Israeli airports fend off 3 million attempted attacks a day, cyber head says
A 24/7 security operation center at Ben Gurion international airport handles cybersecurity threats
Shoshanna Solomon is The Times of Israel's Startups and Business reporter
Israel’s Airports Authority, in charge of the nation’s international and domestic airports and its land border crossings, has to block three million attempts to breach its systems a day, mostly by bots, the head of cyber and information security at the authority, Roee Laufer, said.
In an interview with The Times of Israel and other reporters at the sidelines of a cybersecurity conference in Tel Aviv last month, Laufer said these “external threats” try to breach the “virtual fence” of cybersecurity protections the airports authority has built to protect the workings of the airports and border crossings it operates.
“We have our challenge cut out for us,” was all he said when asked how successful the authority has been in thwarting the attacks.
The Airports Authority set up a cybersecurity division four years ago, and, after that, a security operation center (SOC) at the country’s main airport, Ben Gurion international airport, which handles cybersecurity threats 24/7/365, he said.
The center “detects and responds to potential cyber events,” he said.
The SOC makes Ben Gurion Airport possibly one of the only major international airports in the world that has such a center on its premises, he added. The authority is in charge of the airports and the border crossings, he emphasized, but not of securing the airlines themselves, which remains their own responsibility.
Surge in global travel brings increased digitalization at airports
The Airports Council International, an umbrella organization of airport authorities, predicts that by 2040 there will be 20.9 billion global passengers, up from 8.2 billion in 2017.
Airports thus must digitalize their processes to be able to handle this huge amount of traffic, said Laufer, from the check-in process to how airports interact with aircraft and how they vet passengers as they board.
“IT is at the core of the airport business,” he said. But this, in turn, increases the “attack surface” for cyber incidents at airports.
As the world undergoes digitalization and more institutions and objects become connected to the internet, the risks of a cyberattack surge. The global cybersecurity market is expected to grow from $153 billion in 2018 to $248 billion by 2023, data research firm MarketsandMarkets says in a report. Israel punches above its weight in the cybersecurity field, with the nation receiving 20% of the global share of private cybersecurity investments, second only to the US.
The airline industry is one of the most vulnerable and unprotected markets today, Prime Minister Benjamin Netanyahu warned at a cybersecurity conference in Tel Aviv in January.
“Our airlines can be attacked one hundred ways,” he said. “They can be attacked by ground control interference, they can be attacked by the systems within the plane and the communications. It is in many ways right now the most vulnerable system that we have, but as you know everything today is vulnerable and everything is under attack. Civil aviation is the one area that requires the most immediate cyber defense solution but it is one of hundreds.”
In September, Bristol airport staff in the UK had to go back to working with whiteboards after all of its flight information screens were blacked out over a weekend in a ransomware attack. Hartsfield-Jackson Atlanta International Airport, one of the busiest in the world, shut off its internal Wi-Fi network as a security measure in March last year, as the city of Atlanta’s government network underwent a ransomware attack.
However, introducing new processes and technologies to an industry that has very rigid practices already in place is very hard, explained Israel Airports Authority’s Laufer. “One thing that makes airport and civil aviation safe is strict enforcement of safety and security,” he said. But that also makes it more difficult to innovate, he said.
The airline sector is also unique because there are a variety of parties involved in the business — airports, airlines and aviation industry suppliers — all of whom need to work very closely with one another to make the industry tick. “It is a very interconnected sector,” Laufer said.
To raise the level of cybersecurity in civil aviation as a sector, the effort needs to be sector-wide, he said.
“The chain is only as strong as its weakest link,” Laufer said. Thus, while some parts of the industry may have high levels of cybersecurity measures, if others don’t raise their standards as well, the sector as a whole is vulnerable.
“It has to be a sectorial effort, and currently I’m afraid it’s not,” he said. The matter must be dealt with at a national, government level using the expertise of the civil aviation agencies, he urged.
In November, a group of Israeli cybersecurity firms, along with the Economy and Industry Ministry, set up a new cyber consortium to offer comprehensive, end-to-end cybersecurity solutions for the commercial aviation industry — airports, airlines and aircraft.
The consortium includes Israel Aerospace Industries (IAI), CyberArk, Check Point Software Technologies Ltd., El Al’s Cockpit Innovation hub, Karamba Security and ClearSky — a combination of veteran cybersecurity and aerospace firms that already offer “a broad range of aviation, security, intelligence and cyber solutions for the global market” alongside “young startups with cutting edge cyber products and technologies,” the consortium said in a statement at the time.