The Guidebook on Best Practices for Airport Security, produced under the auspices of the National Academies and the FAA, contains an interesting high level summary of key threat actions against airports. The list includes:
- A sophisticated advanced persistent threat from a sophisticated group of hackers acting on behalf of a nation state used a reputable industry source to send phishing emails to airports. Seventy-five airports were affected and two had systems that were compromised as a result (Center for Internet Security 2013).
- The Airport Operations Division of the Metropolitan Washington Airport Authority unintentionally published a request for procurement (RFP) on its website containing sensitive security information (SSI) detailing the outsourced electronic security system at the Ronald Reagan Washington National Airport (DCA). This RFP was not vetted through the IT department.
- Miami International Airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattacks (Palmer 2013).
- Los Angeles World Airports (LAX, ONT, VNY, and PMD) blocked almost 60,000 cases of Internet misuse and 2.9 million hacking attempts in one year. LAX also experienced a number of cyber incidents related to malware that targeted a network baggage system (Cheong 2011).
- U.S. airport computer and communications systems were among the targets announced by the Tunisian Hackers Team in April 2014 (Kimery 2014).
- Researchers have demonstrated that some passenger screening devices used by the Transportation Security Administration (TSA) can be tampered with so that they do not provide the proper alerts if an attacker gains physical access to data ports on the devices (Rios 2014). Although not directly the responsibility of the airport, compromised TSA equipment could impair airport operations and expose additional vulnerabilities.
- A truck driver jamming his vehicle’s global positioning system (GPS) receiver inadvertently interfered with an airport GPS augmentation system used to support aircraft approach procedures at Newark International Airport (EWR).
- Istanbul’s Atatürk International Airport (IST) had password control systems shut down by what is believed to have been a malware attack resulting in departure delays and extended waiting time for passengers (Paganini 2013).
- An undisclosed major, non-U.S., international airport uncovered a variant of the Citadel Trojan malware that targeted virtual private network (VPN) credentials used by employees (Klein 2012, Kumar 2012).
- The Dubai International Airport (DXB) had 50 email addresses and associated passwords stolen by a team of hackers from the Portugal Cyber Army and the HighTech Brazil HackTeam (Selvan 2013).
- The website of Catania–Fontanarossa Airport (CTA) in Italy was hacked and shut down for a few hours. A 22-year-old suspect was believed to have illegally accessed and damaged data (Kumar 2011).
- The Airports Authority of India’s enterprise resource planning system was successfully hacked resulting in the system becoming inoperative, but more importantly resulting in the loss of personal data on employees (Vijay 2014, The Asian Age 2014).
This is a very significant list. Another to add would be the 21 June 2015 attack against Warsaw Poland’s Chopin airport, which resulted in 1,400 passengers being grounded. Overall this list is a very good articulation of why this threat is serious.