BACKGROUND
Airports rely on a significant amount of electronic information and technology in their day-to-day operations and the amount of data airports collect, store, and use continues to grow. Yet the risk of adverse cybersecurity incidents appears to be increasing at a rapid rate. These incidents can be significant and debilitating to operations, affect numerous stakeholders, result in adverse financial impacts, reduce public trust, and have a negative impact on the airport’s reputation.
Recognizing a need within the airport industry, ACRP published ACRP Report 140: Guidebook on Best Practices for Airport Cybersecurity in 2015. This report provides resources for airport managers and information technology (IT) staff to reduce or mitigate inherent risks of cyberattacks on technology-based systems as well tools for educating airport staff on the need, and how, to be diligent against cybersecurity threats. Since that time, there have been many lessons learned, both within and outside the industry, and those instigating these attacks have grown more bold and sophisticated. Similarly the landscape continues to evolve including the rise of ransomware, the shift to remote work, more advanced industrial control systems (ICS), reliance on identity management systems, the explosion of touchless technology, and the emergence of the internet of things (IoT).
Cyber incidents on a single airport system may have a rippling effect throughout airport operations; consequently, a cyber-incident at a single airport may have a cause and/or effect upon other airports and stakeholders within the whole national airspace system (NAS).
All employees and stakeholders at an airport have a role in securing the airport’s critical infrastructure. As an example, airport IT managers and chief information officers (CIOs) need to understand what systems they are responsible for, how to protect those systems, and the best ways to respond to cybersecurity incidents. Airport risk managers are faced with continued challenges in how to quantify cyber risks and restore normal operations following a cybersecurity incident. Airport public safety officials need to coordinate with all affected parties as well as outside law enforcement when a cybersecurity incident takes place. All other groups in the airport environment, from customer service agents to airport front line employees, need to have periodic training so they have a holistic understanding of the mechanisms, sense of urgency, and changing landscape in cybersecurity. Finally, airport leadership needs to have a comprehensive understanding of the risks, benefits, and costs of implementing cybersecurity best practices and the development of response plans.
OBJECTIVE
The objective of this research is to develop a guidebook that complements and expands on ACRP Report 140: Guidebook on Best Practices for Airport Cybersecurity for airports of all sizes. The guidebook will included guidelines to help airport employees and their stakeholders develop a playbook to prepare, detect, respond, and recover from all types of cybersecurity incidents. The guidebook should focus on systems that airports own and/or manage.
Additionally, the updated guidebook should provide, at a minimum: a discussion of best practices that have emerged since ACRP Report 140 was published; a thorough review of ransomware attacks; an overview of emerging threat vectors; a review and analysis of new and updated policies, laws, and regulations pertinent to U.S. airports; and an overview of the current resources available to U.S. airports. It should also include an executive summary for airport leadership.
STATUS: Research in Progress