SAE EPR2021020

A large international airport is a microcosm of the entire aviation sector, hosting hundreds of different types of aviation and non-aviation stakeholders: aircraft, passengers, airlines, travel agencies, air traffic management and control, retails shops, runway systems, building management, ground transportation, and much more. Their associated information technology and cyber physical systems–along with an exponentially resultant number of interconnections–present a massive cybersecurity challenge. Unlike the physical security challenge, which was treated in earnest throughout the last decades, cyber-attacks on airports keep coming, but most airport lack essential means to confront such cyber-attacks. These missing means are not technical tools, but rather holistic regulatory directives, technical and process standards, guides, and best practices for airports cybersecurity–even airport cybersecurity concepts and basic definitions are missing in certain cases.

Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity. This last item includes the gaps and challenges in the existing guides, best-practices, standards, and regulation pertaining to airport cybersecurity. Finally, practical solution-seeking processes are proposed, as well as some specific potential frameworks and solutions.