In October 2020, Václav Havel Airport Prague opened what it describes as ‘one of the most modern and technically advanced cybersecurity workplaces in the Czech Republic’. The new Cyber Security Operational Centre (CSOC), which is situated in the administrative quarters on the airport site, runs 24 hours a day and is designed to protect the country’s largest airport from cyberattacks and misuse of airport information systems, through a multi-layered approach of monitoring, detection, evaluation and subsequent blocking of threats.
“We started building a strong cybersecurity system four years ago, focusing first on the cornerstones such as legislation, employee awareness, risk assessment and asset assessment,” comments Luboš Rˇádek, director of information security at Václav Havel Airport Prague. “Next, we focused on building a technical team that now performs its role in the CSOC. We have been building the technical team for two years and our work still continues.”
The 200m2 CSOC includes meeting rooms and executive offices and is run by 12 technical experts who have been fully trained to detect and stop cyberattacks across the airport’s systems. “In general, the CSOC employees have a thorough knowledge of networks and network protocols, the basics of operating systems and web services, and advanced knowledge of hacking techniques,” says Rˇádek. “They have a perfect knowledge of airport information assets that must be protected, and each staff member has also undergone intensive internal training and internationally recognized certification procedures, such as Certified Ethical Hacker (CEH) and Offensive Security Certified Professional (OSCP).”
The center is part of Prague Airport’s annual CZK40m (US$1.7m) investment in the protection of its critical information systems, which is a main strategic goal of the company, according to Rˇádek. “Today, hackers can remotely control ocean-going ships through cyberattacks. There is no reason to expect they would not be able to control airports or even aircraft just the same. Cyber threats are still on the rise and we have to respond.
“Furthermore, the creation of our new CSOC is related to the process of digitization of the airport currently underway. In order to be able to implement new technology and digital procedures in airport operations, such as autonomous vehicles, biometrics and artificial intelligence, we had to have mechanisms in place to protect them. Companies that fail to solve cybersecurity do not survive. Our own CSOC allows us to perform cybersecurity tasks at the highest level and, most importantly, in great detail,” Rˇádek continues.
The main role of the CSOC is to continuously detect and alert the airport to unusual events happening in the systems. “There are many processes that are either directly managed by the cybersecurity department or that involve the cybersecurity department. We must have good risk assessment in place – knowing what we use and what we must protect. Cybersecurity must be a part of tenders, big changes, crisis management, etc at the airport,” Rˇádek comments. “We also need to know what the threats to us are – identify vulnerabilities in our information systems and test them regularly. We also need to be aware of cyber threats in general. Cyber resistance is multi-layered. Should the first layer fail, we have implemented a few more layers that are constantly evolving and improving.”
Ensuring security success
For the CSOC to be successful, Rˇádek believes that having the right people involved is crucial. “The most important thing in building a CSOC is the top management support,” he says. “Without that, this project could never have been successful, because the new rules have an impact on everyone who works with airport information assets. Moreover, cybersecurity costs money. The whole project was managed by our internal experts; however, audits were carried out to verify the quality of the project. Naturally, we continuously consulted with expert groups such as international cyber emergency and response teams throughout the duration of the project.”
Rˇádek suggests that creating a ‘corporate cyber culture’ will make it easier for other airports looking to implement certain restrictions. “I would advise others to insist on the implementation of and daily use of high-quality detection and prevention cyber technologies. And most importantly, cybersecurity must be team-based – everyone working with information assets is responsible. The user is the easiest target of a cyberattack, so they must be able to recognize it,” he continues.
Managing changing threats
Cybersecurity threats are ever changing as those with malicious intent continue to develop different types of attacks. According to Rˇádek, terrorist groups are now moving into the cyber world and attacks “will be conducted through this invisible channel and will have the same effect as physical ‘bomb’ attacks”. He continues, “Therefore, it is necessary not to underestimate this threat and be prepared for it. The sooner companies start, the better prepared they will be. We still have a long way to go, and even cybersecurity is not ‘bulletproof’.”
So how can the aviation industry better collaborate with other sectors to ensure a more comprehensive, widespread approach to preventing cyberattacks? “It is important to work together and face cyber threats together in different countries, in different sectors. We can already see the results of using Open Source Threat Intelligence and Sharing Platforms (MISPs) and sharing identifications of compromise, called IoCs. We are a part of various response teams, sharing very interesting and useful information,” says Rˇádek.
“The operational technology at the airport, such as security check systems, is still considered to be a gray zone. Manufacturers of these technologies still do not implement cybersecurity by design. We must teach them to do so and appeal to other customers of these companies to insist on security protocols, access verifications, etc, even in these systems.”