Most of the 8 million people estimated to fly every day directly or indirectly interact with the technologies running the “typical airport’ experience” – avionics software on planes, air traffic control systems, fuel pumps, baggage handling systems, ticketing systems, security systems, etc. – without considering the resiliency and security of the software or equipment they interact with. However, like most technology, the software and equipment used to run the operations of airports around the nation were not developed with security as a priority. As a result, airport networks are vulnerable to disruptive and deadly cyber-kinetic attacks whose outcomes can range from irksome delays to catastrophic crashes.
In this Institute for Critical Infrastructure Technology publication entitled “Hacking our Nation’s Airports: Cyber-Kinetic Threats to the Technologies Running Airport Operations,” ICIT introduces readers to the cybersecurity threats facing airports by offering a high-level overview of attack scenarios, threat actors, and vulnerable systems. This report includes:
- A discussion of attack scenarios
- An overview of common threat actors including state sponsored APTs, cyber-mercenaries, hacktivists, and terrorists
- An overview of vulnerable systems including avionics software, baggage handling systems, aircraft tugs, de-icing systems, fuel pumps, airport smart devices, third-party systems, and facial recognition systems
- Four steps that can be taken to improve cybersecurity at airports