Airports 'ill-equipped for major cyber attack'

New research has found that airports are ill-equipped to deal with a major cyber attack and that remote tower technology could represent a major vulnerability.
The PA Consulting Group report, ‘Overcome the Silent Threat’, blames the emergence of a hyper-connected model – where passengers in airports want fast internet and digital engagement with airlines and retailers – for increasing the opportunities that cyber criminals could exploit.
The report authors suggest that there are currently around 1,000 cyber attacks each month on airport and aviation systems worldwide according to the European Aviation Safety Agency statistics.
Their research also indicates that airports are at a higher risk of cyber attack due to an increasing use of technologies and digital infrastructure in day to day operations, new data sharing obligations and greater connectivity across staff and passenger devices within airports
“Fundamentally, the focus on physical security needs to be applied with the same rigour in the cyber arena if airports are going to build resilience to potentially catastrophic cyber attacks,” said report author David Oliver, global transport security lead at PA Consulting Group. “If the industry does not act now, it will find itself at increased vulnerability to cyber attacks as new technologies become part of everyday operations.”
He said one key trend increasing dependency on systems that could be subject to cyber attacks is that a number of airports are exploring the option of providing remote control and monitoring for air traffic control systems and on the airfield.
As remote towers are highly dependent on the data links that transmit information from one place to another, a cyber attack or physical attack could disrupt operations, including making it impossible to manage airport traffic.
“With the EU Network and Information Systems Directive now in force,” Oliver said, “which aims to improve the cyber resilience of the UK’s essential services, UK airports risk penalties of up to £17 million for failing to put in place appropriate cyber security measures.”
The report is based on in-depth analysis and interviews with four major international airports, a diverse group which represents the type and scale of airports globally.
For further information or to download a copy of the report, click here.