Improving Airport Cybersecurity Starts with Visibility

Improving Airport Cybersecurity Starts with Visibility

The pandemic taught all of us how to pivot and adjust quickly—especially those working in IT or OT at airports around the world. Depending on where you’re located, recent shocks include not just the pandemic, but extreme weather events, war-related flight restrictions and skyrocketing gas prices. These have squeezed margins and called for increased efficiency while delivering higher service levels.

At the same time, pressure to improve cybersecurity has grown. Rising cyberattacks have focused airport executives on keeping pace with cybersecurity regulations and improving enterprise security standards to mitigate risk.  

How do you navigate all this change while maintaining continuity of service and improving cyber resiliency? Let’s look at security challenges faced by airports and how one top five global airport tackled them.

Visibility for Complex, Diverse and Dispersed Airport Subsystems

Your airport has dozens of subsystems with a huge number of endpoints, vendors and functions. All these systems present a vast attack surface exposed to millions of passengers, thousands of employees and hundreds of vendors.

At one of our customers, a top five global airport, a phase one project included these systems:

Air OS Baggage handlingBuilding management 
FireGate operatingIn-house logistics 
Lighting control Public address X-ray 

The first focus of the deployment was capturing network traffic to provide visibility into the subsystems. Close to twenty Guardian sensors were installed across three terminals. A variety of physical, virtual and container sensors, available for different node and network element volumes, were used to match the characteristics of the various subsystems.

IT/OT cooperation was facilitated by the fact that the sensors analyze network traffic passively, posing no operational risk.

Multiple Central Management Consoles (CMCs) were used to aggregate data according to the airport’s supervisory needs. The result was consolidated visibility into about 20 subsystems with 100,000 nodes. Benefits include a 90% reduction in time to visibility, automated asset inventory, accurate data flow diagrams and greatly improved situational awareness.

Nozomi Networks Solutions
The Nozomi Networks solution provides visibility and security to a broad range of airport subsystems and readily scales to meet large asset and system requirements.

Airport Cybersecurity That Scales and Integrates with IT Systems

An airport’s complex, diverse and dispersed systems are a huge attack surface for threat actors. Cyber threats continue to escalate, with the potential to impact more than just IT networks. Core airport systems could be compromised, and in the worst case, come to a standstill or taken offline to protect them.

A key requirement for securing an airport is detecting threats. The Nozomi Networks solution detects malware and IOCs by combining multiple types of OT/IoT/IT threat detection and by receiving continuously updated threat and asset intelligence. It helps you respond efficiently to IT/OT incidents with correlated alerts and actionable intelligence that leads to swift remediation.

Our solution rapidly and passively identifies vulnerabilities across a wide range of subsystems. Its dashboards and reports help you efficiently prioritize and address vulnerability risk.

For many organizations, including an airport customer, security management requires the integration of OT/IoT data into IT infrastructure. In this case, missing operational and contextual security information was integrated with the airport’s SIEM and SOC systems, including a data lake.

The outcome was security analysis that included comprehensive IT/OT/IoT data, resulting in better decision making. The airport was able to improve cyber resilience, meet security KPIs and keep systems up and running. It enabled the airport to do a better job of managing cyber risk while innovating and adding new technologies.

Keeping Pace with Airport Cybersecurity Challenges

It’s easy to cite results once a lot of hard work has been done, but it’s important to recognize the effort that goes into making significant change. For the airport profiled here, there were a lot of challenges to overcome. For example, some of their subsystems are managed by third parties, and a significant amount of communication and coordination was required to obtain access to the network traffic for monitoring and analysis.

Certain systems to be monitored used specialized proprietary protocols. Initial visibility was limited to data flows and identification of traffic paths until documentation and data were provided to enable deep protocol parsing.

Coordinating the many teams involved with the deployment and integrating with third-party systems all required focus to ensure continual progress. Strong executive leadership and outside project management facilitated advancement.

Despite the challenges, it is possible to make progress towards closing airport OT and IoT security gaps—and it’s necessary to mitigate cyber risk and keep passenger services running.

If you need to improve airport cybersecurity, comply with government regulations, or see assets from all vendors, we’d like to help. Simply contact us and let’s get started.