Dr John McCarthy, airport cyber security fellow for ServiceTec Global Services, speaks to Passenger Terminal World about tackling the ever-growing problem of cyber crime in an airport environment
There is no doubt that in terms of airport safety, cyber security is now a major issue. It has become a prominent concern in the 21st century and the challenges it presents will only get bigger and more complex.
Cyber Security cuts across not only silos within organizations but also across international boundaries. We are fully aware that cyber hackers and criminals do not respect such boundaries. In fact, they exploit them. Attacking from another country gives the perpetrators refuge as international law enforcement has yet to solve the problems of cybercrime and international laws and boundaries. While they may follow up on large-scale attacks, the sheer volume of incidents means that law enforcement cannot cope with every reported case.
Flagship airports form part of the critical national infrastructure (CNI) of many countries, and as such, they do receive additional support from government agencies to help prevent them suffering an attack. However, many smaller airports are left to fend for themselves. This is a problem. All airports and their systems are connected, so protecting one and not the other, is simply not effective. Cyber criminals will look for the weakest link and may find a channel from a smaller airport to a larger one in terms of their processes. Therefore we need to protect all airports.
It may appear then that the problem is unmanageable and unsolvable but this is far from the truth. There is much we can do to bolster our cyber defenses without huge expenditure and without purchasing complex cyber systems. There is no doubt that technology will help in defending against attacks but this is not the only requirement.
We need people to understand the problem, and this means everyone in the airport from the CEO to the cleaner. They don’t need to understand computer code or even be involved in the systems on a day to day basis, but they do need to understand why the airport has cyber security and what impact a breach could have on the airport.
Simple cyber hygiene practices can wipe out at least 80% of attacks. Two such practices include understanding phishing emails and the threat they pose, and explaining why it is a bad idea to introduce foreign devices to a network. This would do a huge amount to protect an airport and focuses on people not technology.
As we come to terms with the new challenge of cyber security we need to look at cyber security from a risk based approach and then examine people, processes and technology. Such practices will only serve to combat the cyber threat and help keep airports safe.
Dr John McCarthy PhD BSc (Hons) MBCS is a renowned authority on cyber security strategy, development and implementation and is an airport cyber security fellow for ServiceTec Global Services. McCarthy is frequently invited to join expert panels and appear as a speaker at well-known cyber security events. McCarthy is also a leading expert on social engineering awareness training and best practice.
November 4, 2016