National Academies Press: OpenBook

Guidebook on Best Practices for Airport Cybersecurity (2015)

Chapter: Chapter 2 - What Is Cybersecurity?

« Previous: Chapter 1 - Introduction
Page 7
Suggested Citation:"Chapter 2 - What Is Cybersecurity?." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 7
Page 8
Suggested Citation:"Chapter 2 - What Is Cybersecurity?." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 8
Page 9
Suggested Citation:"Chapter 2 - What Is Cybersecurity?." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 9

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

7 Cybersystems are a key and growing component of an airport’s infrastructure. “Cyber” encompasses the computers, servers, and network components that form traditional IT infrastructure. It also includes the software used and the information transmitted over this infrastructure. Industrial control systems (ICS)—such as airfield lighting; heating, ventilation, and air conditioning (HVAC); and baggage handling systems—are also part of an airport’s cyber infrastructure. Together these systems support the safe operation of aircraft, development and maintenance of airport facilities, check-in and screening of passengers, and a variety of other activities. The breadth of cyber systems found at an airport is growing as new systems and technologies become available not only to airport management and staff, but also to the airlines, tenants, and ultimately the passengers they serve. Rapidly advancing mobile computing capabilities are also encouraging some airports to rely on public cellular or wireless networks to extend the reach of their cyber systems within terminals and onto airfields. Some airports have a Bring Your Own Device (BYOD) policy, which allows their employees to use personal phones and tablets to per- form work duties. The breadth of an airport’s cyber systems is also not bounded by its network or facilities. An increasing number of airports are relying on computer infrastructure, software, and data on the Internet or in the “cloud.” As the number and breadth of cyber systems in use at airports grow, so does the risk of cyber- attack. The expanded use of commonly used technologies, the increasing exchange of information between systems, and the criticality of their use increase the likelihood and potential impact of these attacks. Like any element of an airport’s critical infrastructure, systems and their data must be protected. Threats may be intentional, coming from sophisticated actors in well-funded countries or organizations, disgruntled staff or customers who already have access, or individual pranksters. Threats may also be unintentional such as a mistaken release of sensitive information. Some respondents to this project’s online survey assumed that “if it’s not connected to the Internet, it’s not vulnerable to cyberattack.” Unfortunately, this assertion has been proven wrong by many successful attacks that were not via the Internet. As one interview respondent said, “If bits or bytes pass through it, it may be vulnerable.” While the percentage of cyber threats that are averted remains very high, the number of threats has grown significantly and the damage caused by the threats that do get through is greater (Gilliland 2014). This is one of the reasons that the majority of respondents (22 of 40 or 55%) feels that the degree of cyber risk their organizations face has increased over the last year. Their concerns are warranted, as the following list of successful cyberattacks on airports suggests: A sophisticated advanced persistent threat from a sophisticated group of hackers acting on behalf of a nation state used a reputable industry source to send phishing emails to airports. C H A P T E R 2 What Is Cybersecurity? “If bits or bytes pass through it, it may be vulnerable.” –Survey respondent

