10 Maggio 2023

Deliver an innovative cybersecurity approach for airports with Microsoft

Green digital rendering of an airplane in flight.

There are over 41,000 airports globally, enabling millions of flights and travel for billions of passengers each year. What the public may not realize is that a large amount of these airports are owned and operated by federal, state, and local governments. Given the critical nature of airports in providing foundational elements of a nation’s economic well-being, protection against cyber-attacks is a priority for government entities across the planet.

But cybersecurity concerns continue to increase. Cybercriminals and nation-state actors view airports as a target to disrupt critical operations, create political discourse within a nation, and degrade the public’s trust in transportation entities. The Microsoft for Government team is dedicated to enabling governments to mitigate this problem by delivering a comprehensive, innovative approach to airport security.

Government employee uses tablet in system control center.

Microsoft for Government

Empower every government agency and person on the planet to achieve more.

Impact of cyber-attacks on airport operators

As displayed below, in 2022 there were 38 recorded cyber-attacks against aviation targets across the globe, and this trend has continued into 2023. Airports, airlines, and ultimately passengers suffer due to these and other incidents.

Tabular visual of cyberattacks on the aviation industry in 2022 by month with the date and country location
Figure 1: Major global cyber-attacks on the Aviation Industry in 2022.

Examples of cyber-attacks and their downstream impacts include:

  • Reservation system disruptions:Attacks cause ticketing service disruptions, making it difficult for airline passengers to make, change, delete, or confirm bookings.
  • Passenger service system hack: When hacked, hundreds of thousands of passengers’ personal data could be exploited for fraudulent activities, leading to a loss of trust in the airport authority.
  • Baggage handling system disruption: These attacks impact the collection and retrieval of luggage, and can ultimately lead to flight delays, cancellations, and passenger dissatisfaction.

How are airports prime targets for cyber-attacks?

Nation-state actors and other cyber criminalsincluding current or former airport employees with nefarious intentcontinue to target airports. That’s because airport environments contain a diverse and complex catalog of technology across operating environments. These systems are particularly vulnerable to bad actors, insider threats, and cyber-attacks. Examples include:

  • Employee IT productivity systems (email, file sharing, video conferencing, and more).
  • Identity and badging systems.
  • Employee endpoints such as access control systems, radios, and gate systems.
  • Software monitoring systems.
  • Wireless access points.
  • Security access checkpoint systems.
  • Point of sale systems.
  • Flight information systems and resource management systemsAirport Operational Database (AODB) and Airport Collaborative Decision Making (A-CDM) systems.
  • Airport runway and parking lighting systems.
  • Building management systems and physical asset systems.
  • Airport paging systems.
  • Flight traffic management systems, such asRemediate AD Access Rights (RADAR), Automatic Dependent Surveillance-Broadcast (ADS-B), and global navigation satellite systems.

In addition to the complexity of securing a large variety and volume of systems, many airports struggle with key issues that impact cyber resiliency globally and across industries. The Microsoft Digital Defense Report 2022 revealed an exhaustive list of issues found among customers recovering from attacks. Of these, five categories are particularly relevant to airports: 

  1. No Zero Trust of security framework adoption.
  2. Lack of Privilege Access Management controls.
  3. Lack of patch and vulnerability management.
  4. Gaps in security monitoring coverage and integration.
  5. Unmanaged operational technology (OT) and legacy systems.

This chart displays a subset of data from the 2022 Microsoft Digital Defense Report, showing the percentage of impacted customers missing basic security controls which are critical to increasing organizational cyber resilience. These five issues are most relevant to airports.

Five key actions to reduce cyber-attacks on airport operations

While these vulnerabilities currently make airports prime targets, Microsoft seeks to mitigate these issues by partnering with agencies to take key actions to reduce cyber-attacks.

1. Adopt a Zero Trust security framework

An effective cyber resiliency program for airport operators starts with adopting a Zero Trust security framework. This includes identifying the most critical on-premises and online services, business processes, dependencies, personnel, vendors, and suppliers. As these critical high-impact resources are identified, a risk-based prioritization method should be used that considers the risk level to the organization, cost and effort to implement, and remediation impact to end users.

High-risk, low-effort, and low-impact areas should be at the top of the remediation list. Parallel efforts should continuously detect and monitor threats, disruptions, potential attack vectors, and system and process vulnerabilities. 

To start adopting a Zero Trust security framework, airport operators should: 

  • Build and manage technology systems that minimize blast radius and segment access, and enable them to continue to operate securely even if a breach occurs. 
  • Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses. 
  • Authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies. 
  • Architect for adaptability, for example, hybrid, multi-cloud, and multi-platform. 

