Report: Only Three Out of Top 100 Airports Pass Cybersecurity Checks

• Ninety-seven percent of airport sites were being operated outdated web software, with 24% of them containing known and exploitable vulnerabilities.
• Two-thirds of airports were exposed to the Dark Web.

In one of the recent hacks in the aviation sector, hackers obtained access to the personal information of around 10 million flyers, including credit card information, passport information, and other personal details. Since then, there have been multiple attacks at airport systems and several reports have highlighted privacy and security concerns of individuals.

Now, a new report has been released by a Switzerland-based firm stating that only three out of the top 100 world airports passed their cybersecurity checks.

Key observations from the research

The firm covered all of the 2019 Top 100 Airports (as per Skytrax World Airport survey). According to the report:

• The three airports that passed the test include Amsterdam Airport Schiphol, Helsinki-Vantaa Airport, and Dublin Airport.
• airports with cyber-vulnerabilities were distributed as: four in Africa (the fourth is the Mauritius Airport); 35 in Asia; 33 in Europe; 19 in North America; six in Oceania; and three in South America.
• Ninety-seven percent of airport sites were being operated out of outdated web software with 24% of them containing known and exploitable vulnerabilities.
• Eighty-seven percent of airports had data leaks on public cloud repositories.
• There was an average of 15 security or privacy issues detected per mobile app.
• Two-thirds of airports were exposed to the Dark Web, with a mix of critical and high risk, implying serious breach.

WEF’s report on cyber resiliency in aviation

In the previous month, WEF also released a report on the aviation industry. Its “Advancing Cyber Resilience in Aviation: An Industry Analysis” report talks about awareness and key systemic challenges to cyber resilience in the aviation industry.

• As per WEF, cyber resilience involved more than the security of assets. It also demanded a focus on protecting critical functions.
• The report noted that cybersecurity challenges including privacy issues remained largely underrated and overlooked in the aviation sector.

Cyber risk factors in aviation

In its report, the WEF throws light on seven types of risks the aviation sector faces along with a rating out of 10:

• Information technology control weakness - 9
• Human factor - 9
• Operations technology control weakness - 8
• Ineffective governance and prioritization of risks and controls - 7
• Operational and process failure - 7
• Adoption of emerging technologies such as IIoT - 7
• Limitation in communications with boars and stakeholders, or within the industry - 6

The bottom line

Experts believe, there’s still a long way to go from reflection to action. The first affirmative step would be to promote and enhance common industry definitions established by International Civil Aviation Organization (ICAO). In the next, cybersecurity, privacy, and digital trust will be decided on the basis of how well an organization shape itself to cybersecurity requirements as time goes by.