The airport environment poses some unique challenges for cybersecurity. Operational efficiencies demand that dozens of stakeholders work effectively together to deliver a seamless service to the travelling public. This is especially true in today’s world of COVID-19 impacts and concerns.
In airports, the interface points between the stakeholders can become extremely complex, and there is rarely a single point of oversight for all the information being exchanged. It’s more of a “supply-mesh” than a traditional “supply-chain”.
We are already seeing the challenges caused by COVID-19 being abused by cyber attackers – either by using it as an enticement to click on links (with messages like “5 tips to protect yourself against coronavirus”), or by attacking stressed institutions in the logic that they’d be more likely to pay ransoms as a quick way to make the new problem go away. The complexities of airport supply chains mean careful management is needed to control the exposure of the entire operation against the compromise of a single party.
The information machine.
Modern airports are increasingly data driven, with a huge range of information flowing between partners and supported by many interconnected systems, themselves managed by different parties. Operationally, we aim for an environment where the information that is needed is available instantly – both for the public and the partners that need to work together. When this works 99% of the time, people start to forget just how dependent they are on the smooth running of this information exchange.
Egis runs airports across the world and as a result works with a wide range of suppliers. One thing common to all its airports is the complexity of managing the relationships and information sharing (including security) with so many operational partners. It gives us unique insights into the challenges faced by our customers and additional hands on experience of helping to resolve them.
Like any well-oiled machine, there’s a high dependency on all the cogs turning in exactly the right way. The bigger the machine, the more cogs there are and the more critical it becomes that the system is cared for and protected against faults, damage and disruption.
The organic growth of airport environments, with no central architect or responsible body, means that there may not be a complete picture of information flows, or a clear point of responsibility for securing the information. When dealing with security in a multi-stakeholder environment, there is always a risk that there may be overlaps, and also gaps in how information and cybersecurity is managed.