How America’s Airports Defend Against Cyberthreats

What Cybersecurity Vulnerabilities Do Airport Facilities Face?

In March 2020, Russian hackers attacked two San Francisco International Airport websites and stole usernames and passwords of staff and contractors. Airport officials said hackers breached the sites and planted code exploiting an Internet Explorer bug to steal login credentials.

To avoid any adverse events, the airport pulled down the affected websites and issued a forced password reset before bringing them back online.

However, the problem of a larger attack surface remains.

“Both airports and aircraft have networks designed to allow passengers to access the internet,” says Jim Richberg, Fortinet’s field CISO for the public sector. “Computer and navigation systems could be held for ransom or infiltrated with other malware to slow or disrupt travel and potentially put human lives at risk in a worst-case scenario. Planes and airports today are filled with smart devices, Wi-Fi, logistics terminals and sensitive personal information on passengers.”

EXPLORE: Ransomware prevention best practices for state and local governments.

Fortinet’s research lab has found advanced cybercrime that mirrors the stealth and sophistication previously associated with nation-state techniques. 

“We have seen ransomware across all sectors and organizations increasingly leveraging Ransomware as a Service over the past six months. This enables threat actors who may lack technical capabilities to rent malicious cybertools that are capable of attacking airports or the aviation industry,” Richberg says.

Also vulnerable: an airport’s multitude of operational technology systems, like moving gates, baggage conveyor belts, runway lights and air conditioning. OT control modules tend to be simple and decades old, making them a potentially easy target for hackers.

Aircraft also carry outmoded technology, says Mike Weigand, co-founder of transportation cybersecurity firm Shift5. VHF communications used by pilots to communicate with air traffic control is open protocol. “These technologies were written to be reliable,” not secure, Weigand explains.  

How Do Airports Respond to Cybersecurity Threats?

Tampa International Airport experiences threats similar to most large organizations, including ransomware attempts, phishing, malware, social engineering and external network probing, says Vice President of IT Marcus Session.

Recent guidance from regulatory agencies has helped the Florida airport protect itself. “The U.S. Cybersecurity and Infrastructure Security Agency has a variety of resources that it provides to help organizations secure their environments and prepare for the latest cyberthreat,” Session says.

Session also tracks OT systems. “If we encounter something unique with an OT device, we work with the business units responsible for that system to develop a custom set of security protocols,” he says. “Overall, the biggest key to protecting OT systems is knowing what you have and creating an inventory of those devices and systems around which you can build a system-specific strategy.”

REVIEW: How states are making use of federal funding for cybersecurity.

Ohio’s John Glenn Columbus International Airport sees distributed denial of service attacks, phishing, rogue software, ransomware and some unique threats aimed at physical security systems, says Richard Jones, director of technology services for the Columbus Regional Airport Authority.

“The three most critical parts of our cybersecurity program are the maturity of the program itself, effective cyber awareness campaigns and ‘practicing as play’ when it comes to cybersecurity and incident response,” Jones says.

His team regularly conducts simulations, exercises and internal phishing campaigns. The airport also rotates its security vendors every three years to elevate resiliency and bring fresh perspectives to the challenge.