The cyber threat to airports is growing, and it’s no wonder: Airports are particularly vulnerable to cyberattacks because of their complex and interconnected systems and significant amounts of sensitive passenger data. Airport systems that are vulnerable to attacks, for example, can include passport control systems, reservation systems, flight traffic management systems, fuel gauges, and even in-flight entertainment. Indeed, recently 97% of the world’s top 100 airports were found to have inadequate cybersecurity.
Some of the common threats to airports include data breaches, ransomware attacks, phishing attempts, and malware infections. These incidents can cause significant disruptions to airport operations, delayed flights and cancellations, and most concerningly, compromised passenger safety and security.
In January, thousands of flights were delayed or canceled when a technical glitch wreaked havoc on air travel throughout the United States. Although officials were quick to offer reassurance that there was no evidence of a cyberattack, the event put a spotlight on the many vulnerabilities that clearly exist in airport systems. It also offered a harrowing glimpse of how malicious actors could potentially shut down air systems across the country.
“At a time when cyberattacks are rising in both scope and sophistication, modernizing the cybersecurity of air travel must be a priority for the federal government,” wrote U.S. Representative Ritchie Torres (NY) in a letter to CISA Director Jen Easterly following the incident. “Twentieth century air systems will no longer suffice in a world of 21st century cyber challenges.”
Here are some recent notable airport cybersecurity incidents, and what we can learn from them.
In March 2020, malicious actors hacked two login portals and injected malicious code to harvest usernames and passwords at San Francisco International Airport (SFO). As a result, they gained access to data such as names, birthdays, and contact information. The websites were not connected to the airport’s critical operational systems. Following the incident, officials concluded that the attack was likely performed by Russia’s Energetic Bear hacking group, which primarily targets U.S. infrastructure.
The two sites, SFOConnect.com and SFOContruction.com, were taken offline after the airport discovered the attack, and users were urged to change their passwords.
Takeaway: It’s possible that having multi-factor authentication in place may have prevented stolen credentials from being used.
In 2017, an employee of Heathrow Airport lost a USB flash drive that contained 76 folders and more than 1,000 confidential files, including routes taken by members of the British government and information related to the airport’s surveillance cameras and runways. The USB was not encrypted or password protected. Fortunately, the person who found the flash drive returned it to airport authorities and alerted the press. Consequently, the airport was fined 140,000 Euros for not complying with data privacy regulations.
Takeaway: You don’t necessarily need malicious actors to cause a cyber incident. This is a great example of how breaches can easily occur through negligence.
In October 2022, more than a dozen U.S. airport websites went offline because of cyberattacks attributed to the Russian hacker group Killnet. The group often uses distributed denial of service (DDoS) attacks, which involves overloading computer systems with traffic until they cannot function. Airports affected included New York’s LaGuardia Airport, Chicago’s O’Hare International Airport, and Los Angeles International Airport.
Takeaway: While this incident primarily caused flight delays, cancellations, and undoubtedly a lot of aggravation, it should not be dismissed as a mere inconvenience. Unfortunately, there is a very real possibility that an attack such as this can be just the first phase of a much more serious attack.
On February 16, 2023, the websites of seven German airports were hit by a suspected cyberattack, caused by large-scale DDoS attacks. This occurred just one month after the websites of German airports, public administration bodies, and financial sector organizations were attacked by the Russian hacker group Killnet.
Takeaway: DDoS attacks do not result in stolen or corrupted data; rather, they cause damage by preventing an organization from running essential systems and services. It is possible to prevent such attacks by reducing network exposure and utilizing protection strategies with threat management systems and intrusion prevention.
How Can Airports Improve Cybersecurity?
Clearly, airports must be extremely vigilant and implement robust cybersecurity measures to protect their data and systems. Some ways that they can do this include the following:
- Adopt a proactive, and not only a reactive, approach to cybersecurity
- Perform comprehensive cyber risk assessments on all airport systems
- Prioritize mitigating vulnerabilities and cyber gaps by order of severity
- Educate employees throughout all departments about security awareness
- Identify cyber threats in the supply chain
- Secure the systems responsible for data transmission
- Encrypt all data transmitted, stored, and processed in airport environments
- Secure access to network devices and systems
- Protect endpoint devices
- Comply with all national and international security regulations
Want to learn more about how CYE can improve airport cybersecurity? Contact us today.