There is now an opportunity for outsiders to take control of an airport and take over aircraft management, a report by PA Consulting has shown, and data attacks are the new terrorist threat to airports.
The report concludes that while airports have a good security culture in terms of physical infrastructure, they need to understand data attacks.
Four major international airports in Europe and the United States have been thoroughly tested on their ability to withstand a data attack which infects vital parts of the airport infrastructure. "The airports tested were unable to last more than an hour after a data attack," says Jan Tellefsen, transport expert at PA Consulting.
"We, as passengers, need to be online and we need to be able to be updated by the airlines of any changes. This opens airports up to many new threats from cyber attackers and terrorists,” he says.
Tellefsen highlighted the use of open Wi-Fi networks as a potential security risk. "We like to share a lot of information about ourselves and our travel experiences with the airports if it gives us a better service. That’s when we buy things, when we check in and when we board, but this means there is a link between our mobiles, the open wifi network and the airport’s networks,” he says.
According to Tellefsen, one of the nightmare scenarios is that hackers and potential terrorists take control of an airport. "The fact that unauthorized people know who is on board a plane and what is in the cargo is valuable information. We have seen examples of airports being closed down, and attackers who demand ransoms to recover the systems. This has major consequences for both the airports and passengers,“ he says.
Norway is the most advanced country in the world in terms of digitalization and automation in aviation, but that does not necessarily make us vulnerable. "We monitor the threats rigorously both internally and through national and international partners," says IT Director at Avinor, Brede Nielsen, "So far we have not experienced any serious events, and we have a detailed focus on this kind of threat," he says. And there has been no attempted attack.
"We have experienced a number of attacks on our systems where hackers try what is known as ‘knock on the door’, but we are in control of this and regularly hire professional data detectors to test our systems," he says.
The report highlights the weaknesses of automated systems, for example, cables can be cut or the control tower itself digitally captured by data hackers.
"When the airport is controlled remotely, the report points out that the potential for a physical attack on the infrastructure and a data attack increases," says Tellefsen. "Ultimately, it can enable outsiders to control an airport and take over air traffic management," he said.
Nielsen from Avinor nevertheless believes that remote control of the control towers does not make them more vulnerable. "We own and operate all our infrastructure, and these are in closed systems. And there they will stay," he says.
Overcome the silent threat