Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Extending the airport boundary: Connecting physical security and cybersecurity
Journal of Airport Management,
12
(3),
236-247
(2018)
Abstract
Airports are more and more dealing with considerable challenges towards effective airport security. The authors introduce a practice about creating a platform for sharing information and knowledge to defend airports against cyber and terror attacks. The threat is shifting from airside to landside, towards public areas. Security should be integrated into the design of the passenger journey, and the security boundary should be extended. This practice not only identifies zones with specific characteristics within the passenger journey but also connects vertical zones to infrastructure outside the airport perimeter. Access control, third-party supply chain and airports being part of a broader business network should not limit security to physical access but also include digital access, including insider threat. This initiative is translating general best practices into solutions against specific risks in determined areas. For cybersecurity as a start, it focuses on the baggage handling system (BHS) being industrial operating machines. Especially this baggage handling is a ‘forgotten’ area for (cyber)security. Airports tend to extend and build on existing equipment and therefore old programmable logic controllers (PLCs) and industrial (digital) equipment designed with an operational focus are still in use and often connected to newly installed machines. Since the main focus within airports is often on other areas, the implementation of European Civil Aviation Conference (ECAC) Std. 3 brings additional risks for BHSs to airports. Creating this (cyber)security information-sharing platform could build a road map for security to be shared with other airports. Implementation of location-based security, through monitoring of communication of surrounding control systems, will input identified specific BHS threats into the platform. After this first assessment of the BHS, the scope and the number of airports or external parties involved could be expanded.
Keywords: airport security strategy; passenger journey; connecting physical and cybersecurity; supply chain and third-party access control; baggage handling systems
The full article is available to subscribers to the journal.
Author's Biography
Bert Willemsen is EVP Security at Scarabee Aviation Group. Bert is consulting airports on security challenges in the field of airside, landside, security and cybersecurity. He is a member of the ACI Europe Aviation Security Committee, and in his role he represents Scarabee on the ACI World Airport Security Standing Committee. He has been involved in several optimisation projects of security checkpoints at airports in Europe. He has a strong view on how to integrate the security process in the design of the passenger journey. He has experience in the field of cybersecurity strategies and cyber risk management. He is experienced in implementing and defining cybersecurity strategies throughout organisations, including airports. Before working at Scarabee, Bert executed several risk and threat analyses initiatives, with crisis management support for critical and sensitive infrastructure outside airports. During his career, he has dealt with in-depth risk analysis of internal and external processes within the supply chain of oil and gas and food and beverage companies.
Menno Cadee has been in the air transportation industry for over 15 years, working for Scarabee Aviation Group. He started his career in software engineering, broadening his knowledge through positions in technical integration of baggage handling systems. He is the senior technical project director responsible for Scarabee’s introduction of new technologies, such as artificial intelligence, in the field of airport operations, physical access, IT and cybersecurity. He gained experience as an IT security expert with penetration testing, vulnerability assessments, security audits, social engineering and advanced persistent threats. He has performed ethical hacking and penetration testing for numerous of companies. During his career, he dealt with several technical challenges to improve mission critical processes and performance of airports.
