Up in the air
The COVID-19 pandemic slowed down, and in some cases stopped, global travel. Travel limitations led to multiple airports across the globe to almost entirely shut down. With a focus on the pandemic and changing flight regulations, coupled with less staff present at airports, airport cyber security took a back seat. This reality could have long term safety repercussions.
Airports are part of a nation’s critical infrastructure. As such, they are constant targets for criminals, terrorists, hacktivists, and rival nations. Moreover, airports provide an access point to the state, allowing for travelers and goods to come in and out. Some states do not even have a coastline, making it impossible to engage with the rest of the world without an airport infrastructure.
Not only are they of critical importance to a nation state, but airport also collect and store data of tens of millions of passengers and organizations every year. Such data includes personal identifiable information (PII) like payment information, personal information, biometrics, and more.
Like all other industries, airports are relying more and more on technology, including the Internet of Things. This is necessary for customers’ experience as technology improves productivity and ensures a more efficient process.
There are numerous airport cyber security threats, from social engineering and internal abusers to ransomware and hardware-based attacks. With such a vast infrastructure, various aspects of an airport are at risk of being targeted by a malicious actor. In 2020, San Francisco International Airport suffered an attack on two of its websites, while Albany Airport was infected with malware via an attack on one of its contractors. These two examples highlight just some of the airport cyber security threats.
Catch me if you can
The more devices present in an environment, the more access points to the network. Airports are no exception, and countless devices are operating within the infrastructure, all of which provide network access.
There are generally two ways to access an enterprise’s network. The first is the classic hack, whether through phishing, brute force, or lack of care on behalf of the staff. The second is the sneakier one; hardware-based attacks. A bad actor could plug a malicious USB key – spoofed as a legitimate device – into any of the airport’s devices either to carry out an attack or to use it to open a backdoor. In the first case, the device is the target. In the second case, the perpetrator creates an access point for a later attack.
The second case might go undetected for months as the attacker may not conduct any offensive action but rather just explore and map out the network infrastructure. This is extremely dangerous as network information can get used to modify the design of the attack to ensure maximum damage.
Now you see me, now you don’t
There are various IoTs operating at airports, including printers, security cameras, access control scanners, and more. Such devices, being internet-connected, are thus susceptible to cyberattacks and contribute to airport cyber security threats. Modern-day x-ray machines are, too, internet-connected and can be targeted in an attack. If an attacker gains control of an x-ray machine, they might make sure that drugs stacked inside a suitcase will go unnoticed. In fact, a malicious actor can instruct the machine not to raise alerts for suspicious objects or reproduce an older image as the luggage moves through.
Drugs are certainly a major issue, but guns and bombs are even a bigger one. An attack like the one depicted could allow a well-organized terror organization, like the Islamic State or Al-Qaeda, to conduct a new 9/11.
The network infrastructure means attackers do not have to target x-ray machines directly, which are typically under constant supervision. As it is an internet-connected device, the x-ray machine can get accessed through lateral movement. So, attackers simply need to connect their malicious USB to the most accessible device in the infrastructure.
While this scenario might seem catastrophic, it is not farfetched at all. What can one do to protect them? Is there even a solution to this problem? Is there a way to protect from physical cyber-attacks? The answer is: yes, yes, and yes.
It’s a bird… a plane… it’s HAC-1!:
Sepio’s HAC-1 solution is capable of identifying spoofed USB devices and network implants. The HAC-1 solution uses Layer 1 information to calculate a digital fingerprint of all IT, IoT, and OT assets, meaning every device gets identified as what it truly is. Additionally, the comprehensive policy enforcement mechanism of the HAC-1 solution, combined with its Rogue Device Mitigation capability, means that any unapproved or rogue hardware is blocked instantly, preventing any lateral movement. Lastly, Sepio’s technology enables data protection at an unprecedented level thanks to complete device visibility; existing solutions are put to better use, and Zero Trust Hardware Access get achieved. With HAC-1’s Layer 1 visibility, x-ray machines will truly have x-ray vision, and airport cyber security threats are reduced.