Smart Airports: How to protect airport passengers from cyber disruptions
December 2016 by ENISA
ENISA publishes a study on "Securing smart airports" providing airport decision makers and security personnel a concrete guide on preventing cyber-attacks and disruptions.
Cyber SecuritySmart CitiesRisk Management
In response to new emerging threats, ENISA’s report provides a guide for airport decision makers to implement available good practices to date, in order to secure passengers and operations. This study also identifies gaps such as disparity of cyber security practices and lack of awareness and skills. The study aims to support airport decision makers and information security professionals in their security efforts and risk management.
Eight recommendations for enhancing the security and resilience of smart airports in Europe are presented in the report, tailored specifically towards decision makers, airport operators and industry. Key recommendations include:
Prioritising cyber security for safety
Establishing a clear airport cyber security posture and allocating cybersecurity experts and resources
Constant revision of cyber security policies and practices based on good practices monitoring
Implementing network-based, holistic risk and threat management policies and processes for cyber security
Prof. Udo Helmbrecht, Executive Director of ENISA, said: "Integrating IoT on the existing airport infrastructure brings new security challenges. To ensure safety, operators need to incorporate cybersecurity in all stages of the security life cycle."
Smart airports are those airports making use of integrated Internet of Things (IoT) components to bring added-value services. By integrating smart components, airports are exposed to a larger attack surface and new attack vectors. As such, airports need to guarantee everyday higher levels of cyber security due to the potential impact that cyber-attacks and disruptions can have on the safety of passengers and operators. Increasing awareness on cyber security risks and improving the security and resilience of the entire lifecycle of airport operations is now a priority.
ENISA’s future work in the field, aims in enhancing the security and resilience of air transport in Europe together with all relevant key stakeholders and agencies. In the context of the NIS Directive, ENISA will assist Member States and the European Commission by providing expertise and advice, as well as developing and facilitating the exchange of good practices, with the ultimate goal to enable higher level of security for Europe’s air transport infrastructure.