Airports Council International presses for global standards and frameworks to recognise cyber-vulnerability of interconnected systems and technologies.
Airports face specific and unique cyber-security risks that reach well beyond conventional IT systems and that can leave embeded systems across their operations vulnerable to cyber attacks. As a result, the ACI has used its World Annual General Assembly to pass a resolution setting out action needed across the globe.
The resolution, entitled Affirming airport’s commitment to addressing the evolving cyber threats in aviation, recognises the actions already taken by airports to improve cyber-security, but calls on all aviation stakeholders to strengthen their awareness and mitigation measures.
The resolution urges governments, international organisations and relevant stakeholders to leverage the existing international standards and frameworks on information security and cyber-security to develop aviation cyber-security frameworks, standards and guidelines. It also calls on governments to implement the necessary measures to support the development of a skilled aviation cyber-security workforce.
Diversity of cyber-threat
When Infrastructure Global recently spoke with Geneva Airport CEO, André Schneider, his message on this subject was clear. The extent of embedded systems that could be used to damage an airport made them uniquely vulnerable to attacks.
He explained: “In our airport those systems might be the climate control or the security censors for fire doors or even our 13km of baggage sorting and directing installations. These are embedded systems with all kinds of different specialist software.”
To resolve that, he proposed a collective approach: “Propriety systems are good at what they do, but often you then depend on the company for their security systems. A common platform to help establish standards and collectively test embedded systems would be a valuable step.”
The new resolution from ACI recognises this dependence on “interconnected systems and advanced technologies to maintain efficient, safe and secure operations” and that such systems, if vulnerable to cyber-risk, “can jeopardise the safety and security of passengers and staff, with damaging economic consequences” as well as having the potential to seriously damage public trust.
The aviation industry, like other sectors, is also experiencing a rise in cyber-attacks which can take several forms, targeting sensitive customer data for theft, or critical operating systems to cause disruptions.
Action to be taken
The resolution sets out a number of commitments for the industry and calls on ACI member airports to continue to strengthen awareness on cyber-risk across the industry while creating a string cyber-secure culture internally.
Along with urging airports to evaluate their own risk and exposure and take measures accordingly, it seeks significant wider engagement to create the tools needed for a more cyber-secure aviation sector.
As a result, the resolution urges international organisations and relevant institutions to leverage the existing international standards and frameworks on information security and
cyber-security to develop aviation-specific cyber-security frameworks, standards and guidelines.
It also calls upon nations and industry stakeholders to create dedicated support for the development of a skilled aviation-specific cyber-security workforce through improved funding, training and career development paths.
ACI’s role
The resolution presses ACI World to work closely with the International Civil Aviation Organization, along with other relevant bodies, to develop and implement new frameworks cyber-security and encourages it to continue efforts to raise awareness across the industry.
It also proposes the creation of an evaluation and information-sharing platform platform for member airports and stakeholders to work together in identifying, assessing and mitigating cyber-security threats through an appropriate cyber risk management process for airports.
