. Tracing errors takes less time and fewer resources if data is recorded according to best practices or standards.
With the top-down approach, and the creation of a cybersecurity governance committee and team, airport operators can gain complete visibility of processes and standard practices and can increase the confidence of IT departments with an active support system in place. Once this is implemented from the top, industry experts suggest that the day-to-day operational environment must also be supported from the ground-up, to ensure a holistic view and further sharing the responsibility of cybersecurity across the entire airport.
Airports of all sizes around the world are coming under increasing pressure facing cybersecurity. Industry professionals agree that a holistic approach using shared responsibility is the only way forward in such a volatile area of airport cybersecurity.
Visit airportknowledge.com/talking-airports for more on this story or to find out more about Rockwell Collins airport solutions.