8 Guidebook on Best Practices for Airport Cybersecurity Seventy-five airports were affected and two had systems that were compromised as a result (Center for Internet Security 2013). The Airport Operations Division of the Metropolitan Washington Airport Authority uninten- tionally published a request for procurement (RFP) on its website containing sensitive security information (SSI) detailing the outsourced electronic security system at the Ronald Reagan Washington National Airport (DCA). This RFP was not vetted through the IT department. Miami International Airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattacks (Palmer 2013). Los Angeles World Airports (LAX, ONT, VNY, and PMD) blocked almost 60,000 cases of Internet misuse and 2.9 million hacking attempts in one year. LAX also experienced a number of cyber incidents related to malware that targeted a network baggage system (Cheong 2011). U.S. airport computer and communications systems were among the targets announced by the Tunisian Hackers Team in April 2014 (Kimery 2014). Researchers have demonstrated that some passenger screening devices used by the Trans- portation Security Administration (TSA) can be tampered with so that they do not provide the proper alerts if an attacker gains physical access to data ports on the devices (Rios 2014). Although not directly the responsibility of the airport, compromised TSA equipment could impair airport operations and expose additional vulnerabilities. A truck driver jamming his vehicle’s global positioning system (GPS) receiver inadvertently interfered with an airport GPS augmentation system used to support aircraft approach proce- dures at Newark International Airport (EWR). Istanbul’s Atatürk International Airport (IST) had password control systems shut down by what is believed to have been a malware attack resulting in departure delays and extended waiting time for passengers (Paganini 2013). An undisclosed major, non-U.S., international airport uncovered a variant of the Citadel Trojan malware that targeted virtual private network (VPN) credentials used by employees (Klein 2012, Kumar 2012). The Dubai International Airport (DXB) had 50 email addresses and associated passwords stolen by a team of hackers from the Portugal Cyber Army and the HighTech Brazil HackTeam (Selvan 2013). The website of Catania–Fontanarossa Airport (CTA) in Italy was hacked and shut down for a few hours. A 22-year-old suspect was believed to have illegally accessed and damaged data (Kumar 2011). The Airports Authority of India’s enterprise resource planning system was successfully hacked resulting in the system becoming inoperative, but more importantly resulting in the loss of personal data on employees (Vijay 2014, The Asian Age 2014). To combat these and other potential cyberattacks, many airports have taken measures to protect their data and systems. As Figure 2 shows, the top rationale for taking such measures is to prevent service interruptions, although preventing property damage or loss of life, preventing loss of information, preserving the airport’s reputation, and complying with regulations are key motivators as well. Driven by these motivators, many airports have established cybersecurity programs [accord- ing to 32 of 41 (78%) survey respondents who answered this question]. Most of these programs are based on written organizational policy [24 of 32 respondents (75%) of those who answered this question]. These programs often encompass an inventory of critical systems and assets, vulnerability assessments, monitoring for anomalous activity, configuration management, physical security, training, and other measures. Unfortunately, only about half of survey respondents who answered this question [19 of 39 (49%)] felt that these measures provided adequate protection.

What Is Cybersecurity? 9 Fortunately, there is a growing number of resources that an airport can use to protect its data and systems. This mitigation requires specialized technical skills, software, and hardware as well as well-defined policies and procedures. While some airports have been able to provide such protection, not all airports can obtain, retain, and maintain the necessary staff and infrastructure. There is, however, a growing number of public and private organizations that can help airports establish and maintain effective cybersecurity programs. The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, the Department of Homeland Security (DHS)–funded Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Payment Card Industry (PCI) Data Security Standards (DSS) are just a few of the resources airports have tapped. The remainder of this guidebook is intended to help airports develop, and then to maintain, an approach to cybersecurity that leverages these organizations and other resources. Source: 27 of 55 (49%) survey respondents. 0 5 10 15 20 25 Figure 2. Reasons for implementing cybersecurity.

Next: Chapter 3 - An Approach to Cybersecurity at Airports »
Guidebook on Best Practices for Airport Cybersecurity Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based systems.

Traditional IT infrastructure such as servers, desktops, and network devices are covered along with increasingly sophisticated and interconnected industrial control systems, such as baggage handling, temperature control, and airfield lighting systems.

The guidebook also includes a CD-ROM of multimedia material that may be used to educate all staff at airports about the need, and how, to be diligent against cybersecurity threats.

The CD-ROM is also available for download from TRB’s website as an ISO image. Links to the ISO image and instructions for burning a CD-ROM from an ISO image are provided below.

Help on Burning an .ISO CD-ROM Image

Download the .ISO CD-ROM Image

(Warning: This is a large file and may take some time to download using a high-speed connection.)

CD-ROM Disclaimer - This software is offered as is, without warranty or promise of support of any kind either expressed or implied. Under no circumstance will the National Academy of Sciences or the Transportation Research Board (collectively "TRB") be liable for any loss or damage caused by the installation or operation of this product. TRB makes no representation or warranty of any kind, expressed or implied, in fact or in law, including without limitation, the warranty of merchantability or the warranty of fitness for a particular purpose, and shall not in any case be liable for any consequential or special damages.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!