2. Implement Privileged Access Management Control

Airport operators should limit user access by provisioning only required access to users, contractors, and applications. According to the Microsoft Digital Defense Report 2022, 93 percent of Microsoft investigations during ransomware recovery engagements revealed insufficient privileged access and lateral movement controls as the main reason for the successful execution of ransomware attacks.1 

To ensure governance of Privileged Access Controls, airports should: 

3. Improve patch and vulnerability management to ensure automated recovery and redundancy

Even a strong security foundation can be compromised. Therefore, redundancy and recovery plans are necessary to minimize downtime, ensure operational continuity, and safely return to normal healthy operations.

Microsoft data shows that 44 percent of organizations that suffered ransomware attacks did not have immutable backups for the impacted systems.1 Additionally, administrators did not have backup and recovery plans for critical assets such as Active Directory.

To ensure operational continuity, airports should:

  • Document and validate end-to-end recovery and remediation activities related to ransomware attacks against critical services.
  • Involve stakeholders in updating Enterprise Crisis Management Playbooks to include ransomware-specific activities. Create a decision process to determine if and when to pay for ransomware.
  • Ensure a standard exists for the creation and validation of backups for critical systems.
  • Schedule regular backup and recovery exercises to ensure data can be recovered in the event of a ransomware attack.
  • Reduce the impact of attacks and disasters through fault isolation and segmentation, not only for critical workloads and foundational systems but also by diversifying on-premises data centers across geo-distributed cloud regions.

4. Eliminate gaps in security monitoring coverage and integration

Adversaries are using AI-driven tools and leveraging ‘ransomware-as-a-service’ frameworks, which dramatically increase the speed and scale of an attack. The Microsoft Digital Defense Report 2022 shows that 60 percent of organizations that suffered a ransomware attack had not invested in event management (SIEM) technology which would monitor across silos, detect end-to-end threats, and improve security operations.1

A comprehensive threat detection strategy requires extended detection and response (XDR) and cloud-native tools. These leverage machine learning to separate noise from signals and enable organizations to scale defensive capabilities to match adversaries’ capabilities. 

Airports are rife with mission-critical OT, which are disconnected, have specialized operating systems, and may be fragile. These systems are also prone to cybersecurity sensitivity and should be included in a comprehensive security protocol. Examples include runway lighting, autonomous vehicles, conveyances, building management systems, and more.

To improve threat detection and response, airports should:

  • Design and deploy real-time cloud-native, hyper-scale monitoring, and response capabilities that enable proactive detection of threats and vulnerabilities.
  • Implement threat protection solutions that can guard against known attacks and provide preventive activity and automatic remediation against new and anticipated attack vectors.
  • Implement extended detection and response anti-malware software to detect and automatically block attacks and provide insights into security operations.
  • Implement a passive listening discovery system such as Azure Defender for IoT

5. Modernize legacy systems

Legacy systems developed before modern connectivity tools became the norm represent a risk if not modernized for new security requirements. Over 80 percent of security incidents can be traced to a few missing elements that can be addressed through modern security approaches.1

Given the native security capabilities of hyper-scale, AI-based cloud security solutions, every airport operator should implement a strategy that modernizes their legacy systems.  

To modernize and protect against threats, airport operators should:  

  • Identify critical business data and where it’s located. Review information lifecycle processes and enforce data protection while ensuring business continuity. 
  • Incorporate XDR tools such as Microsoft Defender that can provide deep security insights across the digital landscape. 
  • Adopt Multi-Factor Authorization (MFA) user access control. Coupled with conditional access, MFA can be invaluable in fighting cyber threats. 
  • Follow security configuration baselines and best practices when deploying and maintaining identity systems such as Active Directory (AD) and Azure AD infrastructure.  

Partnering with governments to deliver safer, more reliable air travel

The scale, complexity, and sophistication of cyber-attacks against airports worldwide necessitate a strong cyber resilience program. Microsoft is here to help. The Microsoft Cloud Security Platform provides government agencies, including airports, with a highly scalable, AI-powered, end-to-end cloud security platform that strengthens security posture and protects workloads.

To take steps today to improve cyber resiliency and discuss how Microsoft can help, we invite you to:


1Microsoft Digital Defense Report 2022.

Statistics not otherwise cited in this blog were sourced from the Microsoft Digital Defense Report 2022.

The post Deliver an innovative cybersecurity approach for airports with Microsoft appeared first on Microsoft Industry Blogs.


Source: Microsoft Industry Blog