Don't miss our holiday offer - up to 50% OFF!

Explore Shop

Collaboration is key to effective airport cybersecurity 

The aviation industry is increasingly digitalizing operations, which increases the risk and possible damage from cyberattacks. 

(Courtesy/Canva)

Airports represent 64% of the cyberattacks targeting the aviation industry, according to the Aug. 13 webinar “Airport Cybersecurity: Protecting Critical Infrastructure,” presented by Airports Council International (ACI) World.  

The global average cost of a data breach in the aviation industry increased to $4.4 million in 2024 from $4.2 million in 2023, according to data from IBM. 

“The digital age has transformed the way airports operate, with advanced technology systems becoming essential for their efficient function,” Danny Boutin, senior director of airport assessments and services at ACI World, said in the webinar. “However, this increased reliance on technology and interconnected networks has also made airports vulnerable to cyberthreats.” 

ACI World passed a resolution at its 33rd annual General Assembly on May 22 that affirms the organization’s commitment to addressing cyberattacks in aviation by: 

Increasing awareness of threats; 
Promoting cybersecurity skills development and training; 
Evaluating threat risk and exposure; 
Using existing international standards and frameworks to enhance cybersecurity; and 
Encouraging collaboration among airports and stakeholders. 

“The resolution denotes that the aviation industry is experiencing a rise in cyberattacks that are becoming more complex and widespread, often targeting sensitive and confidential customer information and critical operating systems, leading to [increased and] unprecedented services disruption,” Nicholas Ratledge, senior manager of security, safety and operations at ACI, said in the webinar. 
Collaboration 
Effective cybersecurity requires collaboration at each level of an organization, between the organization and its stakeholders, and among sectors, according to Santiago Andrade, information technology and telecommunication director at Ecuador’s Quito International Airport (UIO). 

Collaboration among departments and management levels in an organization is vital since a cyberattack often creates a domino effect that will affect many departments, Andrade said. 

“The domino effect … concept is widely applicable across various fields, especially in a field as interconnected as aviation, where a cyber incident can trigger this chain reaction,” Andrade said in the webinar.  

The domino effect goes hand in hand with “the concept of systemic risk, which refers to the risk of the collapse of the entire system due to the failure of a single entity,” he said.  

This domino effect was recently seen with the CrowdStrike outage that affected airlines, airports, banks and more globally last month. 

“Silo mentality is, for me, one of the biggest vulnerabilities in the aviation industry.” — Santiago Andrade, information and technology director at Quito International Airport 

ACI’s Ratledge supports the creation of a platform to foster collaboration within the aviation sector. 

ACI “members are also asked to evaluate and potentially implement an information sharing and collaboration platform with other member airports and stakeholders to work together in identifying [and] assessing these different threats,” he said. 

Andrade also stressed the importance of collaboration across sectors, with airports turning to organizations in other industries that have successfully implemented cybersecurity systems and protocols to gather feedback, advice and tools. 

“It’s important to think outside the box, approach other sectors that have made significant advancement in this area, and learn from them,” he said. 
Next steps 
“A cyber incident is going to happen — that’s almost inevitable,” Andrade said. “The challenge lies in developing actions that can slow and … reduce or mitigate impact.” 

ACI offers cybersecurity handbooks and guidelines, is updating its training module and will release a cybersecurity tabletop exercise report later this year. 

ACI also offers a cybersecurity Airport Excellence Program (APEX), in which independent assessors evaluate an airport’s cybersecurity, identify vulnerabilities and priorities, and create a plan to implement change. 

“We look at mentoring, training and best-practice engagements from other people in other airports,” APEX Cybersecurity Team Leader John McCarthy said in the webinar. “[They] come in and discuss the challenges and opportunities and hurdles that you face in relation to cybersecurity.  

“Critically and most importantly, this is not an audit,” he said. “There’s nothing about passing or failing. It’s about identifying the challenges and problems that you have and then working out a road map that will allow you, as an airport, to be able to strengthen your cybersecurity posture.” 

