There are over 41,000 airports globally, enabling millions of flights and travel for billions of passengers each year. What the public may not realize is that a large amount of these airports are owned and operated by federal, state, and local governments. Given the critical nature of airports in providing foundational elements of a nation’s economic well-being, protection against cyber-attacks is a priority for government entities across the planet.
But cybersecurity concerns continue to increase. Cybercriminals and nation-state actors view airports as a target to disrupt critical operations, create political discourse within a nation, and degrade the public’s trust in transportation entities. The Microsoft for Government team is dedicated to enabling governments to mitigate this problem by delivering a comprehensive, innovative approach to airport security.
Empower every government agency and person on the planet to achieve more.
As displayed below, in 2022 there were 38 recorded cyber-attacks against aviation targets across the globe, and this trend has continued into 2023. Airports, airlines, and ultimately passengers suffer due to these and other incidents.
Examples of cyber-attacks and their downstream impacts include:
Nation-state actors and other cyber criminalsincluding current or former airport employees with nefarious intentcontinue to target airports. That’s because airport environments contain a diverse and complex catalog of technology across operating environments. These systems are particularly vulnerable to bad actors, insider threats, and cyber-attacks. Examples include:
In addition to the complexity of securing a large variety and volume of systems, many airports struggle with key issues that impact cyber resiliency globally and across industries. The Microsoft Digital Defense Report 2022 revealed an exhaustive list of issues found among customers recovering from attacks. Of these, five categories are particularly relevant to airports:
While these vulnerabilities currently make airports prime targets, Microsoft seeks to mitigate these issues by partnering with agencies to take key actions to reduce cyber-attacks.
An effective cyber resiliency program for airport operators starts with adopting a Zero Trust security framework. This includes identifying the most critical on-premises and online services, business processes, dependencies, personnel, vendors, and suppliers. As these critical high-impact resources are identified, a risk-based prioritization method should be used that considers the risk level to the organization, cost and effort to implement, and remediation impact to end users.
High-risk, low-effort, and low-impact areas should be at the top of the remediation list. Parallel efforts should continuously detect and monitor threats, disruptions, potential attack vectors, and system and process vulnerabilities.
To start adopting a Zero Trust security framework, airport operators should:
Airport operators should limit user access by provisioning only required access to users, contractors, and applications. According to the Microsoft Digital Defense Report 2022, 93 percent of Microsoft investigations during ransomware recovery engagements revealed insufficient privileged access and lateral movement controls as the main reason for the successful execution of ransomware attacks.1
To ensure governance of Privileged Access Controls, airports should:
Even a strong security foundation can be compromised. Therefore, redundancy and recovery plans are necessary to minimize downtime, ensure operational continuity, and safely return to normal healthy operations.
Microsoft data shows that 44 percent of organizations that suffered ransomware attacks did not have immutable backups for the impacted systems.1 Additionally, administrators did not have backup and recovery plans for critical assets such as Active Directory.
To ensure operational continuity, airports should:
Adversaries are using AI-driven tools and leveraging ‘ransomware-as-a-service’ frameworks, which dramatically increase the speed and scale of an attack. The Microsoft Digital Defense Report 2022 shows that 60 percent of organizations that suffered a ransomware attack had not invested in event management (SIEM) technology which would monitor across silos, detect end-to-end threats, and improve security operations.1
A comprehensive threat detection strategy requires extended detection and response (XDR) and cloud-native tools. These leverage machine learning to separate noise from signals and enable organizations to scale defensive capabilities to match adversaries’ capabilities.
Airports are rife with mission-critical OT, which are disconnected, have specialized operating systems, and may be fragile. These systems are also prone to cybersecurity sensitivity and should be included in a comprehensive security protocol. Examples include runway lighting, autonomous vehicles, conveyances, building management systems, and more.
To improve threat detection and response, airports should:
Legacy systems developed before modern connectivity tools became the norm represent a risk if not modernized for new security requirements. Over 80 percent of security incidents can be traced to a few missing elements that can be addressed through modern security approaches.1
Given the native security capabilities of hyper-scale, AI-based cloud security solutions, every airport operator should implement a strategy that modernizes their legacy systems.
To modernize and protect against threats, airport operators should:
The scale, complexity, and sophistication of cyber-attacks against airports worldwide necessitate a strong cyber resilience program. Microsoft is here to help. The Microsoft Cloud Security Platform provides government agencies, including airports, with a highly scalable, AI-powered, end-to-end cloud security platform that strengthens security posture and protects workloads.
To take steps today to improve cyber resiliency and discuss how Microsoft can help, we invite you to:
1Microsoft Digital Defense Report 2022.
Statistics not otherwise cited in this blog were sourced from the Microsoft Digital Defense Report 2022.
The post Deliver an innovative cybersecurity approach for airports with Microsoft appeared first on Microsoft Industry Blogs.
Source: Microsoft Industry Blog