Airports are ill-equipped to handle cyber attacks, says report

Airports could face millions in damages

Airports are ill-equipped to identify and respond to major cyber attacks, according to a new report from the PA Consulting Group.

The firm claims that airports are becoming a lucrative target for cyber crooks because they are increasingly going-ahead with digital transformation plans.

Called Overcome the Silent Threat, the report argues that the hyper-connected model - where passengers want internet services from airlines and retailers - is doing more damage than good.

Data from the European Aviation Safety Agency shows that airports and aviation systems are exposed to around 1,000 cyber attacks on a monthly basis.

However, airports are putting themselves at greater risk as they are becoming too reliant on technology and digital infrastructure in day-to-day operations.

New data sharing responsibilities and connected networks are also causing problems for airports, but often they are not aware of these threats.

In total, the report highlighted seven areas that increase cyber security threats in airport contexts, including growing technology usage, hyper-connectivity, data sharing, customer centricity, IoT towers, remote towers and mega hubs.

This research attempts to make the case that airports should integrate cyber security practices into everyday processes and operations.

"Cyber security needs to be a part of existing incident response and business continuity plans. That means all incidents are managed in the same way, whether cyber security is involved or not," urges the report.

David Oliver, global transport security lead at PA Consulting Group, said it is critical that airport officials take cyber security seriously if they want to protect passengers.

"Fundamentally, the focus on physical security needs to be applied with the same rigour in the cyber arena if airports are going to build resilience to potentially catastrophic cyber attacks," he said.

"If the industry does not act now, it will find itself at increased vulnerability to cyberattacks as new technologies become part of everyday operations."

In recent times, many airports have tested remote control and monitoring technologies for air traffic control and airfield management purposes.

But because such systems rely predominantly on data links, they could easily be exploited by cyber criminals.

Oliver argues that airports could face major financial repercussions if airport management is disrupted in this way.

"With the EU Network and Information Systems Directive, which aims to improve the cyber resilience of the UK's essential services, now in force, UK airports risk penalties of up to £17m for failing to put in place appropriate cyber security measures," he added.