This was written by Dr. Jon Haass Embry-Riddle Aeronautical University
Most industries understand that cyber threats can impact business, their reputation, the confidence of their customers. The airlines and transportation industry we are reminded can cost lives when a threat occurs. Although we still don’t know the details, pieces are becoming public regarding tracking mechanisms that are part of the engines on the airplane that is missing.
For a number of days there was a lot of interest around two passengers with fake passports, then we learned that some travelers did not fly and their baggage removed. Both of these discoveries point to the information systems used within airports to monitor passengers and the materials brought on board with them.
As time passes and little new information is forth coming, questions arise concerning the true ability of governments, industry to cooperate and share critical data. Information is gathered and used in silos. Ticketing systems are not readily connected to information regarding identification. Passenger lists raise privacy concerns if released for efforts to determine criminal or fraudulent activities.
Remarkably our communication and surveillance systems as sophisticated as they are do not allow the tracking of a plane once it leaves the primary aviation radar systems. Will this change as the industry embraces Automatic dependent surveillance-broadcast (ADS-B)? Does this suggest that the system must be protected from pilot, crew and perhaps even maintenance crew modification?
Airports like any other organization today rely on computers, networks, and associated data as part of its real time operations. The tools available to cyber threats do not care about the industry and yet the aviation business has been focused so heavily on physical security that it is time to re-evaluate the cyber stance.
What is your airport doing about cyber security? Is there a plan in place? Who is in charge, the IT department is often too overwhelmed by help desk activity to be able to respond to the different needs of detection and mitigation of threats.
