A combination of surging domestic passenger numbers and staff shortages means airports are operating at maximum capacity. Malcolm Bailie, from cyber security company Nozomi Networks, argues this is attracting cyber criminals who are slipping in amid the chaos.
Ask anyone about the state of Australia’s airports, and the answer will be unequivocal: they’re buckling under pressure.
Extreme staff shortages and the long-awaited resumption of international travel are compounded by extreme weather events and record fuel prices. Australia, in part due to our relative isolation, is feeling the crunch.
A recent report found Sydney is the sixth worst city in the world for flight cancellations and ninth worst for delays, with 34.2 per cent of flights delayed over June and July.
Airline staff and passengers have long yearned for efficiency, and airports have responded by rolling out digital channels to streamline processes and cope with increased traffic. Just take the ubiquity of self-service check-in kiosks and facial recognition technologies.
But with everything going digital, and the data of passengers and employees stored in a growing number of locations, the attack surface for cyber crime is expanding. Airports, which already have their guards down as they scramble to cope with current pressures, have been identified by hackers as an ideal target for phishing, malware, and ransomware attacks.
Last year director-general Mike Burgess of the Australian Security Intelligence Organisation (ASIO) said airports are a key target for security threats, and brought attention to a ‘nest of spies’ from a foreign intelligence service that was operating locally.
Airports make a lot of sense as a target for cyber attacks. Not only do they collect and store vast amounts of data, but their smooth operation is essential to facilitate trade and move essential workers between locations — and ransomware criminals know it.
Additionally, with airport technologies increasingly connected to the same network in an operational technology (OT) set-up, and devices interlinked in an Internet of Things (IoT) environment, a single hole in an airport’s defences can have disastrous immediate and trickle-down effects.
We saw this in April, when Canadian airline Sunwing Airlines experienced four days of flight delays after the third-party system used for check-ins and boarding was infiltrated.
A similar instance happened in 2019, when the personal data of more than 120,000 Air New Zealand frequent flyer customers was compromised after two staff members fell victim to a phishing attack.
In 2018, Bristol Airport refused to pay a ransom and consequently took its screens offline, instead using manual whiteboards to keep passengers updated with flight information.
Regressing to analogue processes is not an option, particularly when we need even more efficiencies to keep things running.
Airports now face the challenge of maintaining service by leveraging interconnected digital technologies, while improving their cyber resiliency as the attack surface continues to grow.
Expanding Visibility over Airport Environments
The need to increase cyber security measures at airports is undisputed, but the execution needs to go beyond simplistic monitoring and account for the hyperconnected and complex nature of aviation systems.
There’s no point in applying guesswork to this process. The first step is a comprehensive evaluation of all systems and networks, including testing for potential security gaps.
Cyber threats aren’t just targeted at data. There’s the potential for OT-specific malware to infiltrate the airport’s network and impact the automated baggage handling system. Or in extreme circumstances, a breach could occur against the systems governing the storage of plane fuel.
An airport’s cyber plan needs to cover all bases, spanning every device and application connected to its network. As hackers expand their targets, airports should rethink the traditional threats.
It would be remiss to secure the current, interconnected airport environment with ageing legacy applications. In the baggage handling example, if the system was infiltrated and the security monitoring the process was operating in a silo, there could be a delay in alerting the airport’s staff. In this context, even a slight delay could expose people to serious danger.
Increasing efficiencies with cyber security measures is also imperative to mitigate threats. Beyond the ongoing airport staff shortages across Australia, which, crucially, includes security, the nation is battling a shortage of technology workers in general, and cyber security professionals specifically.
In 2020, the Cyber Security Sector Competitiveness Plan noted the need for an additional 7,000 cyber security specialists over four years to meet the growing need for cyber skills. And this was before the Australian Cyber Security Centre (ACSC) reported a 13 per cent year-on-year rise in cyber crimes between 2020 and 2021.
As shortages persist, airports need to automate as many processes as possible, leveraging regularly updated threat and asset intelligence to monitor and detect risks across the entire network.
Airports across Australia are in a pressure cooker situation, and it doesn’t appear to be cooling. Qantas, for instance, has just asked its senior executives to pitch in with groundwork to curb staff shortages — a bleak sign the crisis isn’t going anywhere.
But cyber security simply cannot fall by the wayside, particularly against a backdrop of increasing airport digitalisation and interconnected networks. To protect Australians as travel continues to ramp up, airports need to take a holistic approach, including full visibility over their systems to identify gaps and prevent potential threats from resulting in devastating consequences.
Malcolm Bailie is delivery manager, APAC Japan, at cyber security company Nozomi Networks. This article was originally published by Australian Aviation’s sister brand, Cyber Security Connect.