A large international airport is a microcosm of the entire aviation sector,
hosting hundreds of different types of aviation and non-aviation stakeholders:
aircraft, passengers, airlines, travel agencies, air traffic management and
control, retails shops, runway systems, building management, ground
transportation, and much more. Their associated information technology and cyber
physical systems—along with an exponentially resultant number of
interconnections—present a massive cybersecurity challenge. Unlike the physical
security challenge, which was treated in earnest throughout the last decades,
cyber-attacks on airports keep coming, but most airport lack essential means to
confront such cyber-attacks. These missing means are not technical tools, but
rather holistic regulatory directives, technical and process standards, guides,
and best practices for airports cybersecurity—even airport cybersecurity
concepts and basic definitions are missing in certain cases.
Unsettled Topics Concerning Airport Cybersecurity Standards and
Regulation offers a deeper analysis of these issues and their causes,
focusing on the unique characteristics of airports in general, specific
cybersecurity challenges, missing definitions, and conceptual infrastructure for
the standardization and regulation of airports cybersecurity. This last item
includes the gaps and challenges in the existing guides, best-practices,
standards, and regulation pertaining to airport cybersecurity. Finally,
practical solution-seeking processes are proposed, as well as some specific
potential frameworks and solutions.