Skip to content

Share

  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page
PA IN THE MEDIA

How cyber-risks threaten the security of global airports

PA Consulting’s Justin Lowe, a digital trust and cybersecurity expert, comments on global airport cybersecurity concerns.

The article notes that there are a number of security risks impacting airports. Now, they are also facing an ever-tightening regulatory regime. The EU’s NIS Directive, which regulates providers of “essential services” (OES) in transportation, mandates strict GDPR-size penalties for noncompliance.

Justin says that airports designated as OES should be conducting security assessments and defining security improvement plans. “It is expected that more airports may well come under the regulation soon, so smaller airports should consider following a similar process.”

He adds that “smaller airports will also soon come in scope of regulation, as International Civil Aviation Organization (ICAO) and European Aviation Safety Agency (EASA) guidance focuses on a wider and more holistic approach to cyber as pertains to aviation security and safety. The EASA 2019-07 amendments are due to come into effect in Q4 2021 and will seek to more sufficiently address security incidents that could potentially affect aviation safety.”

Justin goes on to say that security leaders in the sector must also conduct risk assessments to identify and address critical assets and systems throughout the supply chain, carry out security reviews using recognized frameworks like NIST or ISO 27001, and build a security awareness program for all staff. Security monitoring and well-rehearsed incident response and crisis management plans are also a must. CISOs should pay particular attention to the growing OT risks. “With the increased use of OT, systems that are owned and operated by engineering and operational departments are increasingly facing cyber-risks. A security management system is required to ensure these systems, which are mission and safety critical, are appropriately protected from cyber-risks.”

Helping to protect and grow your organisation in a digital world

Find out more

Contact the digital trust and cyber security team

Adam Stringer

Adam Stringer

Cate Pye

Cate Pye

Elliot Rose

Elliot Rose

Justin Lowe

Justin Lowe

Tim Ogle

Tim Ogle

×

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.