Business Case: Local Airport Parameters 15,000 Passengers

Business Caselocal Airportthe Parameters15000 Passengers A Day530 F

Business Case: Local airport The parameters. 15,000 passengers a day, 530 flights daily, 350 full-time employees. There are three databases in the airport’s data center:

1. Passenger database to record and authenticate each passenger in the airport.
2. Employee database to record and authenticate each employee in the airport.
3. Flight database to record each flight in the airport.

Every day, the following processes must be done:

1. For each passenger: a boarding pass will be calculated, prepared, and stored. The final version of the boarding pass will be printed at the airport printers.
2. For each aircraft: flight logs along with passenger checklists will be prepared and stored.
3. One-week old passenger and flight data will be stored in long-term storage (archive).

Paper For Above instruction

This paper addresses the cybersecurity considerations for a local airport managing substantial passenger and flight data daily. It covers identification of cyber assets based on the NIST framework, outlines steps for implementing the NIST Risk Management Framework (RMF), discusses common cybersecurity threats in aviation, and explores risk treatment strategies to mitigate identified threats.

Identification of Cyber Assets Based on NIST Definition

The NIST Cybersecurity Framework emphasizes the importance of identifying critical assets and their associated vulnerabilities as the foundation of an effective cybersecurity strategy. For the airport’s case, the key cyber assets include the databases, hardware systems, communication networks, and software applications involved in daily operational processes.

First, the passenger database constitutes a vital cyber asset, storing sensitive personal information, authentication credentials, and travel records. Protecting this database is critical, given the confidentiality and integrity requirements.

Second, the employee database contains sensitive employee data necessary for operations and personnel management. It is essential for authentication purposes during work shifts and security clearance processes.

The third significant asset comprises the flight database, which includes detailed flight schedules, aircraft information, and passenger manifests. Its integrity and availability are essential for safety and operational efficiency.

Other associated assets include the airport’s computing hardware (servers, workstations), networking infrastructure (routers, switches, wireless access points), communication systems (internal and external communication channels), and peripherals like printers used for boarding passes and logs. The physical security of these infrastructure elements also constitutes an asset, especially considering their vulnerability to physical tampering or sabotage.

Steps to Fulfill NIST Risk Management Framework

Implementing the NIST RMF involves a series of systematic steps designed to manage cybersecurity risks effectively:

1. Categorize: Classify the information systems based on impact levels (low, moderate, high) concerning confidentiality, integrity, and availability. For the airport, this would involve assessing the passenger, employee, and flight databases and associated systems.
2. Select: Choose appropriate security controls aligned with the system categorization, referencing NIST SP 800-53. Controls will address areas such as access control, audit logging, and incident response.
3. Implement: Deploy the selected security controls within the airport’s operational environment, ensuring integration with existing systems and infrastructure.
4. Assess: Conduct assessments to verify the effectiveness of security controls, identifying vulnerabilities or gaps that need remediation.
5. Authorize: Obtain formal authorization from management to operate the information systems based on risk assessments that demonstrate acceptable residual risk levels.
6. Monitor: Continuously monitor the security posture of the systems, perform regular assessments, and implement updates or improvements as needed to respond to emerging threats.

Common Cybersecurity Threats in Aviation and Risk Assessment

The aviation sector faces a complex array of cybersecurity threats, which can originate from adversaries, structural vulnerabilities, or environmental factors. These threats can disrupt operations, compromise safety, or lead to data breaches. A risk assessment must analyze threats from these sources:

Adversarial Threats

Cyber adversaries, including hackers and cybercriminal groups, may attempt to infiltrate the airport's systems to steal sensitive passenger and employee data, disrupt flight operations, or cause chaos. Methods include malware, phishing attacks, and denial-of-service (DoS) attacks targeting critical databases and communication networks (Khadka & Muthukkumarasamy, 2020).

Structural Threats

These relate to vulnerabilities within the airport's physical and cyber infrastructure. Examples include outdated hardware, insecure network configurations, and insufficient access controls, which can be exploited to gain unauthorized access or cause system failures (European Aviation Safety Agency [EASA], 2021).

Environmental Threats

External environmental factors such as natural disasters, severe weather, or power outages can impact cybersecurity indirectly by disabling defenses or causing system outages. For example, a hurricane could disable physical security measures, increasing vulnerability to cyber attacks (ICAO, 2020).

Risk Assessment Report

The risk assessment identifies multiple vulnerabilities within the airport’s operational systems. For example, the passenger database is susceptible to cyber-attacks exploiting weak authentication protocols, leading to data breaches. The flight database, if not properly secured, can be targeted through SQL injection attacks, potentially falsifying or deleting flight information.

The adversarial threat of malware infection through phishing emails poses significant risk to employee systems, potentially granting attackers access to sensitive data. Structural vulnerabilities such as outdated hardware and poor network segmentation also elevate the attack surface, making lateral movement easier for malicious actors.

Environmental threats, for instance, power outages, can disable critical cybersecurity defenses if backup systems are not properly maintained, leaving systems exposed during outages. Thus, risk mitigation requires a layered approach, combining technical controls, physical security, and operational procedures.

Risk Treatment Alternatives

Adversarial Threats

• Implement rigorous access controls using multi-factor authentication (MFA).
• Deploy intrusion detection and prevention systems (IDPS) to monitor network traffic.
• Regularly update and patch all systems to mitigate vulnerabilities.
• Conduct employee cybersecurity awareness training to prevent phishing attacks.

Structural Threats

• Upgrade legacy hardware and software to current security standards.
• Segment the network to isolate critical systems from less secure areas.
• Perform regular vulnerability assessments and penetration testing.

Environmental Threats

• Establish uninterruptible power supplies (UPS) and backup generators for critical systems.
• Develop disaster recovery plans to ensure continuity during environmental disruptions.
• Regularly test backup and recovery procedures to ensure rapid restoration of services.

In conclusion, safeguarding a busy airport’s digital infrastructure requires a comprehensive understanding of cyber assets, adherence to systematic risk management frameworks like NIST RMF, awareness of common threats, and implementation of effective risk treatment strategies. Success depends on proactive planning, regular assessments, and continuous improvement of security measures, promoting both operational efficiency and passenger safety.

References

• Khadka, R., & Muthukkumarasamy, V. (2020). Cybersecurity threats in aviation and mitigation strategies. Journal of Aviation Information Management, 36(2), 45-60.
• European Aviation Safety Agency (EASA). (2021). Cybersecurity in aviation: Challenges and responses. EASA Publications.
• International Civil Aviation Organization (ICAO). (2020). Cybersecurity manual for civil aviation. ICAO Press.
• NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity. NIST Cybersecurity Framework Version 1.1.
• Martin, R., & Wallace, D. (2019). Protecting aviation infrastructure from cyber threats. Aviation Security Journal, 12(4), 22-29.
• Smith, J., & Lee, K. (2022). Risk management practices in airport cybersecurity. Journal of Airport Management, 16(1), 15-28.
• Federal Aviation Administration (FAA). (2021). Cybersecurity best practices for airports. FAA Security Bulletin.
• Gordon, S., & Wong, T. (2020). Threat analysis for airport information systems. International Journal of Cybersecurity, 8(3), 65-72.
• O'Hara, K., & Robbins, S. (2019). Environmental risks and cybersecurity resilience. Environmental Security Review, 13(2), 40-55.
• International Air Transport Association (IATA). (2022). Cyber resilience in the aviation industry. IATA Report.