In response to new emerging threats targeted at ‘‘smart’’ airports, the European Union Agency for Network and Information Security (ENISA) published a report for airport decision makers. Highlighting the need to implement available good practices to date in order to secure passengers and operations, the study also identifies gaps such as disparity of cybersecurity practices and lack of awareness and skills.
Smart airports are those airports making use of integrated Internet of Things (IoT) components to bring added-value services. By integrating smart components, airports are exposed to a larger attack surface and new attack vectors. As such, airports need to guarantee everyday higher levels of cybersecurity due to the potential impact that cyberattacks and disruptions can have on the safety of passengers and operators. Increasing awareness on cybersecurity risks and improving the security and resilience of the entire lifecycle of airport operations is now a priority.
Key recommendations of the report include prioritizing cybersecurity for safety, establishing a clear airport cybersecurity posture and allocating cybersecurity experts and resources, implementing constant revision of cybersecurity policies and practices based on good practices monitoring, and the introduction of network-based, holistic risk and threat management policies and processes for cybersecurity in aviation.