Cyber security is the protection of personal or sensitive information, or any form of digital asset stored in a computer or in a digital memory device; it is also the protection of physical IT assets from random attacks targeted to destroy or disable computing power, explains Dominic Nessi, deputy executive director and chief information officer for Los Angeles World Airports (LAWA).
"The make-up of an airport’s system and the network total make airports a target," explains Nessi. "Because of the types of systems that we have in an airport, we’re going to have a lot of exposure just by virtue of the system itself. We can mitigate our vulnerabilities through good cyber security measures.
"It is difficult, however, to ascertain the threat level."
Threats; exposure
Airports must protect themselves against simple malicious codes called malware and spyware, and serious viruses that can wipe out a system; hackers that target a specific device or organization for either malicious enjoyment or financial gain; denial-of-service (DoS) attacks that cripple an organization’s ability to operate, says Nessi.
"We turn back hundreds of thousands of malware attempts every day," he adds. "We get a lot of attempts to see if our network can be exposed; we get a lot of email that contains malware."
Cyber security threats today include attacks via USB; large-scale, targeted botnet attacks; attacks via social networks; click jacking and cross-site scripting Web attacks; phishing from “trusted” third parties; and data exfiltration and insider threats to name a few.
"Aviation continues to be the target of terrorists, whether it be aircraft, airports, or airlines," remarks Nessi.
With regard to mobile technology, Nessi comments, "Almost any IT security magazine today is talking about the enormous number of security holes that mobile devices are exposing.
"Organizations, including airports, are rapidly trying to balance the desire for users to have mobile applications and mobile hardware with the new security risks that they bring.
"The bottom line is that the hardware and new application evolves faster than the preventative measures that an organization needs to take can be developed.
eEnabled aircraft will present an entirely new challenge, adds Nessi. "Aircraft are becoming increasingly advanced technologically … they are constantly fed data from multiple sources wirelessly.
"If someone had the right technology, it’s conceivable that the data could be intercepted and changed. This is not something that is easily done … you would have to have knowledge of protocol for that particular transmission; but that’s not to say it couldn’t happen."
One thing to keep in mind, says Nessi, is that not all the threats are external. "You could have an internal threat as a disgruntled or former employee," he explains. "Most organizations focus on the external threat; in my opinion, you can find just as many cases of the internal threat out there as you do the external.
Technology; training
"There has to be a strong cyber security philosophy at the airport," says Nessi. "That includes a solid and experienced cyber security staff; a mindset that the network can’t be as open and as flexible as every user would want; an internal program of training so that all employees are cognizant of potential threats; and you have to have programs internally that are strong.
"It’s a combination of both technology and training.
While it costs to be secure, and each airport will invest based on the size and scope of its operation, the cost of mitigating the effects of a successful attack would be much more than any investment made up-front to be proactive in any organization’s network security, relates Nessi.
"It is very difficult to develop an objective return-on-investment on IT security improvements, yet we know what the cost will be if operations are stopped or inhibited."
Nessi says airports should also be subscribing to services such as MS-ISAC (Multi-State Information Sharing and Analysis Center ) to help monitor networks.
According to its website, the MS-ISAC is the focal point for cyber threat prevention, protection, response, and recovery for the nation's state, local, territorial and tribal (SLTT) governments. The MS-ISAC 24/7 cyber security operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.
Comments Nessi, "The other thing airports have to do is work together as a community to share issues and concerns, and to keep others informed of potential threats. We also need to work closely with our Federal partners at DHS (Department of Homeland Security).
