National Academies Press: OpenBook

Guidebook on Best Practices for Airport Cybersecurity (2015)

Chapter: Chapter 7 - Conclusions and Suggested Research

« Previous: Chapter 6 - Detecting, Responding to, and Recovering from Attacks
Page 70
Suggested Citation:"Chapter 7 - Conclusions and Suggested Research." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 70
Page 71
Suggested Citation:"Chapter 7 - Conclusions and Suggested Research." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 71
Page 72
Suggested Citation:"Chapter 7 - Conclusions and Suggested Research." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 72

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

70 The following primary conclusions of this research are focused on steps airports can take to protect themselves against cyber threats. Additional research to help airports sustain this level of protection into the future is also recommended. Conclusions The growing threat of cyberattack on airport computers, networks, control systems, and critical infrastructure is a clear trend that is well publicized in the media, trade forums, and legislation. This trend is also substantiated in the research that has been conducted for this project. Cyber- attacks are increasing in number and sophistication. The result has been a loss of confidential and sensitive information, costly disruption to operations, adverse impacts to reputation, and in some cases financial loss and equipment failure. Fortunately, the number and sophistication of countermeasures to combat the increased threat is also growing. Federal, state, and local government agencies are passing legislation and offering resources to help. Non-governmental and non-profit organizations are establishing forums for information exchange. For-profit companies and individual consultants are also improving the services, software, and hardware they offer to combat the threats that exist. No airport is immune to attack, and many can be better prepared. Implementing cybersecurity countermeasures is not an option; it is a requirement of safe and efficient operation. Following are some of the primary countermeasures that all airport managers and staff should consider: Become and stay aware of the threats that can impact critical data and systems by maintaining regular communication with peers and related agencies, participating in ISACs, and engaging (if the means exist) cybersecurity professionals. Establish and enforce policies for acceptable use, SSI, information privacy, software and data assurance, training, and communications. Periodically train managers, staff, consultants, and tenants on their roles to protect data and system credentials, be wary of social engineering tactics, adequately protect the devices they control, and report suspicious activity and policy infractions. Maintain an inventory of data, systems, network devices, and users that may be affected by a cyberattack. Identify vulnerabilities where these assets are not adequately protected and prioritize them based on the impact a successful attack may have. Implement countermeasures to achieve the level of protection that is desired and affordable. Assign CISO responsibilities to a qualified staff member, new hire, or consultant. Monitor computer and human behavior through manual and automated means. Communicate anomalous activity and successful attacks to the CISO, IT staff, senior manage- ment, affected stakeholders, other agencies, and law enforcement personnel. Conclusions and Suggested Research C H A P T E R 7

Conclusions and Suggested Research 71 Be prepared to isolate affected systems, remove them, recover from attacks, and learn from them. Recognize that even if all of the foregoing measures are implemented, the airport will still not be perfectly protected. Remain vigilant and continuously improve the level of protection to the extent possible given the resources that are available. To implement these and other countermeasures in an effective manner, many airports are establishing cybersecurity programs led by a CISO and supported by senior management. Such an approach formalizes the process and establishes a centralized resource. Cybersecurity is not out of reach for any airport. Whether the smallest general aviation or the largest hub airport, the challenge is to achieve a level of protection that provides those respon- sible for safety and operational efficiency with a desired level of comfort within the limits of available staff and financial resources. While there are some laws and regulations that must be met, there are a wide variety of options based on the risk propensity, exposure, and resources available. Senior managers cannot, however, decide on the desired level of protection without input from technical and operational staff who understand the vulnerabilities and potential impacts of an attack. CISOs cannot implement the desired protection without this guidance; allocated resources; and the support of staff, consultants, and tenants. Protecting an airport from the threat of cyberattack is a shared responsibility and not one handled exclusively in the IT equipment room. Airports need not pursue cybersecurity protection alone. There are a growing number of agencies, organizations, companies, and forums that can help. Some are emerging to specifically help airports and other aviation organizations. Following are some of the resources airports should tap in pursuit of a cost-effective cybersecurity program: FBI agents are assigned to each airport and can be a conduit to the cybersecurity resources of their agency. DHS provides funding that allows the MS-ISAC to provide member airports with training, material, and other resources as well as assistance should an attack occur. MS-ISAC also offers network monitoring and other specialized services for a fee. Training resources that are free or inexpensive but effective are increasingly available. Many of these are available online. Some that airports may find useful are listed in the cybersecurity training resources section of Chapter 5. SANS Institute (http://www.sans.org/reading-room/) offers an online reading room that is continuously updated with helpful documents. InfraGard (www.infragard.org) is a partnership between the FBI and the private sector that is dedicated to sharing information on hostile acts against the United States, including cyber- security attacks. CSET is a CD-based software tool that helps organizations evaluate the cybersecurity posture of their systems and network. It was developed by DHS in conjunction with the ICS-CERT and NIST. It can be obtained free of charge from ICS-CERT (ics-cert.us-cert.gov/ Downloading-and-Installing-CSET). The guidance provided in this document, along with the multimedia materials offered and the growing number of industry resources available, should allow airports to determine, implement, and sustain a prudent level of cybersecurity protection. Suggested Research The research conducted during this project has identified best practices and steps that air- ports can take to protect themselves against cyberattack. The environment is however rapidly changing in terms of the threats that exist, data and systems that must be protected, and the

72 Guidebook on Best Practices for Airport Cybersecurity countermeasures available to help. This suggests that additional, and perhaps in some cases, ongoing research is required. Following are some suggestions identified during the course of this research: • Threat analysis requires ongoing research into the actors, vectors, and types of threats that can affect airports. This analysis should include threat trend analysis, actor profiling and attribution, and system vulnerability testing. There are many agencies, organizations, and companies that are dedicated to this activity, but few if any are focused on airports. Support for an ongoing research initiative that pools threat information relevant to airports is therefore recommended. These need not, but perhaps would best, be established as a part of other broader research efforts. • Technical standards and specifications for protecting ICS could be developed to help not only airports, but also installers and manufacturers of these systems, attain a common baseline of protection. • Training for facility managers and ICS installers on how to protect their systems against cyber threat will help ensure those systems are properly protected. This training must include cybersecurity awareness and an overview of the airport’s approach to protecting critical systems. In addition, the training should provide details on how to adhere to the specifications described previously. These and perhaps other research efforts will help airport managers and staff remain vigilant despite the dynamic nature of cybersecurity.

Next: Glossary, Abbreviations, Acronyms, and Symbols »
Guidebook on Best Practices for Airport Cybersecurity Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based systems.

Traditional IT infrastructure such as servers, desktops, and network devices are covered along with increasingly sophisticated and interconnected industrial control systems, such as baggage handling, temperature control, and airfield lighting systems.

The guidebook also includes a CD-ROM of multimedia material that may be used to educate all staff at airports about the need, and how, to be diligent against cybersecurity threats.

The CD-ROM is also available for download from TRB’s website as an ISO image. Links to the ISO image and instructions for burning a CD-ROM from an ISO image are provided below.

Help on Burning an .ISO CD-ROM Image

Download the .ISO CD-ROM Image

(Warning: This is a large file and may take some time to download using a high-speed connection.)

CD-ROM Disclaimer - This software is offered as is, without warranty or promise of support of any kind either expressed or implied. Under no circumstance will the National Academy of Sciences or the Transportation Research Board (collectively "TRB") be liable for any loss or damage caused by the installation or operation of this product. TRB makes no representation or warranty of any kind, expressed or implied, in fact or in law, including without limitation, the warranty of merchantability or the warranty of fitness for a particular purpose, and shall not in any case be liable for any consequential or special damages.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!