The airport professional's source for airport industry news, articles, events, and careers.
Issue link: http://airportbusiness.epubxp.com/i/122648
cyber security Know Your Virtual Vulnerabilities Protecting cyber infrastructure may sound Greek if you're not a cyber geek. Here are 7 simple steps to better cyber protection By Dominic Nessi i t's a sure bet that Michelle Obama and Mel Gibson never expected to see their credit reports posted on a Russian website. And it's unlikely the Chinese government believed itself vulnerable to systematic cyber-espionage. But Obama and Gibson's credit reports did show about the author up online and the Chinese government was indeed a victim of cyber espionage. It appears no one is Dominic Nessi, Certified Information truly safe from cyber Systems Professional attack. While the attacks Dominic Nessi is a certified were not aimed at information systems security professional (CISSP) from U.S. critical infraISC(2) and serves on the s t r u c t u r e — w a t e r, organization's North American power, communicaAdvisory Board. He is also tions and transportathe deputy director/chief tion systems, it is likely information officer at Los that hackers routinely Angeles World Airports found probe these systems at www.LAWA.aero. He may be for weaknesses and reached at dnessi@lawa.org. vulnerabilities. 30 airportbusiness April 2013 There are also a growing number of overseas examples where critical infrastructure has been targeted to underscore that this possibility exists. In 2012, an attack against Saudi Arabia's state-owned oil company, Saudi Aramco, destroyed more than 30,000 computers. Though the hackers attacked Saudi Arabian infrastructure, their message toward the United States was abundantly clear—as each computer was infected a burning American flag illuminated the screen. And, Stuxnet, a computer worm discovered in June 2010, attacked Iran's nuclear facilities by targeting their Siemen software and equipment through Microsoft Windows. While it is not the first time hackers have targeted industrial systems, Stuxnet is the first worm built to spy on industrial systems as well as reprogram them. In the air transport industry (ATI), cyber-attacks in India and South Korea and, closer to home, in Florida, show ATI is not immune to cyber threats. But before airports can become more secure, airport directors need to identify where vulnerabilities lie. The following list is designed to help airport management pinpoint potential trouble spots. This is not an exhaustive list—cyber threats change rapidly, almost daily it seems. Airport administrators will need to review this list annually to add and remove focus areas as necessary. Protect the "Front Door" An airport's communications network is the "front door" to the confidential privacy and financial information it maintains. Your email, stored