The airport professional's source for airport industry news, articles, events, and careers.
Issue link: http://airportbusiness.epubxp.com/i/122648
cyber security documents, badge information, financial transactions, personnel records all traverse a communications link that you, as an airport manager, probably consider incomprehensible. While you may never understand it from a technical perspective, you can and should ask your IT team the following questions (and expect answers in non-technical language): • Do we have layered security? This is fundamental. Network security is not just about running anti-virus software on every PC. It's all-inclusive. This means that from your desktop to the Internet, you have protection. A good follow-up question is whether or not your IT team has had an external entity perform "penetration testing." In the air transport industry (ATI), cyber-attacks in India and South Korea and, closer to home, in Florida, show ATI is not immune to cyber threats. • Have we invested in unified threat management devices (UTMs)? UTMs are an integral part of a layered security solution and include firewalls, content filtering, VPN (virtual private networks), and intrusion detection technologies. • Have we secured all of our network "endpoints"? An endpoint is anything that can attach to your network, whether it's a server or a USB drive. Pay particular attention to those small portable devices; like USB drives that are distributed by the hundreds at every airport convention. They can be carriers of threats when improperly handled. • Have we properly "patched" our network? There are a number of routine network "housekeeping" tasks that should be part of your everyday security routine. Keeping all of your software updated is one. This not only includes Windows updates and patches for servers and clients, but applications and firmware upgrades on routers and switches. Many of these updates contain security fixes and patches. and easy to use guide, (ACRP Research Digest 11), was developed by Barich Inc. and commissioned by the Transportation Research Board (TRB). It can be found online a t : w w w. n a p . e d u / c a t a l o g . php?record_id=14436 Cover Your Communications Secure Your Transactions Closely linked to your network is the security of credit card information. It requires special consideration as a breach in this area could cost an airport millions of dollars. There are three critical questions the airport director should ask its IT team: • Are we storing credit card information in any airport systems? • Does any credit card information go through our network? • If the answer to either question is "Yes," then ask: Are we PCI compliant? The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements designed to protect and secure credit cardholder data. It was developed by a consortium of financial institutions, including American Express, Discover Financial Services, JCB International, MasterCard and Visa. The objective of PCIDSS is to establish a global standard for data security on credit card transactions. It includes standards for security management, policies, procedures, network architecture, software design, and other protective measures. An excellent Has the IT team reviewed every aspect of the airport's communications services from a cyber-security aspect? Everything from free passenger WiFi to network services provided to airline maintenance shops carries potential risk. A growing number of hot-spot users are suing service providers after being hacked. And, with the increasing presence of e-enabled aircraft, airlines must be assured these networks are well-protected. Defend Your Databases Every airport maintains a variety of enterprise databases storing personal information, including that of airport employees and airport community badge data. Ask the IT team if they have implemented additional security measures for those specific applications. Of particular concern would be any employee medical records that fall under the purview of the Health Insurance Portability April 2013 www.AviationPros.com 31