Skip to main content

Cybersecurity check-in: How airports are innovating against cyberattacks, security breaches and failing tech systems

(Image credit: Image Credit: Joergelman / Pixabay)

Customer experience is paramount in an industry as competitive and prone to issues as air travel.  To deliver a great experience, airports are innovating, from mobile apps to mood lighting and entertainment systems.  An area that’s less visible to passengers is the activity monitoring and data collection airports conduct across a wide range of applications.  This information is used to improve operations that impact every stage of the traveller experience.  Even before passengers arrive at the airport, there are many ways applications are helping to make the experience more efficient, and as a result, more data than ever is being used to protect passenger privacy and keep departures on time.  But, as well as the opportunities this creates, it’s also important to be aware of the cybersecurity risks.

Ticketing, frequent flyer miles, and personal data: access points for identity theft and fraud

Looking at the recent experiences of some of the best-known airlines offers some valuable lessons.  In 2018, British Airways announced that its systems had been hacked and the credit card information of roughly 380,000 passengers had been stolen.  According to GDPR guidelines, the maximum penalty for a company hit with a data breach is a fine of either £17 million or four per cent of global turnover, whichever is greater.  In this case, authorities intend to order British Airways to pay a fine of nearly $230 million for the breach.

Two months later, Cathay Pacific reported that the personal information of some 9.4 million passengers had been compromised — a collection of sensitive data that included passport and other identification numbers.

Attacks like these have ripple effects beyond fines and public scrutiny: they impact customer confidence and brand reputation.  That’s why data encryption and tokenisation technologies to protect critical customer information —such as credits cards, identification numbers and bank accounts — are now so important to keeping every aspect of the travel process more secure.

Beyond credit card data, a growing black market for frequent flyer data is flourishing.  Visitors to the ‘dark web’ can find hundreds of thousands of airline miles available at a fraction of the cost they would pay to airlines or credit card companies.  Those ill-gotten miles can then be used to redeem gift cards or other points-based rewards – a simple form of illicit arbitrage.  These miles can also be resold and put toward first-class upgrades and other bonus offers, according to Comparitech’s study into the black market for frequent flyer miles conducted last year.

That resale market has created a demand for bad actors to crack frequent flyer accounts. It’s also created a need for analytics to eliminate an unrelenting risk.  For any application of this nature, software can be implemented that can spot behaviour-based anomalies — such as repeated password reset requests on the same account or login attempts from an odd location — to identify possibly illicit account access.  Customers can then be alerted before the problem develops further.

That process starts with collecting data and tracking every incident, whether benign or threatening, and defining what constitutes normal account use.  By leveraging machine learning and analytics, it’s possible to create a baseline of standard behaviour for the individual.  This makes it easier to spot behaviours that fall outside that norm.  Appropriate action can then be taken to stop the activity and build processes to address them.

Baggage and luggage: Turning to analytics

Several airlines have discovered baggage handlers that have checked an extra bag filled with rare and high-tariff goods into the system for an accomplice to collect at the destination.  In such cases, neither the passenger, airport nor the airline are aware of the illegal use of identity and systems.

Now that all appears to be on the brink of change: as of June 2018, the International Air Transport Association issued Resolution 753 requires that airlines track baggage at four key points: passenger handover to airline, loading to the aircraft, delivery to the transfer area and return to passenger.

Airports and airlines are turning to data collection and analytics to solve this problem.  Beyond tracking the location of a piece of luggage at a given time, analytics can spot unusual patterns, such as bags unexpectedly entering the system on loading or baggage handlers that stand out for baggage that is persistently misrouted — a sign that they may be using passenger bags to route illicit goods to an accomplice.

In the end, that means nothing gets on the plane that shouldn’t, which plays a significant role in keeping planes and passengers secure.

Runways and perimeter breaches: Securing access to the plane

Between 2004 and 2015, there were 268 perimeter breaches at airports that handle three-quarters of U.S. commercial passenger traffic.

For example, there was the mentally ill man in L.A. who hopped the fence eight times in less than a year and twice reached stairs that led to jets.  There was the man who threw his bike over a fence in Chicago, riding the bike across a runway and knocking on a terminal door.  Then there was the man who drove an SUV through a security gate in Philadelphia and played chicken with a plane trying to land.  In the UK, consumer drones entering the airspace of London Heathrow forced the entire airport to shut down.

Much of the protection required to prevent those breaches is physical, with additional barricades and security personnel on the ground.  But there’s also the need to protect what’s on board because, in the modern airline industry, threats don’t always take a physical form.

Every month, there are 1,000 cyberattacks across the air transport industry.  At the same time, just 35 per cent of airlines and 30 per cent of airports believe they are prepared to deal with cyber-threats today.

But, the same technology that is creating these new vulnerabilities is also being used to stay ahead of them.  Machine learning, big data and analytics are all being used to gather data and set a baseline of normal behaviour, which makes threats and anomalous behaviour easier and faster to identify.  Systems that can detect and escalate unusual patterns and help pinpoint event timelines provide deep insight on security events that may be the source of the anomalies.  Gaining access to that insight before something happens is critical because it allows officials to stop problems before they start. 

If something does come to pass, advanced tracking and analysis also facilitates a faster investigation — and ultimately find a faster way to resolution.  The right tools can transform a process that typically takes weeks of searching through multiple months-worth of raw incident logs into one that takes only seconds — and presents a timeline for each security incident.  And the faster you can find your way to the root cause of a problem, the quicker you can implement policies and procedures to prevent the same thing from happening again. 

Planes, ageing fleets and controls: Securing the plane

Analytical insights are used every day to secure the plane from emerging and potential threats.  In the past several years, a few examples of cybersecurity attacks on planes have surfaced.

In 2015, a cybersecurity consultant told the FBI he was able to successfully hack into an airplane’s computer system and force it to climb.  Then, a year later, a Department of Homeland Security official remotely hacked the systems of an airplane parked at an airport in Atlantic City, N.J.

With a significant portion of every airline’s fleet made up of older airplanes, how do aircraft mechanics and maintenance teams track when those older systems are about to break or need to be tuned?  At the same time, airplanes are coming onto the market with new bells and whistles, greater energy efficiency and their own unique vulnerabilities.

So how do we ensure both old and new airplanes are safe and secure?  And how do we prevent cybersecurity attacks?

The answer, once again, lies in software. 

Newer planes can harness the power of data to spot red flags and identify possible security breaches as they’re happening.  As standard procedure for newer planes, all flight data from a single flight is automatically downloaded when the aircraft is parked.  This data will be used to gauge what’s happening in flight and pinpoint any anomalies in the plane’s functions.  Airlines then run applications that log the files and use machine learning to analyse them for irregularities onboard and during the flight.  Data collection and analysis ensure that problems don’t repeat themselves over time.

Flying remains one of the most convenient and safest ways to travel.  As the travel industry continues to provide better and more personalised experiences, analytics software will continue to drive innovation through the entire journey for passengers.

Orion Cassetto, director product marketing, Exabeam

Orion, director of product marketing at Exabeam, is a seasoned product marketing leader with nearly a decade of experience marketing cybersecurity solutions to enterprise buyers. Throughout his career, he has repeatedly built and led successful product marketing teams that support high growth businesses and trained world-class sales teams.