Collaboration is key to effective airport cybersecurity 

The aviation industry is increasingly digitalizing operations, which increases the risk and possible damage from cyberattacks. 

(Courtesy/Canva)

Airports represent 64% of the cyberattacks targeting the aviation industry, according to the Aug. 13 webinar “Airport Cybersecurity: Protecting Critical Infrastructure,” presented by Airports Council International (ACI) World.  

The global average cost of a data breach in the aviation industry increased to $4.4 million in 2024 from $4.2 million in 2023, according to data from IBM. 

“The digital age has transformed the way airports operate, with advanced technology systems becoming essential for their efficient function,” Danny Boutin, senior director of airport assessments and services at ACI World, said in the webinar. “However, this increased reliance on technology and interconnected networks has also made airports vulnerable to cyberthreats.” 

ACI World passed a resolution at its 33rd annual General Assembly on May 22 that affirms the organization’s commitment to addressing cyberattacks in aviation by: 

Increasing awareness of threats; 
Promoting cybersecurity skills development and training; 
Evaluating threat risk and exposure; 
Using existing international standards and frameworks to enhance cybersecurity; and 
Encouraging collaboration among airports and stakeholders. 

“The resolution denotes that the aviation industry is experiencing a rise in cyberattacks that are becoming more complex and widespread, often targeting sensitive and confidential customer information and critical operating systems, leading to [increased and] unprecedented services disruption,” Nicholas Ratledge, senior manager of security, safety and operations at ACI, said in the webinar. 
Collaboration 
Effective cybersecurity requires collaboration at each level of an organization, between the organization and its stakeholders, and among sectors, according to Santiago Andrade, information technology and telecommunication director at Ecuador’s Quito International Airport (UIO). 

Collaboration among departments and management levels in an organization is vital since a cyberattack often creates a domino effect that will affect many departments, Andrade said. 

“The domino effect … concept is widely applicable across various fields, especially in a field as interconnected as aviation, where a cyber incident can trigger this chain reaction,” Andrade said in the webinar.  

The domino effect goes hand in hand with “the concept of systemic risk, which refers to the risk of the collapse of the entire system due to the failure of a single entity,” he said.  

This domino effect was recently seen with the CrowdStrike outage that affected airlines, airports, banks and more globally last month. 

“Silo mentality is, for me, one of the biggest vulnerabilities in the aviation industry.” — Santiago Andrade, information and technology director at Quito International Airport 

ACI’s Ratledge supports the creation of a platform to foster collaboration within the aviation sector. 

ACI “members are also asked to evaluate and potentially implement an information sharing and collaboration platform with other member airports and stakeholders to work together in identifying [and] assessing these different threats,” he said. 

Andrade also stressed the importance of collaboration across sectors, with airports turning to organizations in other industries that have successfully implemented cybersecurity systems and protocols to gather feedback, advice and tools. 

“It’s important to think outside the box, approach other sectors that have made significant advancement in this area, and learn from them,” he said. 
Next steps 
“A cyber incident is going to happen — that’s almost inevitable,” Andrade said. “The challenge lies in developing actions that can slow and … reduce or mitigate impact.” 

ACI offers cybersecurity handbooks and guidelines, is updating its training module and will release a cybersecurity tabletop exercise report later this year. 

ACI also offers a cybersecurity Airport Excellence Program (APEX), in which independent assessors evaluate an airport’s cybersecurity, identify vulnerabilities and priorities, and create a plan to implement change. 

“We look at mentoring, training and best-practice engagements from other people in other airports,” APEX Cybersecurity Team Leader John McCarthy said in the webinar. “[They] come in and discuss the challenges and opportunities and hurdles that you face in relation to cybersecurity.  

“Critically and most importantly, this is not an audit,” he said. “There’s nothing about passing or failing. It’s about identifying the challenges and problems that you have and then working out a road map that will allow you, as an airport, to be able to strengthen your cybersecurity posture.”