Mikel Santos, cyber security expert at PA Consulting, discusses airport cyber security in Mexico.
Mikel says that the federal government needs a master plan for cyber security to ensure the proper functioning of the new Metropolitan Airport System (SAM in Spanish), which will be integrated by the Mexico City International Airport (AICM), the Toluca International Airport (AIT) and the Santa Lucía International Airport (AISL).
He adds: “We recommend a holistic approach to security, one that encompasses a strong strategy together with a master plan to ensure cyber security in the current approach for the operation.” The plan to repurpose the military airbase as a commercial airport is one of the key challenges and it’s crucial to implement a strategy that emphasizes physical and cyber security to ensure proper operation and coordination of the SAM.
As digitalization continues to expand in airport operations, it’s becoming increasingly important for airports to strengthen their defenses against potential cyber-attacks, which can range from personal data hacking to other more critical situations such as security issues concerning aircraft security.
Mikel outlined eight key steps to adequately manage airport cyber security. One of the main aspects is to ensure a holistic view at a corporate level regarding cyber security risk management. “We’re talking from a business perspective about different kinds of risks that can have many ramifications in the way they could affect operations.” Airports didn’t depend as much on digitalization as today’s connected world demands. This could explain why cyber security has remained mostly undeveloped in this sector, which becomes even clearer when comparing it to similar progress within other infrastructures.
Another aspect that is just as important is that airport security should be part of the design itself right from the start. “Airports should be secure by design; security should not be a matter of last-minute solutions, which are more expensive and leave security gaps in the long run.”
Strong leadership and governance are also an integral part of security. There must be a common understanding that all security measures have their own life cycles, which means that they must be continuously realigned with the changing context.
Finally, any cyber security system should have capabilities to monitor, anticipate, prevent, and respond before potential security threats. It should also guarantee that all agents are properly trained and sensitive to any kind of cyber security threat to avoid risks.
Mikel continues: “Cyber security has to be an ongoing issue on the agenda, an ever-present topic in people’s minds and within all organizations. We must strive to create a strong cyber security culture.”
A global movement towards increased data privacy is changing the way companies do business. Are you ready for the new era of data privacy?